All articles

DeFi flash loans explained

A brief explanation of what flash loans are, how they impact the crypto ecosystem, and ways to prevent flash loan attacks.

30 Aug 2022by Mrig P

Flash loans have made headlines in the crypto space for reasons both good and bad. While they've been implemented to exploit many vulnerable DeFi protocols, they've also helped many users make a profit. Some enthusiasts even argue that they’re one of the most innovative blockchain technologies. 

But what are flash loans exactly? 

This article explains how flash loans work and outlines some of their most common applications. 

What are flash loans?

Flash loans are uncollateralized loans without borrowing limits in which a user borrows funds and returns them in the same transaction. 

If the user can’t repay the loan before the transaction is completed, a smart contract cancels the transaction and returns the money to the lender. 

Why do flash loans exist?

To understand why flash loans were created, let’s look at existing lending systems in centralized and decentralized finance. 

Centralized Finance (CeFi) lending systems

The most common loans in traditional finance are secured loans and unsecured loans

A secured loan requires the borrower to provide a form of security called collateral to the lender for the repayment of a loan. 

Collaterals usually apply to large sums of money and help the lender recoup their losses by selling the assets if the borrower can’t repay the loan.

For example, if you’re taking out a mortgage, your home will become the collateral, and the lender will sell it to cover the mortgage if you default. 

An unsecured loan, on the other hand, is one in which the borrower doesn't have to provide collateral to borrow funds. If the borrower defaults, the lender sells the collateral to get their loan money back. 

A picture showing the working of a centralized lending system.
Centralized lending process

In both cases, the borrower has to pay interest. And in both cases, if the borrower defaults, the lending authority has to bear the brunt of the losses.

Decentralized Finance (DeFi) lending systems

DeFi lending systems operate differently than their traditional centralized counterparts. They pool capital from depositors into a “liquidity pool” to offer collateralized loans for borrowers. 

Most of these loans are over-collateralized, meaning the borrower has to provide collateral in crypto that is worth more than the borrowed assets. This is to account for fluctuating crypto prices and ensure that the asset doesn’t become undercollateralized. 

A picture that shows how decentralized lending protocols work.
Decentralized lending

In other words, if the collateral’s value can no longer cover the debt, the platform will sell collateral at a discounted price to repay a part of the loan. This process is called liquidation. 

Flash loans address the limitations of CeFi and DeFi lending

CeFi and DeFi loans also have some disadvantages that flash loans address. 

In a traditional CeFi lending system, you'd have to wait months to get your loan approved. But thanks to smart contracts, flash loans are processed and approved instantly. 

Also, if the borrower defaults, the onus of debt is on the lending authorities. If a borrower defaults on a flash loan, however, the smart contract will cancel the transaction and return the funds to the lender. 

As for DeFi lending, users have to provide collateral to get a crypto loan. Flash loans, on the other hand, are uncollateralized, making lending more accessible and giving everyone the opportunity to make money. 

How do flash loans work?

There are two main entities in a flash loan: the lender and borrowers

To interact with the flash loan lender, borrowers must develop a smart contract that consists of three parts:

  • Borrow loans from flash loan lenders (Aave, dYdX, and Uniswap)

  • Interact with smart contracts for other operations 

  • Return the loans

The entire workflow consists of five steps:

1. Transfer loan

The flash loan provider transfers requested assets to borrowers. 

2. Invoke

The user invokes pre-designed operations. 

3. Run operation

The user interacts with different smart contracts to execute operations (arbitrage, liquidation, etc.) with borrowed assets. 

4. Repay loan

Once the operations are complete, the user will return the assets to the flash loan providers with or without the borrowed assets. 

5. Check state

Lastly, the flash loan providers will check their balance. If the user has submitted insufficient funds, the providers will reverse the transaction immediately. 

A picture showing the steps involved in a flash loan transaction.
An example of a flash loan transaction

The 3 most common uses of flash loans

Flash loans have a wide variety of applications that range from paying off debts to making profits from trading. Here, we discuss the three of the most common use cases. 

1. Arbitrage

Arbitrage is the strategy of leveraging price differences for the same asset in different money markets to make a profit. 

