DeFi protocol vulnerabilities come not only from code defects or attacks, but also from economic factors such as market volatility, governance manipulation, and liquidity crises. Traditional technical (code) audits focus on whether the code is running as expected, but usually fail to consider the impact of economic conditions such as market pressure or manipulation on the stability of the protocol.
Technical (code) audits aim to ensure that the code is running as expected and there are no exploitable vulnerabilities or defects. However, the scope of technical audits is usually limited to an independent review of the protocol itself, and fails to consider the broader economic environment or the interdependencies between protocols.
What is an economic audit?
Economic audits are a security practice that goes beyond the scope of technical audits. Technical audits usually focus on discovering code vulnerabilities or defects, while economic audits evaluate the performance of protocols under various economic scenarios by simulating real market conditions and stress testing.
Economic audits focus on understanding the economic interactions within DeFi protocols and how external factors such as market volatility, liquidity crises, and governance manipulation can exploit vulnerabilities in the protocol.
One of the keys to economic audits is to simulate market conditions, such as sharp price swings, changes in liquidity, or changes in user behavior. Another key link is to review the governance structure of DeFi protocols. Governance-related vulnerabilities could allow malicious actors to control the protocol by manipulating the voting system, as occurred in the Beanstalk incident.
In addition, economic audits evaluate the incentive mechanisms in the protocol to ensure that they promote healthy participation and prevent malicious behavior. For example, poorly designed incentives could encourage attacks or opportunistic behavior, undermining the stability of the protocol. Economic audits also analyze the ripple effects that could occur when a protocol or token is attacked, especially in the highly interconnected DeFi ecosystem where such ripple effects could have serious consequences. These audits aim to predict the ripple effects that a single attack could have across multiple protocols, similar to how a financial crisis in traditional financial markets spreads from one industry to another. The highly interconnected nature of DeFi makes such ripple effects particularly dangerous, as the failure of one protocol could severely impact the liquidity, pricing, and governance of other protocols. Finally, economic audits assess whether the risk parameters in the protocol are well calibrated to handle potential stress or manipulation. Economic audit can help protocols identify and mitigate economic vulnerabilities that technical audits cannot find in advance, thereby providing a more comprehensive security framework for the DeFi ecosystem.
Technical Audit vs. Economic Audit
While both types of audits are critical, they have different focuses and cannot replace each other.
Simple indivisible atomic operations vs.Complex operations that rely on external factors
Technical audit:Focus on ensuring that the code performs atomic operations, that is, the operation is either fully executed or fails completely, minimizing the risk of attacks that may be caused by partial execution failure. Technical audits check the specific code logic to ensure that it runs as expected and has no vulnerabilities or defects.
Economic audit:Economic audit goes beyond the scope of atomic operations and focuses on the broader economic environment, in which complex operations exist. Such operations rely on factors external to the protocol, such as external liquidity, market prices, or governance decisions. Economic audits simulate these conditions to assess how external factors might cause vulnerabilities or risks to the protocol.
Code Vulnerabilities vs. Exploitability
Technical Audits:Aim to identify specific vulnerabilities in the code that could be exploited by an attacker. For example, if a function is not properly secured, a hacker could use it to steal funds or tamper with key parameters of the protocol.
Economic Audits:Unlike technical audits, which focus on code vulnerabilities, economic audits focus on how broader economic conditions expose the protocol to attack risks. For example, governance mechanisms that present economic risks could result in hostile takeovers or market manipulation events that could have serious repercussions for the protocol.
Audit Scope (Internal/External to the Protocol)
Technical Audit:The scope of a technical audit is usually defined by the protocol itself. It focuses on reviewing the codebase, identifying technical vulnerabilities, and ensuring that the protocol operates as intended from a purely functional perspective.
Economic Audit:Economic audits are broader in scope and focus not only on the internal logic of the protocol, but also analyze its interactions with the broader DeFi ecosystem, including external factors such as market conditions, liquidity, token interdependencies, and governance structure. This wider scope provides a more comprehensive risk analysis, which is particularly important in the dynamic and interconnected DeFi ecosystem.
Vulnerability Exploitation in Different Scenarios
Technical Audit:Mainly to ensure that the code itself does not have specific vulnerabilities, such as repeated call vulnerabilities or integer calculation errors. Once the technical audit is completed, the code is considered safe in a controlled environment.
