Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems

TL;DR

This paper introduces the Role-Play Attack strategy in DeFi systems, formally defining it, analyzing historical instances, and demonstrating its potential to significantly increase attacker profits.

Contribution

The work formally defines the Role-Play Attack in DeFi, analyzes its impact on past attacks, and shows how it can amplify attacker profits by over 50%.

Findings

Total loss of $435.1M from 14 attacks attributed to this pattern.

Retrofitted attacks show potential profit increase of over 50%.

Mathematical analysis confirms the strategy's effectiveness.

Abstract

The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as multiple roles concurrently to exploit the DeFi system and cause substantial financial losses. We provide a formal definition of this strategy and demonstrate its potential impacts by revealing the total loss of \$435.1M caused by 14 historical attacks with applying this pattern. Besides, we mathematically analyzed the attacks with top 2 losses and retrofitted the corresponding attack pattern by concrete execution, indicating that this strategy could increase the potential profit for original attacks by \$3.34M (51.4%) and \$3.76M (12.0%), respectively.