Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/bzx-flash-loan

Name: bzx-flash-loan
Author: apegurus

skills/case-studies/bzx-flash-loan/SKILL.md

npx skillsauth add apegurus/solidity-argus bzx-flash-loan

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

bZx Flash Loan Exploits (2020)

Overview

In February 2020, bZx was hit by two separate flash loan attacks within days. The first attack involved a complex sequence of trades to manipulate the price of WBTC on Kyber, while the second attack manipulated the sUSD price on Kyber using a flash loan from bZx itself. Total losses were approximately $1M.

Root Cause

The primary vulnerability was bZx's reliance on a single on-chain liquidity source (Kyber) as a price oracle. By using flash loans to execute large trades on Kyber, the attacker could significantly move the price, allowing them to take out undercollateralized loans or execute profitable liquidations on bZx.

Attack Flow (First Attack)

Attacker took a flash loan of 10,000 ETH from dYdX.
Attacker deposited 5,500 ETH to Compound to borrow 112 WBTC.
Attacker deposited 1,300 ETH to bZx to open a 5x short position on ETH/BTC.
bZx executed the short by swapping ETH for WBTC on Kyber, which routed to Uniswap.
The large trade on Uniswap caused massive slippage, driving up the WBTC price.
Attacker sold the 112 WBTC borrowed from Compound back into the manipulated market for a huge profit.
Attacker repaid the dYdX flash loan.

Impact

Loss: ~$1M
Protocol: bZx (Fulcrum/Torque)
Chain: Ethereum
Date: 2020-02-15 (First), 2020-02-18 (Second)

Key Transactions

First Attack tx: 0xb5c8bd9430b6cc87a0e2fe110ece6bf527fa4f170a4bc8cd032f768fc5219838
Second Attack tx: 0x762881dda4f35930d15524a4413fde45bc75096f0a7a495caeac6197b928e934

Detection Heuristics

Pattern 1: Use of low-liquidity DEX pools as the sole price oracle for lending or margin trading.
Pattern 2: Lack of slippage checks or price deviation checks against external oracles (like Chainlink).

Remediation

Fix 1: Use decentralized, aggregate oracles like Chainlink or Time-Weighted Average Prices (TWAP) from Uniswap V2+.
Fix 2: Implement circuit breakers or maximum slippage limits for large trades.

References

rekt.news/bzx-rekt/
bzx.network/blog/post-mortem-eth-btc-margin-tokens-exploit

apegurus/bzx-flash-loan

skills/case-studies/bzx-flash-loan/SKILL.md

Case study of the 2020 bZx exploits: oracle manipulation via flash loans draining ~$1M

data-ai

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus bzx-flash-loan

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:19 AM128.6s1 file scanned

SKILL.md

name:: bzx-flash-loan
description:: Detects usage of DEX routers which might be used as price oracles.
category:: reference
source_url:: https://rekt.news/bzx-rekt/
source_license:: CC0
imported_at:: 2025-02-20T00:00:00Z
- regex:: KyberNetworkProxy|UniswapV2Router
severity:: Medium

bZx Flash Loan Exploits (2020)

Overview

Root Cause

Attack Flow (First Attack)

Attacker took a flash loan of 10,000 ETH from dYdX.
Attacker deposited 5,500 ETH to Compound to borrow 112 WBTC.
Attacker deposited 1,300 ETH to bZx to open a 5x short position on ETH/BTC.
bZx executed the short by swapping ETH for WBTC on Kyber, which routed to Uniswap.
The large trade on Uniswap caused massive slippage, driving up the WBTC price.
Attacker sold the 112 WBTC borrowed from Compound back into the manipulated market for a huge profit.
Attacker repaid the dYdX flash loan.

Impact

Loss: ~$1M
Protocol: bZx (Fulcrum/Torque)
Chain: Ethereum
Date: 2020-02-15 (First), 2020-02-18 (Second)

Key Transactions

First Attack tx: 0xb5c8bd9430b6cc87a0e2fe110ece6bf527fa4f170a4bc8cd032f768fc5219838
Second Attack tx: 0x762881dda4f35930d15524a4413fde45bc75096f0a7a495caeac6197b928e934

Detection Heuristics

Pattern 1: Use of low-liquidity DEX pools as the sole price oracle for lending or margin trading.
Pattern 2: Lack of slippage checks or price deviation checks against external oracles (like Chainlink).

Remediation

Fix 1: Use decentralized, aggregate oracles like Chainlink or Time-Weighted Average Prices (TWAP) from Uniswap V2+.
Fix 2: Implement circuit breakers or maximum slippage limits for large trades.

References

rekt.news/bzx-rekt/
bzx.network/blog/post-mortem-eth-btc-margin-tokens-exploit

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/case-studies/bzx-flash-loan ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT