Economic Exploit

What is an Economic Exploit?

An economic exploit is an attack that extracts value from a DeFi protocol by leveraging its intended mechanics rather than exploiting code vulnerabilities. These attacks work within the protocol's rules but combine operations in ways designers did not anticipate, often involving flash loans, oracle manipulation, or governance gaming to profit at the expense of other users.

How it Works

Economic exploits identify profitable sequences of legitimate protocol actions that designers did not consider or properly protect against.

Common economic exploit patterns include:

1. Oracle Manipulation: Artificially move prices to trigger favorable liquidations
2. Flash Loan Arbitrage: Use massive temporary capital for price manipulation
3. Governance Extraction: Vote to direct treasury funds to attackers
4. MEV Exploitation: Extract value through transaction ordering
5. Incentive Gaming: Exploit reward mechanisms beyond intended use

Unlike code bugs, economic exploits are often in a gray area where the attacker might argue they simply used the protocol as designed.

Practical Example

The Mango Markets exploit in 2022 demonstrated sophisticated economic manipulation. The attacker used large perpetual positions to inflate the price of MNGO tokens, then borrowed against the inflated collateral value, extracting $100 million. The protocol functioned exactly as coded - the economic design simply did not anticipate such manipulation. Cream Finance suffered multiple economic exploits through oracle manipulation enabling undercollateralized borrowing.

Why it Matters

Economic exploits are harder to prevent than code bugs because they exploit design assumptions rather than implementation errors. Audits focused on code correctness may miss economic vulnerabilities. Protocols need economic modeling, mechanism design review, and stress testing against well-capitalized adversaries.