Economic Audit:In contrast, economic audits evaluate the performance of the protocol in real-world scenarios where external economic pressures (such as price manipulation or governance attacks) may expose vulnerabilities in the protocol. Economic audits simulate real economic conditions to ensure that the protocol remains secure even under the influence of these external factors.
Differences in audit scope
Economic audit:It has a wider scope and takes into account external influencing factors such as market dependencies, governance structure, and liquidity tensions. Economic audits assess how the protocol interacts with the broader DeFi ecosystem and analyzes whether the protocol can withstand economic pressure.
Technical audits and economic audits complement each other and are indispensable to build a complete security system.
Critical vulnerabilities not covered by technical audits
Technical audits cannot address some vulnerabilities caused by external economic factors, dependencies, and interactions with other protocols, which need to be identified and mitigated through economic audits. Token correlation and chain reactions Token correlation is a significant source of risk in DeFi, where tokens from different protocols may depend on each other. For example, when the price of a protocol’s token plummets, it may trigger a chain reaction across multiple platforms. Technical audits typically do not assess the chain reactions that may occur when the tokens in a protocol are affected by external economic conditions, such as a market downturn or attacks on other protocols. In contrast, economic audits analyze how a protocol responds to such events by simulating these scenarios. For example, the Terra Luna crash, where its stablecoin depegging triggered widespread disruptions across the DeFi ecosystem.
Oracle Dependence and Price Manipulation
Many DeFi protocols rely on oracles to obtain external data, such as token prices or interest rates. However, this reliance brings a common vulnerability: if the oracle is compromised, or the data it provides is inaccurate or manipulated, the protocol may be at great risk.
Price manipulation attacks are a typical form of economic attack in which the attacker manipulates the token price provided by the oracle to profit, such as taking advantage of arbitrage opportunities or forced liquidations.
Technical audits typically only ensure that the code can interact with the oracle correctly, but do not assess the risk of price manipulation at the oracle level, which can have a devastating impact on the protocol.
Governance Attacks
Governance vulnerabilities are another major risk in DeFi protocols, especially in systems where voting power is tied to token holdings. Attackers can exploit governance mechanisms to take over protocols and propose malicious proposals or steal funds, as shown in the Beanstalk vulnerability incident. In this incident, the attacker temporarily borrowed a large number of tokens through flash loans, controlled 79% of voting power, and then pushed malicious proposals and stole $181 million.
Technical audits often ignore governance structures and focus on examining smart contract code. However, economic audits analyze potential vulnerabilities in governance systems, especially temporary increases in voting power through means such as flash loans, which are usually difficult for technical audits to detect.
Liquidity Crisis and Protocol Pressure
Liquidity crisis is a major hidden danger in DeFi protocols. When the liquidity of a protocol suddenly drops, it may trigger price slippage, forced liquidation, or collateral shortage, which may lead to a vicious cycle in the system and put pressure on the entire protocol. Liquidity crises can be triggered by a variety of factors, such as market declines, increased token volatility, or large withdrawals.
Technical audits ensure that smart contracts operate correctly under normal conditions, but they do not simulate stress scenarios with low liquidity, in which the protocol may become vulnerable to attacks or behave unexpectedly. In contrast, economic audits simulate these stress conditions, evaluate how the protocol responds to tight liquidity conditions, and verify whether the protocol has mechanisms to respond to or recover from such crises.
Typical economic attack cases
These cases show in detail how attackers exploit economic weaknesses in the design and structure of the DeFi protocol, rather than code vulnerabilities, to launch attacks.
Case 1: Mango Market Attack
Date: October 2022Attack method: Price manipulationAmount of loss: US$116 million
In this vulnerability, the attacker manipulated the price of the Mango token ($MNGO), resulting in price differences across multiple exchanges, thereby triggering a large-scale forced liquidation, and ultimately depleting the protocol's funds. The attack process is as follows:
Initial setup:The attacker used two wallets, each holding $5 million in USDC, to launch the attack. Wallet 1 issued a large sell order for $483 million worth of MANGO tokens at a low price of $0.0382.
