Price manipulation attacks are the most common type of attack against blockchain-based decentralized finance protocols. These attacks are almost always executed using a flash loan, which is why they are also known by that name. Despite the fact that this type of attack has been carried out dozens (if not hundreds) of times and its mechanism is widely known, projects with the same vulnerabilities that allow these attacks continue to be put into production. Taking this reality into account, the Geminon protocol has been designed in such a way that it is safe against this type of attack.

Flash loans

Flash lending is a feature that was initially introduced by the Aave lending protocol in 2020, and soon after by Uniswap v2. As most decentralized exchange and lending protocols released in the following months were inspired by or forked from Aave and Uniswap, flash lending functionality ended up being available everywhere.

A flash loan allows you to borrow any amount of tokens available in a smart contract (usually a liquidity pool on a DEX or a loan pool) without posting any collateral as long as it is returned in the same transaction. By definition, this is only possible if another smart contract is used to execute the transaction, so the use of flash loans is reserved for developers specialized in this technology.

Thanks to flash loans, anyone with the necessary knowledge can have an almost unlimited amount of liquidity for their operations. The flash loan functionality was created with the aim of providing decentralized protocols with high liquidity and capital efficiency, allowing anyone to carry out large arbitrage operations without the need to have the required capital in advance, also generating extra income from fees to the protocols. However, this also opened the door to the possibility that anyone could carry out price gouging attacks on the blockchain.

Countermeasures

The Geminon protocol incorporates several security measures intended to mitigate, prevent, or deter flash loan attacks against the protocol. Taken together, all of these measures make Geminon one of the most secure protocols against flash loans created to date.

From the perspective of an attack aimed at minting a large amount of stablecoin using a flash loan, there are five overlapping security mechanisms:

• GEX Token Supply Limiter

• Internal GLP Oracle

• Protocol oracle

• Stablecoin Supply Limiter

• GLP entropy capture

All these systems work together, so that depending on the state of the protocol and the characteristics of the attack, it will be more likely that one or more of them will intervene.

GEX Token Supply Limiter

Any attempt to manipulate the GEX token that involves artificially increasing its price will lead to the minting of a large number of GEX tokens on GLP. This instantaneous mass minting could trigger the token's supply cap, which is set at 5 million units per day on average. Activating the limiter implies that the attack transaction reverts, so it would not have any effect on the system. For more information on how this mechanism works, consult the dedicated section:

GLP internal oracle

GLPs incorporate an internal oracle developed by Geminon whose algorithm is immune to price manipulation using flash loans.

Protocol oracle

The Geminon oracle contract acts as a coordinator for the rest of the protocol contracts. One of its functions is to aggregate the data from the oracles of each of the GLPs in the network, providing a secure price for the GEX token that is the average of the internal oracles of each GLP. This is an additional layer of security to the internal oracles of each pool, which enhances the effect of the rest of the security systems:

• Increases the probability that the GEX token supply limiter will be activated, since to achieve the same variation in the average price of the n pools in the network, it is necessary to mint n times more GEX tokens than if it were a single pool.

• Enhances the effectiveness of the internal GLP oracle, adding a third layer of smoothing to one-off price changes.

• Enhances the entropy capture of the GLPs, multiplying the cost and potential losses for the attacker trying to manipulate the price.

Stablecoin Supply Limiter

All Geminon stablecoins incorporate a supply limiter like the one used by the GEX token. This system would be the last to intervene in the event of an attack, and although it can also cause the transactions of the attack to revert, it is considered more of a mechanism to mitigate the scope of the attacks by limiting the possible impact on the protocol balances.

GLP entropy capture

It is one of the most effective protection systems in the pool, since it makes operations with a high impact on the price irreversible. In the case of flash loans, this means that the transaction will revert when the full amount of the loan cannot be repaid, and in spot attacks it will make the operation unprofitable for the attacker. This effect is discussed in detail in the next section.

Simulations

Given the importance of ensuring the security of the protocol against price manipulation attacks, the Geminon team carried out simulations of the behavior of the internal oracle of a GLP against different attack patterns using flash lending. The simulations empirically confirmed the expected behavior of the protocol design.

Settings

For the simulations, a single isolated pool was used, so the synergies of using several pools and the master oracle of the protocol are not taken into account. A series of 100,000 trades with a random amount and interval were simulated, generating constant long-term growth in the size of the pool, and for every 10,000 legitimate trades a manipulation attack was introduced with a random amount between $1 million and $1 billion, so that attacks were tested on all pool liquidity regimes. Both simple attack patterns were tested, as well as attacks with multiple operations that sought to deceive the internal oracle of the pool to make it reflect the manipulated price.

Results

• In more than 50% of the simulated attacks, the transaction was reversed because the GEX token mint limiter was triggered in the first instance. In a multi-pool environment, this percentage would have been even higher.

• No attack pattern managed to manipulate the secure pool price within the same block, implying that no flash loan attack would have been effective against the protocol, even with only one GLP running on the network. The following figure shows the pool price sequence during one of the simulated attacks. You can see how the attack produces an instantaneous spike in the raw pool price, while the oracle instantaneous price perfectly filters the attack and the safe price remains unchanged until it ends. It can also be seen how during normal operations before and after the attack, the oracle faithfully reflects the exact price of the pool without delay.

• In the case of spot attacks, with a duration longer than one block, the final price of the pool ended up being higher because the pool captured a significant percentage of the collateral deposited by the attacker, making the attack not only unsuccessful but also produce benefits for the protocol. In the case of flash loans, the transactions would have been reverted due to the impossibility of repaying the entire loan at the end of the transaction. The following figure shows the attacker's balance variation during the flash loan. It can be seen that it ends up with a lower balance than the initial one, without counting the fees.