Vulnerabilities in DeFi, and how 1inch resolves them

In this post, we’re discussing several typical trading vulnerabilities of DeFi protocols, explaining why users of 1inch Fusion are protected from these vulnerabilities.

Security has always been a major priority for 1inch. Meanwhile, the 1inch Labs saw numerous vulnerabilities in existing DeFi protocols, which prompted us to build Fusion+. While working on that task, 1inch developers were careful to avoid mistakes made by some other DeFi protocols and solve issues that make them vulnerable.

Resolver collusion

A resolver collusion occurs when multiple resolvers - professional market makers filling orders in intent-based protocols - conspire to execute orders at the least favorable rate for the user. In auction-based systems, they would need to wait until the auction price falls to the minimum. Alternatively, they could collude not to execute orders at all.

On 1inch, a resolver collusion is ruled out by default. All resolvers interested in executing 1inch Fusion orders undergo a KYB process and agree to resolver terms.

Meanwhile, the existence of financial incentives for resolvers results in more favorable rates for users. Rewards are paid from the escrow contract to resolvers for timely filling users’ orders, and resolvers compete with each other for these rewards, filling orders earlier.

Relayer / oracle collusion

A relayer or oracle collusion happens when multiple relayers or oracles, which provide off-chain data to a blockchain, conspire to manipulate the data they transmit.

This situation is also ruled out on 1inch, as we don’t use relayers or oracles.

Front-running

On decentralized exchanges (DEXes), transactions wait to be executed in the mempool. During this time, a trader or bot can spot a pending transaction and front-run it - place their own order ahead of it. This results in the front-runner benefiting at the expense of the original trader by executing a transaction that affects the asset's price before the original order is processed. Consequently, the original transaction is executed at a less favorable rate for the trader who initiated it.

On 1inch, users are strongly protected against front-running. Specifically, in 1inch Fusion, a trade’s conditions are finalized by a Dutch auction. Once a rate is finalized, there is no value that a front-runner could potentially extract from the user.

To learn about other security tools and solutions offered by 1inch, check out this post.

Stay tuned for more news from 1inch!