Price Manipulation:Wallet 2 was then used to buy all of the MANGO tokens sold by Wallet 1 at this low price. The attacker then began to aggressively purchase MANGO tokens on multiple exchanges, including Mango Markets, AscendEX, and FTX, driving the price up from $0.0382 to $0.91, a significant increase in a short period of time.
Exploiting the Price Pump:This sudden price surge caused a large number of short positions to be liquidated as the price of the MANGO token broke through the value of the short sellers’ collateral. As a result, the attacker profited from the price increase, while the price of the MANGO token subsequently fell to $0.0259.
Results:The attack caused a significant loss of liquidity in Mango Market, with more than 4,000 short positions being liquidated, further undermining the stability of the protocol. This economic attack did not rely on technical vulnerabilities, but rather took advantage of cross-platform price manipulation, which shows that economic audits can prevent or mitigate the impact of attacks by simulating price manipulation scenarios.
Case 2: Beanstalk Attack
Date: April 2022Attack Method: Governance ManipulationAmount of Loss: USD 181 million
Beanstalk The attack involved the attacker taking control of the governance system, thereby pushing malicious proposals. The attack highlights how governance vulnerabilities, if not managed properly, can be as damaging as technical flaws. The key steps of the attack are as follows: 1. Governance Vulnerability Attack: The attacker proposed two proposals to transfer tokens from the Beanstalk treasury to their personal wallets. These proposals were disguised as legitimate governance changes. Beanstalk's governance system requires an emergency proposal vote (emergencyCommit), which can be approved if a proposal is approved by two-thirds of the votes. 2. Flash Loan Attack: The attacker temporarily borrowed a large number of Beanstalk tokens through a flash loan, enough to control 79% of the voting power. After achieving a supermajority, the attacker was able to push these proposals through and execute a fund transfer, moving tokens from the Beanstalk treasury to their personal wallet.
Results: This successful governance attack caused the BEAN token to depeg and lose 75% of its price, severely impacting the stability of the protocol. The total loss from the attack was $181 million. This situation could have been mitigated to some extent if an economic audit had been conducted to simulate the risks associated with governance. Economic audits can identify the risk of governance manipulation, especially the possibility of temporarily gaining voting control through flash loans, which is a scenario that is often overlooked in traditional technical audits.
These two cases highlight the necessary role of economic audits to complement technical audits and ensure that protocols are resilient to attacks based on price manipulation and governance vulnerabilities, two areas that are often under-examined in traditional security assessments.
Case 3:Terra Luna Stablecoin Depegging Event
The collapse of the Terra Luna ecosystem is a notable example of a protocol failure caused by economic factors rather than technical vulnerabilities. This incident is often seen as a classic example of economic management errors, showing how the loss of control in one aspect can trigger a chain reaction of the entire DeFi ecosystem.
Terra’s stablecoin, UST, is algorithmically pegged to the U.S. dollar, relying on its relationship with the Luna token to maintain price stability. The idea is that UST can always be exchanged for Luna at a certain ratio, thereby maintaining price stability. However, this system is highly dependent on market confidence and liquidity, both of which began to break down as external economic pressures intensified.
In May 2022, a major market event caused UST to depeg and its price fell below $1. This triggered a “death spiral” effect, with UST holders rushing to exchange their tokens for Luna, which rapidly diluted Luna’s supply and caused its price to plummet. As UST’s depegment continued to worsen, a feedback loop was formed, causing the prices of both UST and Luna to collapse, ultimately making the protocol unable to recover.
The Terra Luna collapse had widespread impacts on the DeFi ecosystem. As many protocols were highly interconnected with Terra through liquidity pools, lending platforms, and staking services, this event triggered a liquidity crisis that led to a large number of liquidations and fund losses in other protocols due to indirect exposure to Terra.
The collapse was not due to any specific code vulnerability or technical flaw, but rather to economic mismanagement - relying on algorithmic stablecoins without sufficient reserves or protection mechanisms to cope with market fluctuations. This vulnerability could not be discovered by a technical audit because the problem was rooted in the economic model of the protocol, which also highlights the need for economic audits, which can simulate unpegging scenarios and liquidity crises to identify such risks.