Buyers and traders can buy crypto at low prices and run it through different exchanges to end up with slightly more crypto than before. Although this price exploitation sounds harmful, it contributes to market efficiency.

As more crypto traders seek to exploit the same price discrepancy, the prices of these assets across different exchanges will converge, leading to uniformity of the crypto market. 

A picture that shows how crypto arbitrage yields profits.
Crypto arbitrage

If you're just starting with crypto arbitrage, you probably don't have enough assets to make a significant profit. 

But flash loans give you the ability to borrow as much as you want, so you can make a decent profit if you find assets with a considerable price difference.​​ Here’s a transaction from Etherscan that shows how you can use a flash loan to profit from arbitrage: 

A picture of a crypto arbitrage transaction that yielded $16,000 in profit.
A crypto arbitrage transaction that yielded $16,000 in profit

First, the user borrowed 2,048,000 USDC using dYdX’s flash loan. Then, they swapped the amount for 2,028,367 DAI on Curve y pool. 

Next, they used the 2,028,367 DAI to purchase 2,064,182 USDC on Curve’s SUSD pool, after which they paid back the flash loan and kept the difference worth $16,182. 

2. Wash trading

Like any other financial technology, flash loans can also be used to scam users. Wash trading is one such use case. 

Wash trading is the process of using a group of trades to create an illusion of higher trade volume. It misleads investors and other users into thinking that a cryptocurrency or NFT has high demand when it doesn't. 

Some countries like the US have banned the practice of wash trading, but the practice has seen a revival in the crypto market because of the lack of centralized institutions and regulations.

Now, with the advent of flash loans, wash trading has become more rampant as traders can get hold of a large sum of crypto to manipulate the market. 

Here’s a transaction from Etherscan that will help you understand wash trading better: 

A picture of a wash trade transaction.
A wash trade transaction

First, the user borrows 0.01 Wrapped Ether (WETH) from dYdX. Then, they exchange it on Uniswap to get ~122.189 LOOM, which is converted back into ~0.0099 WETH. 

After this step, the user pays back the flash loan to dYdX. What distinguishes this transaction from arbitrage or other types of legal transactions is that there was a loss while swapping tokens.

This indicates that the user’s main aim was to increase trading volumes and not profit from the transaction, making it an illegal trade that was solely done to manipulate the market and create artificial demand for assets. 

3. Closing Collateralized Debt Position

A Collateralized Debt Position (CDP) is simply a crypto loan that’s backed by collateralized assets. Once the user borrows funds, the platform locks the collateral until the loan is repaid. 

During this period, if the currency of the loan drops in value compared to the currency of the collateral, the user can’t repay the loan. 

Flash loans allow you to pay back the loan and release the collateral so you can use it for other purposes. Here’s a transaction that explains the concept better:

A picture of a Collateralized Debt Position (CDP) transaction
A CDP transaction

First, the user takes a flash loan equal to the debt (~262.17 DAI.) from Aave. Next, they repay the loan on Maker, and the platform releases their collateral (2.09 WETH).

Then, they go to Kyber reserve to convert their WETH into DAI and transfer the surplus amount (~2 DAI) to Uniswap for other purposes. Lastly, the user pays back the loan to Aave, which burns a fraction of its token for 0.07 DAI to increase the value of its tokens in circulation.

Can you make money with flash loans?

When a debt becomes undercollateralized, a class of users called liquidators will trigger a liquidation event to buy undercollateralized assets at discounted prices.

With flash loans, anyone can become a liquidator and profit from the discounted assets. For example, take a look at this transaction: 

A picture of a transaction that shows how liquidators use flash loans to profit off liquidations.
Liquidation

First, the user borrows 12,940 DAI from dYdX and swaps it for 13,046 USDT. This USDT is then used to buy collaterals at a discounted price on Compound. 

After exchanging the asset they bought, the liquidator gets 13,450 DAI. And once they paid back the flash loan, 510 DAI remained as profits, which is greater than the gas fees (~$172).

What are flash loan attacks?

Although DeFi flash loans have grown in popularity and liquidity, they're far from perfect. 

About $500 million worth of assets were looted from DeFi platforms between 2020 and 2021. And one of the most common attacks that caused millions to be wiped off the protocols were carried out using flash loans. 

Oracles are third-party services that allow smart contracts to get data from outside their ecosystem. In most cases, this data is the real-time price of assets.

Oracle manipulation is the practice of manipulating the asset price data in these oracles to buy or sell above or below the fair market price on the platform. 

Here’s how this attack is carried out using a flash loan:

  • Borrow a large amount of token A from a flash lending provider 

  • Use a DEX to trade token A for token B (this lowers the price of token A and increases the price of token B on the DEX)

  • Utilize the purchased token B as collateral on a DeFi protocol that relies solely on the DEX (mentioned above) as its price feed, and use the rigged pricing to borrow a larger amount of token A. 

  • Profit from the protocol's manipulated price feed by using a portion of borrowed token A to fully repay the original flash loan and keep the remaining tokens.

  • The values of tokens A and B on the DEX will be arbitraged back to the true market price. But the DeFi protocol is left with an undercollateralized position (debt worth more than collateral), which directly harms other users such as the liquidity pool providers.

For example, in May 2020, the Binance Smart Chain protocol Pancake Bunny lost over 7 million BUNNY tokens and 114,000 BNB in a flash loan attack. 

As a result of the attack, BUNNY plummeted by 96% and the platform incurred a loss of more than $200 million.

How can you protect yourself from flash loan attacks?

Protocols that use on-chain centralized price oracles, such as a single DEX, are vulnerable to attacks carried out using flash loan vulnerabilities. 

Why?

When a single on-chain exchange is used as a price feed, an asset's data is extremely limited because it only reflects the market condition of that one exchange. 

An oracle like Chainlink, however, is powered by a decentralized network of oracles, so while an attacker can carry out a single flash loan transaction, it still won’t affect the price feed as the exchange gets pricing data from multiple sources. 

Concluding thoughts

Flash loans have taken the decentralized finance world by storm as they let users instantly borrow unlimited assets without collateral. 

They’re a double-edged sword, however, and can have unfavorable consequences on the crypto ecosystem depending on what they’re used for. 

Many crypto enthusiasts are currently using flash loans to make profits and hedge themselves against liquidation risks. But malicious parties are also using them to engineer attacks on smart contracts and drain them of funds. 

However, the risk of these attacks might diminish in the future if DeFi platforms spend more resources on testing their code. 

It’s also worth remembering that flash loans are relatively new to the DeFi space, so the possibilities for innovation are endless. 

Frequently asked questions (FAQs)

How do I get a crypto flash loan?

To get a crypto flash loan, you can use a drag and drop tool like Furucombo and create a pipeline with cubes which are akin to building blocks. 

All you’ve got to do is go to the Create mode, click the "+" on the cube icon and choose from different options. You can reorder the cubes according to the order in which the transaction should be executed. 

But ensure that you nest intermediate actions like token swaps between the two flash loan cubes as shown below. 

A picture of a flash loan transaction on Furucombo. 
How a flash loan transaction is carried out on Furucombo

Alternatively, you can also use smart contracts to execute flash loans on platforms like Aave, dYdX, and Uniswap. 

Since smart contracts are pieces of code, you can find many open source flash loan codes on sites like GitHub.

Do flash loans need collateral?

No. Flash loans are unsecured and uncollateralized, meaning anyone can borrow funds to make profits. 

What happens if you don’t pay your flash loan?

If you don’t pay your flash loan, the lender’s smart contract cancels the loan and returns the funds to the user. 

How long does a flash loan last?

As the name suggests, a flash loan only lasts for a few seconds or minutes as the loan is taken and repaid within the same transaction.

Are flash loans risk free?

Yes. Lenders don’t have to worry about defaulting and can lend large amounts while borrowers don’t run the risk of liquidation. 

Begin your DeFi journey with MoonPay

Flash loans are just one of the many ways you can engage with the DeFi ecosystem.

Buy cryptocurrencies via MoonPay using your credit card or any other preferred payment method to get started on your DeFi journey today.