Flash loans represent a relatively new means of financing that eliminates the deficiencies of centralized and even blockchain-based solutions.
Getting a loan in a traditional financial system can be challenging.
Usually, there is a whole plethora of documents to submit and a long period of time to wait before you get a confirmation.
Blockchain has significantly simplified the process.
Flash loans in DeFi show how much friction is removed from the traditional financial system. Imagine trying to accomplish that in traditional finance-impossible. DeFi continues to add value and disrupt finance.
— WaLLrus (@WaLLrusOfficial) February 12, 2023
Such platforms as Aave, Compound and Celsius make it possible to get some liquid currency such as ETH in a few clicks of a mouse. And yet, they come with their own limitations. To get funds, you still have to pledge collateral to prove your solvency and thus freeze the money until you pay back the loan.
Flash loans on blockchain take a step further and eliminate the necessity to submit any collateral at all. How does this innovation work and what pitfalls can await those who rely on this method?
Let’s take a closer look.
A flash loan is a type of loan that is made available to borrowers and executed within a very short time frame, typically in seconds or minutes. Flash loans are unique in that sometimes they do not require any collateral or credit check, and they are available to anyone with an internet connection and access to a decentralized finance (DeFi) platform.
Similar to the TradFi processes, a flash loan implies borrowing assets and returning them with an interest in a risk-free manner.
However, there are a few features that make this process different:
Here comes the next logical question. What use can one make of such a loan that implies returning the funds so quickly? The key use cases include the following:
Regardless of the case, the process in general looks as follows:
As mentioned earlier, all of these transactions happen almost instantaneously one after the other. It is impossible to perform all these transactions manually in such a fast manner. This is where smart contracts come to help once more.
Developers with specific technical knowledge can build contracts that would make flash loans on their behalf. Those who don’t have the required skills can rely on out-of-the-box solutions such as Collateral Swap or DeFi Saver that can help to perform flash loans without coding.
Flash loan arbitrage is a strategy in decentralized finance (DeFi) that takes advantage of temporary market inefficiencies using flash loans. The idea is to borrow a large amount of funds for a very short period of time, typically just a few seconds or minutes, and use that capital to take advantage of price discrepancies in the market.
For example, a trader might borrow funds to purchase a token at a low price on one decentralized exchange, then quickly sell that same token on another exchange for a higher price. The trader would then repay the flash loan and keep the difference as profit.
Flash loan arbitrage can be a highly lucrative strategy, but it also comes with significant risks, as the trades must be executed quickly and accurately.
As the new means of taking loans on blockchain grows in popularity, flash loan attacks become a common scenario as well. How do such attacks work?
Smart contracts represent a very nice means of automating different activities, including those related to trading processes. They reduce the need for intermediaries and help traders execute operations in a fast and cost-efficient manner. As a consequence, they can be used to break protocols.
The key challenge with smart contracts is their complexity. Developers are only humans after all, and they make mistakes that result in vulnerabilities. When discovered by hackers, these vulnerabilities may play into their hands and help them drain projects’ funds.
“In DeFi, you can't build products that don't break, you have to build things others can't break. Flash loans are an example of an efficient market trying to capture value.”- Wallrus
Some of the largest flash loan attacks in the history of cryptocurrencies include the following cases.
Beanstalk is a credit-based stablecoin lending protocol running on Ethereum. The attacker exploited its governance mechanism having discovered a vulnerability after the implementation of Curve LP Silos.
The vulnerability enabled the attacker to enforce the execution of a malicious proposal and thus drain the project’s funds. Thanks to a large sum gained via a flash loan, the attacker obtained extensive voting rights and managed to abuse the protocol.
C.R.E.A.M. Finance experienced a number of attacks throughout 2021. One of the largest heists resulted in a loss of $130 million worth of CREAM liquidity tokens. Though Etherscan added a corresponding warning to the attacker’s address, the real person standing behind this theft is yet to be found.
Just like in the case of many other protocol hacks, the attackers used the loans to manipulate the market prices. Cream Finance was collaborating closely with another lending platform Yearn Finance. The latest one remained safe and even helped Cream Finance to patch the vulnerability later on.
Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC. The attacker removed a total of ~$130m USD worth of tokens from these markets, using this address: https://t.co/17sPIDpCmr
No other markets were impacted.
— Cream Finance 🍦 (@CreamdotFinance) October 27, 2021
The attacker got an enormous number of BNB via a flash loan and manipulated the price of the BUNNY/BNB and USDT/BNB trading pairs. The large loan enabled the hacker to obtain a big number of BUNNY tokens which he sold off immediately causing the token price to drop dramatically, from $146 to $6.17. After that, the hacker repaid his debt and disappeared with the profits.
For developers, there are three key ways to improve the security of their smart contracts and prevent flash loan attacks.
Sad but true, even all these precautions still cannot fully guarantee the safety of your funds. As technology evolves, so do the hacker’s methods. Thus, even projects with top-notch security may fail sometimes. Therefore, if you are an investor aiming to protect your funds, you should never store all eggs in one basket and implement other best practices to reduce the chance of money losses.
Join The Leading Crypto ChannelJOIN
Disclaimer:Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.
Kate is a blockchain specialist, enthusiast, and adopter, who loves writing about complex technologies and explaining them in simple words. Kate features regularly for Liquid Loans, plus Cointelegraph, Nomics, Cryptopay, ByBit and more.