The Terra Luna collapse shows how the failure of one protocol can trigger a chain reaction throughout the DeFi ecosystem, highlighting the importance of evaluating inter-protocol dependencies during the audit process. The collapse stemmed from an unsustainable economic model (algorithmic stablecoins) that was not prepared to handle extreme market conditions. Economic audits can reveal the fragility of protocols by simulating these extreme situations.
The lack of sufficient reserves and the failure to account for extreme market volatility were key reasons for the collapse of Terra Luna, highlighting the importance of testing for such risks in economic audits.
This case highlights that no matter how technically sound a protocol’s code is, it is still vulnerable to economic collapse if the economic model is not adequately stress-tested and the market environment is considered.
Layered Architecture of DeFi Protocols
DeFi protocols are typically composed of multiple layers, each of which plays a specific role in the overall functionality of the protocol. These layers typically include: 1. Core Protocol Layer: This is the foundation of the protocol and contains smart contracts that define the protocol's operations, such as lending, staking, or trading. Technical audits typically focus on this layer, ensuring that smart contracts perform as expected and that there are no vulnerabilities or programming errors. 2. Oracle Layer: DeFi protocols typically rely on oracles to obtain real-time data from external sources such as price data, interest rates, etc. This layer is critical to the proper functioning of the protocol, as incorrect data can lead to incorrect prices, insufficient collateral, or other risks. Economic audits examine the protocol's reliance on oracles and the potential risk of oracle manipulation, which is typically not fully covered by technical audits. 3. Governance Layer: Many DeFi protocols use a decentralized governance structure to determine key changes to the protocol. The governance layer involves aspects such as voting, token-based decision-making, and protocol changes. Economic audits analyze vulnerabilities in the governance structure, such as voting power manipulation or flash loan attacks, where attackers temporarily gain a large number of voting power to influence protocol decisions. 4. Liquidity Layer: The liquidity layer ensures that the protocol has sufficient liquidity to ensure the normal operation of the protocol. In a lending or trading protocol, the liquidity layer determines whether users can access funds or execute transactions. Economic audits simulate liquidity stress scenarios to test how the protocol performs in the absence of liquidity, such as large-scale withdrawals or sudden market declines.
Economic risks in layered architecture
In the layered architecture of DeFi protocols, the interactions between layers may introduce some economic risks that are not usually covered by traditional technical audits.
1. Dependencies between protocols:Many DeFi protocols are interdependent and rely on other protocols to provide liquidity, collateral, or data. For example, a lending protocol may rely on an external stablecoin as collateral. If the stablecoin collapses or loses its peg to the fiat currency, the lending protocol may be undercollateralized, leading to large-scale liquidations. 2. Chain reactions between protocols: An attacker can attack one layer and then use the interrelationships between protocols to affect other layers, causing more extensive losses. For example, an attacker may manipulate the price of an asset in one protocol (through an oracle) to affect lending, trading, or collateral operations in other protocols. 3. Liquidity crisis: A layered architecture also introduces the risk of a liquidity crisis, where the liquidity of one layer depends on another layer. The sudden withdrawal of liquidity from the liquidity pool may affect the normal operation of the protocol, causing cascading failures throughout the protocol and affecting the normal functioning of other layers.
The interconnectedness of DeFi protocols means that risks tend to propagate across multiple layers. A vulnerability in one layer (such as the oracle or governance layer) can trigger a chain reaction that leads to the failure of other layers (such as the liquidity layer or core operations layer). Technical audits focus primarily on the core protocol to ensure that smart contracts execute as expected, but they cannot simulate the systemic risks introduced by the interactions between these layers.
The layered architecture of DeFi protocols introduces complex economic risks that cannot be fully captured by technical audits alone. Economic audits provide a critical assessment of the interactions between different layers, analyzing how they are exploited or stressed under real-world conditions, thereby helping to identify potential risk points.
Conclusion
Technical audits alone are not enough to protect DeFi protocols from broader economic risks. Economic audits simulate real-world market conditions and conduct stress tests to assess the resilience of protocols to price manipulation, liquidity crises, and governance vulnerabilities. The DeFi industry must pay attention to economic risk management to protect protocols from systemic threats. Currently, the economic audit market is not fully developed, which provides a huge opportunity for companies focusing on this field. Future DeFi security will require a combination of technical and economic audits to ensure that protocols are resilient to broader vulnerability risks.