Flash loan is a decentralized finance (DeFi) lending mechanism available on blockchain that allows users to borrow assets with no upfront collateral under the condition that the borrowed assets are returned within the same blockchain transaction block.^[1]

History

Flash loans were initially introduced in 2018 by the forerunner to DeFi, the open-source bank Marble. They made their debut on the Ethereum network in January 2020 through the pioneering decentralized lending platform, AAVE. By July of the same year, AAVE was routinely issuing more than $100 million in flash loans daily. In June 2021, the total flash loans issued by AAVE nearly reached $4 billion. This innovation has since propagated across the DeFi sector, with AAVE's largest processed flash loan amounting to about $200 million to date.^[4]

Flash loans were originally designed for developers, but since August 2020 platforms such as DeFi Saver and Furucombo have allowed less tech-savvy users to take advantage of DeFi and flash loans by removing the need for technical coding skills. This was achieved by allowing parts of the open-source smart contract code for Ethereum to be swapped or interconnected, leveraging a core feature of the protocol.^[4]

Overview

Flash loan is an uncollateralized loan where crypto assets are borrowed and repaid immediately in a single, instantaneous transaction. Flash loans are specialized smart contracts that leverage the capability of transactions to automatically revert before a specific block receives confirmation. As a result, flash loans necessitate repayment within the same sequence of transactions, contained within a single transaction block. The validity of a flash loan hinges on the timely return of liquidity to the lending pool within a single transaction block. If the flash loan transaction fails to restore the complete liquidity to the pool, the entire transaction is reversed. This undoes all preceding actions within the transaction. This safeguard mechanism ensures the protection of funds within the reserve pool, eliminating the need for additional collateral.

Apart from facilitating uncollateralized loans, flash loans find utility in collateral swaps, wherein a user can close an existing loan with borrowed funds and instantaneously initiate a new loan using a different asset as collateral. Moreover, they can simplify the process of establishing leveraged positions and enable the smooth transfer of loans across different protocols, enhancing the efficiency and versatility of financial operations in the DeFi ecosystem. ^{[2][3][4][5][6]}

How Flash Loan Works

• Borrowing: A user initiates a flash loan by requesting a specific amount of cryptocurrency or tokens from a flash lending platform within a single transaction. No collateral is required at this stage.
• Execution: The flash loan smart contract assesses the request and checks if the user can repay the loan, along with the associated fees, within the same transaction block. If the conditions are met, the loan is provided to the borrower.
• Arbitrage and Operations: Flash loans are often used for arbitrage opportunities and other financial operations. Borrowers can utilize the borrowed funds to perform various actions, such as trading, yield farming, or liquidity provision, within the DeFi ecosystem.
• Repayment: The borrower must repay the borrowed amount, including the fees, within the same transaction block. If they fail to do so, the entire transaction is reverted, and the loan is canceled.

Benefits of Flash Loans

Flash loans offer several notable benefits to users and the broader DeFi ecosystem:

• Uncollateralized Access to Capital

Flash loans provide borrowers with uncollateralized access to significant amounts of cryptocurrency or tokens. This means users can leverage their existing assets without needing to lock up collateral, enhancing capital efficiency.^[1]

• Arbitrage Opportunities

Flash loans are frequently used for arbitrage strategies, allowing traders to exploit price discrepancies across different DeFi platforms or tokens. This enables users to profit from market inefficiencies in real-time, potentially leading to substantial gains.^[1][2]

• Reduced Risk

Flash loans are designed for rapid execution, typically occurring within a single transaction block. This minimizes the exposure to market volatility and price fluctuations, as the entire process unfolds quickly, reducing the potential for losses.^[8]

• Liquidity Provision and Earnings

Liquidity providers who contribute assets to flash loan pools earn fees from borrowers. This creates an additional income stream for users and enhances overall liquidity within the DeFi ecosystem.^[8][5]

• Efficiency and Speed

Flash loans excel in terms of speed and efficiency. The simultaneous execution mechanism ensures swift transactions, making them an attractive choice for traders seeking rapid execution of their strategies.^[4]

• Innovation in Finance

Flash loans exemplify the innovative potential of smart contracts and blockchain technology. They introduce new avenues for accessing liquidity and conducting complex financial operations, contributing to the evolution of DeFi.^[4]

• Accessibility

Flash loans are accessible to a wide range of users, from individual traders to institutional participants. This inclusivity democratizes access to financial markets and opportunities, leveling the playing field for all.^[2][3]

• Market Efficiency

Flash loans enable traders to capitalize on price discrepancies and market inefficiencies, ultimately contributing to greater overall market efficiency. By reducing arbitrage opportunities, they help align prices across various platforms.^[7][6]

• Optimization of DeFi Strategies

Beyond arbitrage, flash loans can be utilized for a diverse range of DeFi activities, including yield farming, collateral swaps, and portfolio rebalancing. This flexibility allows users to optimize their strategies.^[2][4]

• Safety Nets with Reversal Mechanism

The automatic reversal mechanism in flash loans ensures that if the borrower fails to meet the loan conditions, the entire transaction is canceled. This protects the lending pool's funds and prevents potential losses.^[1][4]

Flash Loan Attacks

Flash loan attacks are a type of exploit in decentralized finance (DeFi) and smart contracts on blockchain networks. These attacks take advantage of the unique characteristics of flash loans because they enable arbitrage opportunities and complex financial maneuvers. Flash loan attacks can target vulnerabilities in smart contracts, decentralized exchanges, oracles, and other components of the DeFi ecosystem. Flash loan attacks are common in the DeFi space because flash loans are low-risk, low-cost, and high-reward schemes, making them a dangerous combination.^[9]

Flash loan attacks are cheap and do not require massive resources. Only a computer, an internet connection and ingenuity are needed. Hackers need to plan out how they attack, but the execution merely takes a few seconds to a few minutes. The attacker takes out a flash loan, uses it to manipulate the market price of an asset, and then repays the loan with profit. Smart contracts can be programmed to allow users to borrow and lend money without the need for a trusted intermediary. This also makes them vulnerable to attack if not properly programmed.^[5][7]

Some common types of flash loan attacks include:

1. Price manipulation attacks: Flash loan borrowers can manipulate the price of assets by executing a series of trades in rapid succession. This can create arbitrage opportunities or exploit vulnerabilities in automated market-making algorithms.
2. Liquidity pool exploits: Attackers can exploit flaws in decentralized exchange liquidity pools to drain funds from these pools.
3. Oracle manipulation: Flash loans can be used to manipulate oracles by flooding them with false data, leading to incorrect price feeds and triggering liquidations or other unintended actions.
4. Collateral liquidation attacks: Attackers can manipulate the collateralization ratio in lending protocols to trigger the liquidation of undercollateralized loans, causing losses for borrowers and lenders.

Flash loan attacks have been used in several high-profile incidents within the decentralized finance (DeFi) space. Here are a few examples:

1. Theft from dForce: In April 2020, the decentralized lending platform dForce fell victim to a flash loan attack. The attacker was able to exploit a vulnerability in the lending protocol's smart contract, resulting in the theft of assets worth over $25 million. The attacker returned the stolen funds after negotiations with dForce's team.
2. Price manipulation on the bZx platform: In February 2020, the bZx lending platform was exploited in two separate flash loan attacks. In the first attack, the attacker manipulated the price of certain assets on decentralized exchanges to borrow a substantial amount, causing significant financial losses. In the second attack, the attacker exploited another vulnerability in the bZx protocol to further profit from the price manipulation.
3. Liquidity pool drain on Value DeFi: In October 2020, the Value DeFi platform was attacked using a flash loan. The attacker manipulated the protocol's yield farming strategy, draining funds from the liquidity pools and causing substantial losses for the platform and its users.
4. Farming attack on Harvest Finance: In October 2020, Harvest Finance, a yield farming aggregator, was the target of a flash loan attack. The attacker borrowed a large amount of stablecoins, used them to manipulate the price of an asset on Curve Finance, and then deposited the profits back into the Harvest Finance platform.
5. DeFi Yield Farming Aggregator ApeRocket Flash Loan Attack: In July 2021, a flash loan attack occurred on ApeRocket's BSC platform and its Polygon fork, resulting in losses of $1.26 million for the platform's users. The two flash loan attacks targeted the DeFi yield farming aggregator Aave and the decentralized exchange PancakeSwap, both happening within a short time frame. The attackers, utilizing substantial amounts of AAVE and CAKE tokens borrowed through flash loans, maintained 99% of these funds within the vaults of the respective protocols. A significant sum of assets was then transferred to the vaults' contracts, leading to the creation of a large quantity of tokens. The attackers subsequently proceeded to sell off these tokens. This flash loan attack had a detrimental impact, causing the native token of ApeRocket, SPACE, to plummet by 63%.
6. Omni, an NFT lending platform, was attacked in July 2023 using a flash loan attack to steal about 1,300 ETH ($1.43 million). The attacker used NFTs from the well-known Doodles collection as collateral to borrow wETH.
7. In May 2023, Euler, a decentralized finance (DeFi) protocol, was attacked using a flash loan attack to steal around $197 million worth of cryptocurrency across DAI, wBTC, stETH, and USDC. The attacker leveraged the platform's borrowing capabilities to borrow 10 times the original deposited amount.

Other flash loan exploits involve market manipulation by borrowing the same assets from multiple lending platforms and exploiting specific protocols and tokens.^[5][9]