$0 USD





bZx is "[t]he most powerful open finance protocol". You can use it to "[b]uild applications that empower lenders, borrowers, and traders with the most flexible decentralized finance protocol on Ethereum." "Fulcrum is a project built by the bZx team on top of bZx itself. One feature of Fulcrum is the ability to take a loan on an iToken (read more about that here) using any* other token as collateral. In order to determine how much collateral is needed, bZx uses the Kyber Network as an on-chain decentralized oracle to check the conversion rate between the collateral token and the loan token."


"KyberNetwork [is] an on-chain protocol which allows instant exchange and conversion of digital assets (e.g. crypto tokens) and cryptocurrencies (e.g. Ether, Bitcoin, ZCash) with high liquidity. KyberNetwork [aimed to] be the first system that implements several ideal operating properties of an exchange including trustless, decentralized execution, instant trade and high liquidity." "KyberNetwork exchange rates are visible to other smart contracts. Hence, it enables the implementation of advanced financial instruments such as swap contracts. The quotes provided by KyberNetwork are secure as they reflect the real rates which are being used to trade between pairs of tokens."


"On Tuesday September 3rd, samczun, [then known as] the security researcher who found the critical bug in 0x, alerted [bZx] to an exploit leveraging [their] implementation of Kyber’s price feeds." "This was an attack vector that both ourselves and our auditors did not detect."


"The premise of the attack involved manipulating the price feed with a sandwich attack at the time of taking out the loan." The attacker can "significantly affect the apparent exchange rate between WAX and ETH simply by listing an order, which means that we can trick any project which relies on Kyber to provide an accurate FMV." We can "turn a profit of approximately 1200ETH by (1) Listing an order buying 1 WAX for 10 ETH, increasing the price from 0.00ETH/WAX to 10ETH/WAX. (2) Borrowing DAI from bZx using WAX as a collateral. (3) Cancelling all orders and converting all assets to ETH."


"[T]he exploit exists and has never been used. The exploit was immediately patched." "The bZx team blocked this attack by whitelisting tokens which can be used as collateral." "We are thankful to members of the community like samczun for strengthening the security of the ecosystem."

The original bZx exchange platform contained a vulnerability which would allow an attacker to manipulate prices, which could have been used to steal platform assets.


The vulnerability was fixed before it was able to be exploited.


There were no user funds lost in this case.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.