The concept of Flash Loan has been a trending DeFi topic in 2021. DeFi provides great utilities for decentralized lending activities, since many protocols are developing innovative peer-to-peer solutions.
Flash Loan introduces the concept of uncollateralized lending. Yet, it is a relatively complex topic to comprehend for the average user. If you are still unsure of what a Flash Loan is and how it works, this blog post makes this concept more simple and understandable than ever! Furthermore, we will describe how some DeFi protocols have been attacked due to Flash Loan exploits.
Table of Contents
A Flash Loan is a tool for DeFi users to borrow a big amount of digital assets, with no collateral for a specific amount of time. Borrowing with no collateral means that participants do not have to provide proof of income and other commitments.
A DeFi user can borrow and repay any amount of money with minor costs, without requiring a collateral commitment. In addition, there is no counterparty risk for the parties as this process occurs in seconds within one transaction. However, certain protocol attacks proved that some types of risks emerge from Flash Loans.
Flash Loans can be useful tools for eliminating transaction costs, swapping collaterals, taking advantage of arbitrage opportunities, self-liquidation and speculating. This concept is a perfect example of the finality of blockchain transactions. It will either occur as programmed or it will not occur at all. We will explain…
Flash Loan Specifics
The significance of a Flash Loan derives from the fact that it must be borrowed and repaid within the same blockchain transaction. Either all the steps of the blockchain transaction will be executed or none of them will occur.
On the Ethereum network, transactions can contain several steps such as sending ETH to pay for gas fees, sending an ERC20 token and interacting with the smart contract. Consequently, a user can interact with several DeFi protocols for multiple actions within one transaction e.g. exchange, swap and stake on 3 different protocols. Each action raises the amount of gas fee required. Therefore, users shall be careful of the number of steps to include.
Similarly in Flash Loans, a user borrows and returns funds within one transaction. In both occasions, if an action fails to execute due to a reason like insufficient funds, none of the actions will take place. Users still pay gas fees for non-executed contracts.
AAVE was the first project that made Flash Loans popular. AAVE deployed smart contracts based on Ethereum (now also available on Polygon), that enable users to borrow several tokens and repay the amount within the same transaction. Flash loans that yield profit for users usually come with a 0.09% fee plus the initial amount. This fee is split, in the case of AAVE, between depositors and integrators.
In case that not all actions of the smart contract are executed (for example the trade does not yield profit or the borrower does not repay the amount), the transaction fails. Therefore, the lender receives the initial funds.
Flash Loan Use Cases
When users borrows funds via a Flash Launch, they can use these funds for other DeFi actions, as long as they repay the amount within the same transaction. This opportunity enables a number of interesting use cases.
The most common use case of a Flash Loan is to benefit from arbitrage opportunities. Let’s assume that the price of 1 ETH is 1,000 SWAP in DEX A and 1,100 SWAP in DEX B.
- Bob gets a flash loan of 10,000 SWAP from AAVE
- He then buys 10 ETH on DEX A and exchanges them for 11,000 SWAP on DEX B.
- Bob buys back the loan of 10,000 SWAP (plus a 0.09% fee) and keeps the 1,000 SWAP.
If the 0.09% fee plus the network fees are less than 1,000 SWAP, Bob will make a profit. Price slippage is also a factor to consider for potential profits. It relies on the size of transaction and available liquidity in the pool. Arbitrage opportunities are also commonly exploited by bots which can detect and commit a similar transaction with Bob, but with a higher gas fee.
Flash Loans have made collateral swaps feasible for users wishing to eliminate high fees and multiple transactions when collateralizing positions. MakerDAO and Compound are DeFi lending protocols where users – for example – can commit ETH as collateral to borrow DAI. But what if Bob wants to swap the collateral token, ETH in this case, to another token?
- He uses one of these protocols (let’s say MakerDAO) to borrow DAI but also wants the ETH he committed back.
- He then uses AAVE to receive a flash loan in DAI.
- Bob repays the borrowed amount at MakerDAO with the newly borrowed DAI.
- He can now withdraw his ETH from MakerDAO and swap it for SWAP on a DEX.
- Bob supplies SWAP as collateral on MakerDAO and borrows DAI to collateralize his original loan.
- He finally repays the AAVE Flash Loan with the borrowed DAI plus the 0.09% fee.
All these… in a single transaction! A collateral swap from ETH to SWAP with a 0.09% fee on the borrowed amount.
Furthermore, self-liquidation through Flash Loans is a method for DeFi users to gain access to locked collateral and avoid liquidation fees. Think of the example above, where Bob provided ETH as collateral to borrow DAI. If the price of ETH declines towards the liquidation level, users tend to supply more ETH to increase the liquidation level. If the contract liquidates Bob’s collateral, Bob has to pay a liquidation fee.
Let’s assume that Bob does not wish to supply ETH neither does he have enough DAI to repay the loan.
- Bob will take a Flash Loan of equal value to the amount of DAI he owes
- He can then repay the DAI loan and thereby withdraw the ETH tokens he committed
- Through a DEX, Bob swaps ETH to DAI and repays the Flash Loan. He keeps the remaining ETH.
Again…all the steps occur in only one blockchain transaction. Either all the steps or none of them will take place. Flash Loans have also been a method for traders to decrease transaction fees and gain by speculating on crypto tokens.
DeFi Attacks via Flash Loans
Flash Loan attacks can be successful if the attacker can manipulate the market to a certain extent. These attacks take place via pump and dump arbitrage and/or oracle manipulation. They are cheap to perform, since there is no monetary commitment by the attackers.
The most recent Flash Loan attack took place on Cream Finance and caused a loss of $130 million. Several other attacks took place in 2021.
The Bunny Token attack occurred as the attacker used PancakeSwap to manipulate the token’s market and caused a 95% decline on its price. The attacker borrowed BNB and manipulated its price against Bunny and USDT. He bought a big amount of Bunny and dumped it to the market, profiting around $3 million. Hackers also exploited ApeRocket ($1.26 million), AlphaHomora ($37 million), BZx ($1 million) and other DeFi projects in similar ways.
The rapid increase of Flash Loan exploits in 2021 highlighted the vulnerabilities of this concept. It still remains though a great method for DeFi users to maximize their earnings and decrease their costs in legitimate ways, by enhancing arbitrage and collateral swaps.
You can visit a Flash Loan AAVE Guide to learn how you can implement a Flash Loan. It is now also feasible for non-programming users to create Flash Loans in platforms like Furucombo. The concept is probably still in its infancy, therefore anyone who might want to execute such a transaction, should be well aware of the associated risks.
Follow The Crypto App blog for more blockchain educational material