The GCR Network

Bzx Flashloan: Arbitrage Logic, P&L and Sensitivity Analysis

This is a contributing article from Taylor Zhang, an independent crypto observer based in Shanghai, China, and a founding member of Hashedge & YellowHatDao. This post initially appeared on Medium.

Join the Global Coin Research Network now and contribute your thoughts on Asia!

Figure: Five Arbitrage Steps in bZx Hack, PC: Peckshield

There has been quite a few technical analysis on the Bzx Flashloan incident, but in my humble opinion, the arbitrage logic, P&L and sensitivity analysis haven’t been fully touched upon beyond some simple factual data. So here’s my attempt.

For a more comprehensive angle of the entire event or detailed technical analysis, please click the following links

Bzx Official review: https://Bzx.network/blog/postmortem-ethdenver

Palkeo’s analysis: https://www.palkeo.com/en/projets/ethereum/bzx.html

Peckshield’s analysis: https://medium.com/@peckshield/Bzx-hack-full-disclosure-with-detailed-profit-analysis-e6b1fa9b18fc

Background and Arbitrage Logic

Some background knowledge is provided here. Bzx is a margin trading platform. Naturally it consists of two parts, lending and trading. Bzx does lending on its own, but the trading part it directly hands over to Kyber. Kyber is the on-chain aggregator for liquidity pools, one of which is Uniswap. Under the Kyber pricing mechanism, it always look for the best price among all of its pools. In this event, the best price was always Uniswap, so Kyber wasn’t exactly in the game. On a side note, margin trade can be conducted through a Bzx like all-in-one platform as well as separately, i.e. borrow from Compound and trade on Uniswap. To summarize, the major roles in this event include two lending platforms Bzx and Compound, and a trading platform Uniswap

The essence of the arbitrage logic here can find a sibling in traditional finance. I.e. Right before Google’s earning, simultaneously open a 100x Long and a 100x short position. As long as the movement is more than 1%, the trader is set to profit handsomely. Let’s assume a 5% jump. The short side will be liquidated. The long side will earn 5X principle. So the traders will be left with 4x. The platform will have a 4x loss. This trading strategy has already been banned as it bankrupt a few exchanges.

In the Defi case, the two sides are funded by different lending platform. The Bzx side’s margin wasn’t able to cover its loss (Not liquidated), the Compound side was profitable. However since the trading platform here is Uniswap, a mechanism with liquidity pools as counterparty. The traditional logic doesn’t fully apply. I’ll assume basic knowledge of how Uniswap works and its signature price movement pattern.

Flashloan only provides principle, and is irrelevant from the arbitrage logic. Borrowing 10000 eth from Dydx is a step that needs to be trimmed down since 3200 eth wasn’t utilized. Therefore, it should be understood that only 6800 eth was borrowed. In a flashloan event, even a million eth can be borrowed, but what matters is only the used part.

Those who blaming oracle or Kyber was not on point. If the responsibility has to be divided, then it should be shouldered between Bzx and Uniswap.

The Process

  1. The hacker borrowed 6800 eth from Dydx through Flashloan and gained his arbitrage principle.
  2. 1300 eth was sent to Bzx and 5500 eth sent to Compound.
  3. He longed 5x on the Bzx side (use 1300 eth as collateral and have 5637 eth in total),
  4. He shorted on the Compound side (use 5500 eth as collateral and borrowed 112 btc, an equivalent of 4400 eth by market price).
  5. The effect is that on the Bzx side, 5637 eth was turned into 51btc, and on the Compound side 112 btc was turned into 6871 eth

In terms of price movement, btc/eth price was at about 39. On the Uniswap curve, Bzx side pump has an average price of 108, which means by the end of the pump, the price could be at 200. On the Compound side, the dump will happen on exactly the same curve. After canceling each other out, the additional part has an average price of 20 【(6871–5637)/(112–51)=20】, so the lowest price could be at 10.

Compound has a 1.25X Overcollateralization ratio. With 1.25X, a 1X btc loan can be taken out. It pulled a stunt via going back and forth on Uniswap and the 1X btc was able to sell for 1.56X equivalent of eth, well over the collateral. (From this point on, 1X means 112 btc or 4400 eth)

The Final P&L

Compound side make 0.56X, (5500 eth as collateral, taken out 4400eth equivalent of btc, sold into 6871eth, a profit of 2471eth).

