Everything you need to know about FLASH LOANS

Everything you need to know about FLASH LOANS
Photo by Pierre Borthiry / Unsplash

What are Flash Loans?
Flash loans were introduced by AAVE, which is an open-source lending protocol for anyone to deposit and borrow cryptographic assets.

Flash loans are a new way of obtaining loans in which no collateral is required.

Let me explain:

Normally in traditional finance, To obtain a loan from a bank, you must provide some assets as collateral. However, it is not required in this case because the transaction will be reverted if the loan amount is not repaid.

Example usage of Flash Loan:
Let’s say you can get 1 USDC = 1 DAI on Exchange A, and on Exchange B the price is 1 DAI = 2 USDC, you can use this arbitrage opportunity. You can get a flash loan of 100 USDC and buy the DAI token from Exchange A and sell it in Exchange B.
In this way, you are getting a profit of 100 USDC without any investment.

Sounds great, right?
How does it work:

Let’s look at it more technically:

Let me take you through the process:

  1. To obtain a flash loan, a smart contract must be created first.
  2. This smart contract will have the logic to perform the trade with the borrowed assets.
  3. First, this contract will request a flash loan on AAVE on behalf of the user.
  4. When the loan is approved, the trade logic will execute, the user will get a profit, and then the funds will return to the pool with a fee of 0.09% percent.

In this way the user is getting profited, also funds are recovered.
If the funds are not returned, then the transaction will revert automatically.

For non-tech savvy people, there are solutions like FURUCOMBO available.

Attacks that happened using the Flash Loan:

Defi project BeanStalk Attack:

In BeanStalk there is a governance token named STALK.

Any governance proposal that must be implemented should be based on a vote. Therefore, voting powers were based on the number of tokens held.


A person who owns a large number of these tokens has more voting power.

In April 2022 an attacker took a flash loan from AAVE and bought a substantial amount of STALK tokens. In this way, the attacker got significant voting power.

He used this power to pass malicious governance proposals that emptied all the protocol funds into a private Ethereum wallet.

The loss was estimated to be around $182 million, with the attacker gaining $80 million!!!!

OneRing Finance:

In March 2022, OneRing finance experienced a flash loan attack, for which the attacker was so well prepared that he even moved funds needed for gas through the Celer Network cBridge prior to the attack!

After 15 minutes attacker deployed the contract and drained all the funds. Taken by surprise, OneRing Finance was unable to determine how the attack occurred because the attacker’s contract was self-destructible.

The protocol lost ≈$2’000,000 in total!!!!

You must be wondering,


Then why Flash Loans are still in use?
In every tech, there will be good guys and bad guys that will misuse the functionality. Apart from all these hacks and all, flash loans have larger use cases.

  1. Self-liquidation
  2. Collateral swap
  3. Arbitrage trade

Flash loan is a revolutionary idea and also risk-free that is still not explored fully. It’s evident that Flash Loans are a very useful instrument in Defi. They are now vulnerable to multiple attacks, but things are starting to turn around. The severity and frequency of these assaults are likely to decrease over time because of in-depth research into the problem, better security tools, and the use of price oracles.

Worried about attackers targeting your smart contracts? Contact us today to get your smart contracts audited for any security issues!


Yuvarajan

is working as a security engineer in Detasecure. He can able to perform memory forensics and can able to analyze malware. He has done B.E from Anna University. He is an active participant in capture the flag (CTF) competitions. You can reach out to him by Clicking Here.