A design flaw attack refers to an attack in which a malicious user purposely creates a smart contract
, decentralized market, or other software with knowledge of certain flaws in order to trick individuals interacting within the permissionless environment.
A design flaw attack typically exhibits high apparent incentives for users to lock their funds into a smart contract. A flawed definition in some rules surrounding the contract, or the protocol on which it is built, may lead to unfair settlement or release of funds.
A design flaw attack can also be conducted when a malicious user decides to exploit flaws on a contract that was created by another user without any malevolent intent. In this case, the attack would rely on information asymmetry between the attacker and any potential open network participant.
Prediction markets on the Augur platform are one target of design flaw attacks. For instance, many of its faulty markets rely on vague and unclear definitions, with the ultimate purpose of tricking users into betting money in a contract whose outcome will be disputed due to conflicting parameters and interpretations.
Other potential design flaw attacks may target oracles
or data sources such as price feeds. For example, an attacker could purposely target a market or protocol that relies on a single external price source API
that may be deprecated before a contract expiration/settlement date, thus giving the attacker an advantage in being able to manipulate any smart contracts relying on this data source.
The concept of a “design flaw attack” was coined initially in this report by Binance Research:A look at irregularities discovered on Augur