Bzx side has a loss of 0.83X (51*39 is roughly 2000, 5637–2000=3637 eth). It only has a 0.3X Collateral (1300 eth). So the net loss is about 0.53X (2337 eth), and is shared across Bzx lenders. Bzx lenders have lost part of their principle. The problem here is that the bulk Uniswap trade should have been stopped since it could drain the entire collateral and incur loss among Bzx lenders.

For the hacker, combining both ends, The Compound side made him 0.56X (2471eth), deducting 1300 eth cost on the Bzx side, arrives at 1171 eth or a profit of about 0.26X.

At a higher level, if Bzx side loss was 0.83X, Compound side profit was 0.56X, where did the rest of the 0.27X go? Blame Uniswap slippage. It was mentioned that by going back and forth on Uniswap and canceling each other out, the rest of the leg average at about 20 eth/btc 【(6871–5637)/(112–51)=20】. So it was sold at a loss. Roughly 61 btc was sold at 50% off on average on Uniswap. The only ones taking advantage are the Uniswap liquidity providers.

The Sensitivity Analysis

Question 1: The two legs going back and forth on Uniswap, can they cancel each other? Can we only have the rest of the leg after they cancel each other out?

The answer is no. Let’s lay it out.

A. Consider only the part that cancels each other out, we can see that originally, the Bzx side has 5637 eth, the Compound side has 51 btc.

B. After the step 1 pump (Sell eth for btc on Bzx side), Bzx side has 51 btc left.

C. After the step 2 dump (Sell btc for eth on Compound side), Compound side has 5637 eth.

So after the pump and dump, the wealth has been flipped between the Bzx side and the Compound side. This is a Uniswap specific phenomenon that has no counterpart in traditional finance, and is the core logic of this arbitrage event. Therefore, it is necessary to go back and forth on the same Uniswap curve to create a profit of 0.56X on the Compound side.

Specifically, pump on the Bzx side first and dump on the Compound side later, along with the rest of the leg after canceling each other out, the 1X eth can be sold for 1.56X (6871 eth), at a profit of 0.56x (2471 eth)

Question 2: If Bzx risk management kicked in timely, which means the trade only drained the 1300 eth collateral, but was not able to hurt lenders’ principle, would the hacker be able to profit?

The answer is uncertain. If it makes money at all, it would be less than what he made previously. It could also turn into loss. The reason is that by capping the loss, the Uniswap curve was not extended to such extreme position. The 1X capital won’t be able to pull the 1.56x effect. If it goes below 1.3X, then even the 1300 eth cost will not be covered, a loss would incur. Even if it does cover the cost, the hacker will make less.

Question 3: If Bzx borrowed 2800 eth instead of 1300 eth, and only take 2X leverage and maintain total amount at 5637 eth, could this work?

Bzx side will still be liquidated, since the loss is 3637 eth and the collateral is 2800 eth. On the other side, Compound made 2471 eth, less than the collateral loss of 2800 eth, so the hacker will lose 329 eth. Bzx lender will lose 837 eth. This will result in a lose-lose. Only the Uniswap liquidity provider will profit. Of course, the hacker won’t execute the trade if he finds it a loser.

Question 4: If Bzx has a collateral of 130 eth, but is allowed an 8X leverage (10400eth, significantly more than 5637 eth that was utilized), could this work?

When the Bzx pump used 5637 eth, the price has shot up to about 200. The price could only get worse. So let’s assume we only get 15 Btc back for the remaining 4763 eth. In total 10400 eth for 66 btc. On the other hand, 112 btc will still be more than capable of buying the 10400 eth back. The remaining leg will be 46 btc, previously it was 61 btc. So the average price for the 46 btc would likely be higher than the average price for the 61 btc at 20 apiece, somewhere close to 22? In this case, 112 btc gets converted into 11412 eth. A whopping 1.6X more than its 4400 eth principle. Subtracting 0.3X cost (1300 eth collateral) would still give the hacker a very nice profit of 1.3X or 5700 eth, significantly more than the 1171 eth previously. Bzx lenders would suffer even more.

Note:

1. All btc in this article refers to WBTC

2. The Uniswap curve data was estimated on top of my head, any effort to check it with actual model and data will be welcomed. P&Ls were also mainly rough mental calculations, sanity checks will be appreciated.

0 comments on “Bzx Flashloan: Arbitrage Logic, P&L and Sensitivity Analysis

Leave a Reply

%d bloggers like this: