A Detailed Guide on Flash Loan Attacks

Flash Loan Attacks

Last year, DeFi platforms experienced several high-value exploits. During the beginning of 2020, there were two back-to-back exploits against the bZx platform, which experienced a loss of a total of $1m. 

Although the amount is small compared to subsequent exploits, it was for the first time that the flash loans were used in a malicious manner. The rest of the year saw various other hacks such as Harvest Finance and Pickle Finance losing $34m and $20m respectively.

A substantial number of these hacks used flash loans to manipulate multiple DeFi platforms for instant profit. You may be wondering what are these flash loans. 

In this article, you will find all the details about flash loans. 

What are flash loans?

A traditional banking system includes secured and unsecured loans. Secured loans are the ones where the user should attach collateral. Unsecured loans there is no need for collateral as the loan will be sanctioned based on the user’s CIBIL/CRIF score. 

A flash loan is a form of trading where users can borrow an unsecured loan without any intermediary. The smart contract will monitor the transactions and will ensure that the transaction will execute when the user adheres to the rules given in the contract. 

The smart contracts are pioneered by Aave, one of the top lending protocols in DeFi. The size of the loan depends on the capital availability in the publicly funded platforms that provide flash loan services. The fees involved in this type of loans are very low (0.09% on Aave). 

After understanding a brief about what are flash loans, let’s dive in to discover more about the key attributes of flash loans. 

What are the key attributes of flash loans?

Flash loans are a way to make substantial gains without having to risk your money. These loans have three unique characteristics: 

Arbitrage: Crypto traders gain profits through varying prices across various exchanges. Suppose two markets are pricing pizzacoin differently. Exchange A prices the coin at $1 whereas Exchange B prices it at $2. You can use a flash loan and call a separate smart contract to buy 100 pizzacoins for $100 on Exchange A, then you can sell them at $200 on Exchange B. You can then repay the loan and reap the difference. 

Collateral swap: You can instantly swap the collateral backed by your loan for another type of collateral. 

Quick & Instant: Flash loan is instant, as the user will use smart contracts to perform instant trades against the loan lent by the lender. The trade should complete before the transaction ends. The transaction stays for only a few seconds. 

How to use flash loans?

Flash loans are available on Aave and dYdX platforms. Initially, these loans were used as tools for those tech-savvy enough to use the command line. Basically, a method for developers to send textual commands to a computer. Now, more user-friendly interfaces are also emerging. 

How does a flash loan work?

Flash loans are unsecured loans. You can ask the lender if you can borrow some amount of crypto and the lender will agree. Then, you need to repay the amount in the same transaction. A flash loan includes three parts where you receive the loan, use the money and repay the loan. All of this happens in a flash. 

The transaction will be submitted to the network, temporarily lending you those funds. Now, you can use the funds to do some stuff as long as the funds are back in time. If they’re not, then the network rejects the transaction and the lender gets their funds back. It means that the blockchain always had the funds. Hence, it explains why the lender does not require any collateral from you. A code enforces the contract to repay. 

Now, you may be wondering how will it help you? Let’s focus on part two described earlier where you do some stuff with the funds. The idea here is to include the funds into a smart contract, flip a profit and return the initial loan at the end of the transaction. The ultimate goal of flash loans is to gain profit. 

While you gain an ample amount of profit from flash loans, it is also associated with some risks such as flash loan attacks. Let’s understand what are these attacks. 

What are flash loan attacks?

Flash loans allow the user to borrow as much amount as they want without the need for any collateral. The borrower can take thousands of dollars or even hundreds of thousands of dollars without any collateral or KYC process. In such cases, if malicious agents take large flash loans and use them to manipulate the market and hack various DeFi protocols to take the profits at an expense of regular investors and platform users. Such cases lead to flash loan attacks. 

After a brief description of flash loan attacks, let’s explore how these attacks work.

How do they work?

Let’s consider an example where a user borrows $70,000 worth of ETH, a lending protocol will instantly lend the amount to the borrower. But, this doesn’t mean it is the borrower’s money. The borrower should hold something with the funds to repay the loan and pocket the excess amount. 

For this to work, the process should be carried out faster and the debt should be paid to the protocol in time. If this doesn’t happen, then the transaction will reverse. The blockchain enforces the agreement to repay the debt. Flash loan attackers will look for ways to manipulate the market while abiding by the blockchain rules. 

There have been various attacks in the past, let’s explore more about these attacks. 

The first flash loan attack

During this attack, the borrower took an ether flash loan on dYdX, a lending decentralized application. Further, they divided this loan and transferred it to other lending platforms like Compound and Fulcrum. On Fulcrum, the attacker used a part of the loan to short ETH against wrapped Bitcoin (WBTC). It means Fulcrum had to take over WBTC. 

This information was exposed on Kyber, another DeFi protocol. This protocol filled the order on a DEX, Uniswap. Uniswap has low liquidity, so the price of WBTC rose significantly. It means Fulcrum overpaid for the WBTC it purchased. 

At the same time, the attacker takes a compound loan of WBTC using the remaining dYdX loan. The price dumped gradually, they flipped the borrowed WBTC on Uniswap and were successful in gaining a decent profit. Finally, they repaid their dYdX loan and took over the remaining ETH. 

The attacker leveraged five DeFi protocols to manipulate the market. All of this took place when the original flash loan was confirmed. The problem was in the bZx protocol used by Fulcrum. The attacker successfully manipulated the market to trick it into thinking that WBTC was worth a lot more. 

The second flash loan attack

Just after a week of the first attack, the second flash loan attack took place. The perpetrator took a flash loan and converted it to a stablecoin (sUSD). Stablecoins take the price of fiat currencies. Smart contracts do not know the cost of stablecoins.

When the attacker decided to buy sUSD using borrowed ETH, the price doubled on Kyber. bZx thought sUSD priced $2 instead of $1. The attacker took a much bigger ETH loan that would be allowed on bZx. Then, the attacker repaid the initial flash loan and took off the remaining amount. 

How to prevent Flash Loan Attacks?

There are various ways to prevent Flash Loan Attacks:

Decentralized Oracles: Decentralized oracles use multiple sources to find out the actual prices of the cryptocurrency. Umbrella Network is a decentralized oracle that ensures the reliability of data by committing them to the blockchain. If an attacker tries to perform a flash loan attack on a dApp that sources its feeds from a decentralized oracle, then the manipulation will fail. Moreover the transaction time will elapse and the entire transaction will be unprocessed. 

High-Frequency Pricing Updates: This technique is simple but expensive. In this technique, the frequency of the number of times the liquidity pool queries an oracle for the fresh price will increase. With more updates, the price of the token within the pool will be updated faster, invalidating the price manipulation. 

Wrapping Up

DeFi is emerging and is here to stay. There will be loopholes wherein the attackers can exploit. But with each incident, the prevention measures will also become stronger as the overall ecosystem evolves.