Securing A Derivatives Platform With Over $25b Volume - Kyle Riley

No video

Securing A Derivatives Platform With Over $25b Volume - Kyle Riley | BSides Cape Town 2023

Рет қаралды 183

Күн бұрын

How would you approach exploiting a derivatives market? We’ll explore how we secured a perpetuals market averaging north of $100m in daily volume. It’ll be a technical deep dive beyond traditional pentesting concerns, focusing on abusing game theory and economic models for profit. In the high-stakes world of smart contracts, a single overlooked flaw could result in an instantaneous multi-million dollar loss.
The talk will be based on experience gained through security reviews iosiro has performed of Synthetix’s Perpetual markets. The code, infrastructure, and assessment results are all public, so we can give deep insights into our learnings. The basic structure of the talk can be split into four sections. The first three sections are intended to provide attendees with the requisite context to engage with the security considerations in the final section.
Takeaways:
Gain knowledge about derivatives and perpetual markets.
Learn about the weird and wonderful attacks against these systems, along with the countermeasures implemented to protect against them.
See how one of the most popular DeFi / crypto applications works.
Develop an understanding of how to approach threat modeling smart contracts without needing any background in blockchain fundamentals.
See the difference between how a pentester and smart contract auditor might approach an assessment of this nature.
Notes:
The system is built for web3, but the talk will be more focused on the attack surface of a fully white-box financial application. Most of the blockchain-specific behavior will be abstracted away as many attacks could apply to traditional financial systems. This approach allows attendees to interact with a commonly used crypto product and understand threat modeling in the field, without understanding blockchain fundamentals like smart contracts and Solidity.
We are the sole security consultants working on this system and have reviewed several implementations over a few years. We have a comprehensive understanding of its inner workings and its threat model.
The system in question comprises a set of smart contracts deployed to Optimism, an Ethereum Layer-2 network.
A front-end for the current deployment of the perps market can be found here: kwenta.eth.lim...
Stats of the perps market can be found at: dune.com/synth...
Filmed at BSides Cape Town 2023
AV Sponsored by BITM Cyber Security

Пікірлер: 4

@elmehdiezziar 8 ай бұрын

😎😁😎

@ichibot-app 8 ай бұрын

Do you not understand what a liquidation actually is? A liquidation is just a forced close of position. Meaning it still needs to match an opposite order in the order book.... It's still matched 1:1. How you explained it isn't how it works at all.... you can't just "liquidate" another player in the market. The exhange liquidates the position. You are welcome to get a fill from that liquidation.... to fill your position.... but every contract is 1:1. Even if you use a model like FTX had where backstop liquidity providers take over the position.... they still need to close that position in exactly the same way by matching another opposite order in the book. How you explain it, doesn't even make sense. You appear to have a fundamental misunderstanding of how this actually works. What you're explaining is just straight up fraud or running a scam exchange..... Not an attack. This is amateur hour to the extreme.

@Cms761 8 ай бұрын

He is talking about on-chain derivatives platforms that often use external parties to perform liquidations by calling a smart contract function. The function of course checks whether the position should indeed be liquidated

@kyleriley3316 7 ай бұрын

The talk is about on-chain perps markets, not CEX perps markets - the dynamics are very different . There's no concept of an order book and liquidations are forced onto liquidity providers who are reimbursed by market fees for the additional risk.