What is a Flash Loan?
A flash loan is a type of loan in the decentralized finance (DeFi) ecosystem that allows users to borrow assets without having to provide collateral or a credit score. This type of loan has to be paid back within the same blockchain transaction block.
The entire process of borrowing, repaying, and covering flash loan fees can take as little as 15 seconds.
Techopedia Explains Flash Loans
Flash loans are a popular way for cryptocurrency day traders to take advantage of rapidly changing markets. Within the DeFi ecosystem, flash loans are used for arbitrage, liquidations, and collateral swaps.
- Arbitrage. The borrower purchases crypto assets at a lower price on one market and sells them at a higher price on another market.
- Liquidations. The borrower uses the loan to manipulate a particular cryptocurrency market in their favor.
- Collateral swaps. The borrower uses the loan to close an existing loan before immediately taking out a new loan with better terms.
The concept of “flash loans” is often credited to Max Wolff, creator of the Marble protocol.
How Flash Loans Work
To apply for a loan, the borrower creates a smart contract that contains a component for borrowing, a component for interacting with other smart contracts, and a component for returning the loan upon completion.
Borrowing component: This part of the smart contract initiates the flash loan and specifies the amount to be borrowed from the lending protocol. A lending protocol is a decentralized, blockchain-based platform that enables users to lend and borrow digital assets without the need for a bank’s approval.
Interaction component: This part of the smart contract contains the logic for interacting with other smart contracts and DeFi platforms.
Repayment component: This part of the smart contract is responsible for returning the borrowed funds (plus a small transaction fee) to the lending protocol within the same transaction. The repayment has to occur before the transaction is completed, or the entire transaction will be rolled back.
The borrowing process itself consists of seven steps:
- The borrower chooses a DeFi platform that supports flash loans.
- The borrower creates a smart contract that contains the logic for borrowing, interacting with other smart contracts, and repaying the loan within the same transaction.
- The borrower connects their wallet to the chosen DeFi platform and executes the smart contract.
- The DeFi lender transfers the requested assets to the borrower.
- The borrower uses the borrowed assets to initiate predefined smart contract operations.
- The smart contract returns the borrowed funds to the lender.
- The lender verifies their balance. If the repaid amount is insufficient, the lender immediately reverses the transaction. If the loan has been successfully repaid within the same transaction, the borrowed assets are returned to the lending pool or protocol from which they were borrowed.
Flash Loan Platforms
Popular DeFi platforms that enable flash loans include:
- Aave. A lending platform primarily based on the Ethereum blockchain.
- Equalizer Finance: A dedicated flash loan platform for markets on Ethereum, Binance Smart Chain, Polygon, and Optimism.
- Furucombo. A multi-chain DeFi aggregator designed to simplify, optimize, and automate DeFi trading.
- Uniswap. A decentralized exchange (DEX) that allows users to trade Ethereum tokens without the need for an account or fees.
Benefits of Flash Loans
Flash loans have gained popularity in the DeFi space because they allow borrowers to take advantage of market inefficiencies and quickly execute complex financial operations without the overhead normally associated with traditional loan applications.
Risks of Flash Loans
From the lender’s perspective, this type of loan is considered to be risk-free, but there are still certain risks associated with using them, including:
Smart contract vulnerabilities: The security of a flash loan depends on the correctness of the smart contract code. When there are bugs or vulnerabilities in the loan’s smart contract, it can lead to unintended consequences, including a loss of funds.
Price slippage: When executing trades or swaps in the context of a flash loan, price slippage can occur – especially when large amounts of liquid assets are involved. This can result in a higher-than-expected cost and make it difficult for the borrower to repay the loan within the same transaction.
Gas fees: Because flash loans involve multiple smart contract interactions in a single transaction, they can consume significant amounts of gas on the Ethereum network or other blockchains. If gas fees are high, the cost of executing a transaction can outweigh potential profits.
Market risks: Flash loan strategies often involve market-based actions such as arbitrage or liquidation. Rapid changes in market conditions, price volatility, or liquidity can impact the success of these strategies and lead to transaction failures or losses.
Compliance risks: Flash loan transactions that result in the exploitation of vulnerabilities, arbitrage, or other actions that negatively impact other market participants could potentially expose users to legal liability.
Flash Loan Attacks
According to the FBI, smart contracts have become one of the biggest attack vectors in DeFi.
Detecting and stopping attacks on DeFi protocols and smart contract code can be difficult because this type of attack happens very quickly. Here are a few examples of successful attacks:
- In October 2020, an attacker used a flash loan to exploit a vulnerability in the Harvest Finance protocol and made a profit of approximately $24 million.
- In May 2021, an attacker used a flash loan to manipulate the price of Binance Smart Chain’s native token (BNB) and exploit the PancakeBunny protocol. By borrowing a large amount of BNB and swapping it with other tokens, the attacker created a significant price imbalance. They then dumped the tokens on the market, causing the price to plummet by over 95%.
- In April 2022, an attacker used a flash loan to obtain a large amount of Beanstalk STALK tokens, which then gave them enough voting power to pass a governance proposal that drained all the funds on the protocol into the attacker’s wallet.
- In March 2023, the UK-based De-Fi platform company Euler lost a reported $196 million to a flash loan attack. The attack was first discovered by security researchers at PeckShield, a blockchain security and data analytics firm.
To prevent flash loan attacks, the FBI recommends rigorous testing, real-time monitoring, and creating an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.
Decentralized pricing oracles like Chainklink or Band Protocol can also help ensure the price data used by DeFi protocols is accurate and resistant to manipulation.