Curve Finance Sandwich Attack
- An Attacker Bot is sandwiching Curve Finance Stablecoin trades with $100M+ Swaps to get leverage.
Below is a quick overview of this Project.
Curve Finance is a DEX that is creating a deep on-chain liquidity using advanced bonding curves.
Here is the first example where they’re sandwiching someone with $145M of DAI. Below is the screenshot of the bot’s transaction. Here is the link to the bot’s transaction: https://etherscan.io/tx/0xada54289d2a5556b2aa8f6ca26317a0649397fff8babd7a5bb6f6270815c8a8e
What is the Strategy Used by the Bot?
Firstly, the bot deposits ~$5M of its own capital to AAVE Protocol. Below is the screenshot of the same transaction.
Secondly, it takes a Flashloan out of Balancer worth $260M of WETH, and it deposits that WETH in Aave. Then, it takes out a loan of $145M DAI, which is sent to its own account.
Thirdly, it swaps $145M DAI for ~$144.5M USDC, which pushes the price of USDC on Curve Finance. Then, it deposits that USDC into MakerDAO and uses it to mint $144.5M DAI. Then, it returns $144.5M DAI to Aave, which partially repays its debt. Then, it withdraws enough ETH to repay its Balancer Flashloan.
At the end of this transaction, the bot has an AAVE debt of $145M – 144.5M = $500K. Then, it uses borrowed capital to move the price of the Curve pool, but this results in price slippage, and it can’t repay its loan completely. That’s why it needs to post its own collateral at the start. The bot could do this effectively and get massive leverage on the collateral they posted to AAVE. It only needed enough collateral to cover the slippage of the trade it was making.
We would like to credit @bertcmiller for this information.
Also Read: Cloudflare saves Crypto Platform from a Record DDoS Invasion