DeFi security issues have once again attracted attention: YFI protocol suffers a flash loan attack

At the beginning of 2021, the former DeFi king Yearn Finance protocol suffered a flash loan attack, resulting in losses of up to ten million dollars. This incident once again raised concerns in the industry about DeFi security issues.

According to an analysis by a security company, the attacker exploited a vulnerability in the DAI strategy pool of the YFI protocol. The attacker borrowed a large amount of funds through Flash Loans, manipulated the asset ratio of the Curve liquidity pool, and then used the deposit and withdrawal mechanism of the YFI protocol for arbitrage, ultimately resulting in significant losses for YFI.

This attack exposed the vulnerabilities in the price mechanism design of DeFi protocols. The combination between YFI and Curve uses LP shares to determine the price, and this mechanism is easily manipulable. Essentially, this is a price manipulation issue, rather than an issue with Flash Loans themselves.

Currently, many DeFi protocols are too focused on speed and efficiency, neglecting the essence of blockchain. Unlike Bitcoin, which ensures security through global verification, many DeFi projects use simple pricing mechanisms and lack effective validation. This contradicts the decentralized and trustworthy nature of blockchain.

To fundamentally solve the security issues in DeFi, we need to return to the essence of blockchain and establish a permissionless, verifiable pricing mechanism. Only by adhering to the spirit of decentralization and generating on-chain prices through multi-party games can we truly improve the security of DeFi. As the industry scales up, DeFi projects should place greater emphasis on security issues rather than blindly pursuing efficiency and innovation.