Please accompany Unilaunch to learn “How did flash loans originate? What are flash loans? How do flash loans work? What are flash loan attacks?” through the article below.
How did flash loans originate?
Unlike normal loans, flash loans do not require a borrower to provide typical requirements such as proof of income, reserves, or collateral.
While that may sound favorable to the borrower, there are pros and cons. Decentralized finance (DeFi) protocols have contributed to the popularity of flash loans. And most of these are on the Ethereum network.
Aave, an Ethereum lending platform, introduced the idea of flash loans in 2020. As such, the concept remains relatively new and still has a lot of issues to fix. According to Aave, flash loans have “no real-world analogy” and are “an advanced concept aimed at developers.”
In this article, we’ll be discussing the basics of so-called DeFi flash loans, as well as the safety issues and use cases typically associated with them. Let’s dive in.
What are flash loans?
Similar to traditional loans, flash loans are expected to be paid back in full eventually. However, there are also marked differences.
In typical lending processes, a borrower loans money from a lender. The amount is expected to be paid back in full eventually, with interest, depending on the terms discussed between the lender and the borrower.
Flash loans operate on a similar framework but have some unique terms and premises:
Use of smart contracts
A smart contract is a tool used in most blockchains to ensure that funds do not change hands until a specific set of rules are met.
When it comes to flash loans, the borrower is required to repay the full amount of the loan before the completion of the transaction.
If this rule is not followed, the transaction is reversed by the smart contract and the loan is nullified as if it never took place at all.
Unlike a traditional loan, a flash loan is an unsecured loan, meaning no collateral is needed.
However, this does not imply that the flash loan lender does not get their money back in case of non-payment. In a traditional loan, collateral is typically put up to ensure that the lender receives the money back in the event of non-payment.
Flash loans, however, happen within a very short timeframe (usually a few seconds or minutes). This means that while no collateral is needed, the borrower must return the full amount they borrowed right away.
As opposed to longer processes for traditional loans, flash loans are processed faster, thanks to smart contracts.
Getting a traditional loan approved usually is a long process. A borrower must submit documents, wait for approval, and pay the loan back in agreed increments within a stipulated period that may run into days, months or years.
On the other hand, a flash loan is expedited in an instant, which means that the loan’s smart contract must be fulfilled during the transaction for which it’s lent out. Therefore, the borrower is required to call on other smart contracts, using the loaned capital to perform instant trades.
The kicker: All this must be done in a few seconds before the transaction ends. Hence, the name: flash loans.
How do flash loans work?
Simply put, in a flash loan, funds are borrowed and returned within seconds and in a single transaction.
The smart contract sets out the terms and performs instant trades on the borrower’s behalf using the loaned capital. If the flash loan yields a profit, it is typically charged a fee of 0.09%.
On a platform such as Aave, this is how flash loans typically work:
The borrower applies for a flash loan on Aave.
The borrower creates a logic of exchanges to try making a profit, such as sales, DEX purchases, trades, etc.
The borrower repays the loan, makes a profit, and pays a 0.09% fee.
If any of the following conditions occur, the transaction is reversed, and the funds are returned to the lender:
- The borrower does not repay the capital
- The trade does not lead to a profit
The above conditions suggest that what was laid out in the smart contract wasn’t met. As such, the funds are returned to the lender instantaneously. Theoretically speaking, flash loans are a low-risk option for both the borrower and the lender. Flash loans are typically seen as an easy, low-risk way to play with liquidity.
Can you make money with flash loans? Aave recommends having a good grasp of Ethereum, programming and smart contracts to make the most out of flash loans. Ideally, you can make money with flash loans, provided you do not fall prey to flash loan attacks. It would help if you thoroughly researched the protocols you want to borrow from and trade with, as well.
Uses of flash loans
Flash loans are used in DeFi protocols, which are based on the Ethereum Network and Binance Smart Chain.
