This article was first published on Chainlink
DeFi protocols are growing in the amount of on-chain value they secure, and as a result malicious adversaries are more financially incentivized to exploit any potential attack vectors. As warned about in our blogpost earlier this year The Importance of Data Quality for DeFi Smart Contracts, the largest vulnerability in DeFi are protocols reliant on price oracles with poor data quality, such as on-chain price oracles generated by AMM-based DEXs. These single source price oracles are increasingly being manipulated by flash loans due to their lower volume and/or lack of market coverage, with the DeFi protocols relying on them getting their smart contracts exploited, ultimately resulting in a loss of user funds.
While AMM-based DEXs have brought great value to the space as trading environments with instant access to liquidity, they absolutely are not designed to be a reliable oracle mechanism responsible for securing millions to billions of dollars for users. The very nature of AMMs create moments where there are strong distortions in the value of the asset reserves held in a pool, thus generating the arbitrage opportunities recently exploited by flash loan attacks.
While Curve is a valuable AMM-based DEX, a recent flash loan exploit has further demonstrated that it should not be used as a price oracle by other DeFi protocols, even to price Curve LP tokens against other on-chain assets when used as collateral. Instead, we encourage all DeFi protocols needing to price Curve LP tokens in stablecoins or cryptocurrencies to use Chainlink Price Feeds, which have been purpose built to avoid these attack vectors as proven by the many DeFi applications using Chainlink Price Feeds to secure billions of dollars and remaining unaffected.
To keep reading, please go to the original article at: