An exploit is a piece of code, data, or a sequence of commands that takes advantage of a bug or vulnerability in an application, protocol, or system to cause unintended or unanticipated behaviour to occur.
White hat hackers try to find these bugs, often incentivised by bug bounty programs. Black hat hackers try to use the bugs to exploit the system for financial gain.
One of the most infamous examples of a bug exploit happens to be The DAO hack of 2016. During the hack, the attacker took advantage of faulty code to launch a re-entrancy attack which wiped out $60M worth of ETH.
Not only did this hack have a huge impact on the price, but it also split the Ethereum community and the blockchain itself into Ethereum and Ethereum Classic,
Let’s look at some of the most well-known types of exploits:
- Reentrancy attack: The malicious hacker keeps calling back into the victim contract before the preceding function is finished. So, the hacker keeps interrupting the preceding attack with the latest attack to deploy the reentrancy attack.
- Miner manipulation: Miner manipulates variables that exist outside the smart contract to force the system to work in their favour.
- DDoS (Distributed Denial of Service) attacks: A Denial-of-Service (DoS) attack is a type of attack that is intended to cripple or shut down a machine or network. A DoS attack makes the target inaccessible to its users by disrupting its normal functions.
Other ways DeFi users can lose their funds aren’t (always) actual exploits, though they can be connected to them.
- A rug pull normally isn’t an exploit, but an inside job.
- Wash trading isn’t an exploit, but a normally illegal economic attack, by creating a price pump, followed by FOMO from the market, who become exit liquidity and later bagholders.
- A flash loan can be used for good, but also to amplify a bug or unintended usage of a smart contract and exploit it. Often these use the actual functions of the smart contract. So it can be hard to distinguish bugs from features.
(See also RUG, White Hat and Black Hat Hackers)
« Back to Glossary Index