Aside from Aave flash loans, dYdX flash loans, DEX flash loans and Uniswap flash loans have also risen in popularity. On Uniswap, for example, “flash swaps” allow users to withdraw or take back Ethereum-based tokens paired with other tokens.
While they may have been originally designed for developers, as of August 2020, flash loans without coding are easily accessible to less tech-savvy users. The credit for this goes to platforms like Furucombo and DeFi Saver, among others, who eliminated the need for technical coding skills.
Flash loans can be used for the following:
Flash loan arbitrage
One way for traders to make money is by pinpointing price discrepancies across various exchanges.
For example, if two markets price a cryptocurrency differently, a trader can use a flash loan. The trader can call separate smart contracts to purchase and sell from both markets, making a profit from the price discrepancy between the two.
This involves a quick swap of the collateral backing a user’s loan for another type of collateral.
Collateral swaps enable DeFi users to switch the collateral that they used to take out a flash loan on a lending app. For example, if a trader used their Ethereum (ETH) as collateral on one platform, they can then take out a flash loan to repay the previous loan and withdraw their Ethereum (ETH).
Aside from collateral swaps, flash loans can also be used for “interest rate swaps.”
Aave cites an example on their blog:
- Borrow assets from Aave liquidity
- Payback debt on Compound
- Withdraw collateral from Compound
- Deposit collateral on Dydx
- Mint debt on Dydx
- Return liquidity to Aave
What are flash loan attacks?
Flash loans are relatively new technology and, therefore, prone to attacks by hackers and malicious users who try to game the system and use it to their advantage.
In a flash loan attack, a borrower can trick the lender into believing that the loan has been repaid in full, even if it has not.
Technically, the thief poses as a borrower and takes out a flash loan from a lending protocol. The protocol is then used to manipulate the market and trick lenders. In some cases, attackers create arbitrage opportunities to exploit vulnerable smart contracts. This way, the attackers can purchase tokens for cheap or sell them at higher prices to exploited contracts.
Why do flash loan attacks occur in DeFi?
Flash loan attacks are common because they are the easiest and quickest to pull off.
This is because the protocols associated with flash loans are not yet foolproof against new attacks and manipulations. With transactions happening in mere seconds, hackers can attack multiple markets in one go.
The most common flash loan attacks in DeFi are fake arbitrage opportunities, which we mentioned above. In a flash loan attack, an attacker creates an arbitrage opportunity by modifying the relative value of a trading pair of tokens. This can be done by using their loaned tokens to flood a contract and create slippage.
How can DeFi systems protect themselves from flash loan attacks?
A large majority of DeFi hacks are flash loan attacks. Since the technology is new, vulnerabilities are not readily apparent and may require skilled developers to identify.
Flash loan attacks can cost DeFi protocols and their users hundreds of millions. As such, safeguards must be put into place to ensure that a protocol is robust and sanitized.
Despite being vulnerable to attacks, there are several preventive measures that DeFi systems can take to protect themselves:
Decentralized pricing oracles to protect against slippage
Contracts are left vulnerable to manipulation and exploitation when they perform their own calculations of a particular token’s value or trading pair value internally.
As such, flash loan attack risks can be mitigated by using decentralized pricing oracles such as chainlink and band protocol to fetch price feeds. By doing this, instead of relying on singular DEX platforms, DeFi systems can avoid becoming vulnerable to arbitrage scams.
Smart contracts may continue updating their prices based on the supply and demand of various tokens within their market. However, the price ranges should also be limited in reference to external values. When smart contracts work this way, it would be much more difficult for attackers to create slippage and make attacks profitable.
Tools for detecting possible attacks
DeFi platforms can use tools that minimize the possibility of attacks by detecting unusual activity, along with smart contract bugs and exploits.
As such, defenses can be put in place even before an attack is launched.
It is also vital for platforms to conduct security audits to address vulnerabilities before launching a smart contract. This would require reviewing the smart contract’s code for any weaknesses and addressing them even before the attacker has an opportunity to use it against the platform and its users.