Deep Dive into DeFi: Flash Loans and Flash Loan Attacks

Detailed analysis of Flash Loans and deep insight into how Flash Loan abusers perpetrate malicious attacks on liquidity pools. Check out this edition and protect your funds from attackers

What are Flash Loans and How do they work?

Flash Loans are the first uncollateralised loan option in DeFi. Designed for developers, they enable individuals to borrow instantly and effortlessly. No collateral is required, provided that the liquidity returns to the pool within one transaction block.

If the debtor fails to repay within one block, a complete transaction reversal effectively undoes the actions executed up to that point. This security mechanism guarantees the safety of the funds in the reserve pool.

However, bot developers can exploit this to find a very effective way to make large sums of money arbitraging across different liquidity pools and protocols. It also allows for lower fees by bundling transactions together and quickly executing collateral swaps.

Understanding the different types of Flash Loan attacks is crucial to avoid getting burnt.

Let's take a closer look at an example:

One of the first that happened on BZX.

The Borrower successfully tricks the Lender into thinking they had repaid the loan entirely, but in reality, the Borrower had not. The Borrower executed this ploy by manipulating the market of that stablecoin and pushing up the price of the stablecoin used to repay the loan temporarily - effectively walking away with free money.

There are also cases of facilitating Flash Loans to manipulate governance, which can impact an entire protocol. An anonymous individual was able to use Flash Loans to influence a MakerDao governance vote subversively. They were able to secure extra tokens to manipulate the vote, directly impacting the community.

Here’s another example of how Flash Loan attacks happen

The recent Flash Loan attacks show us how powerful they can be. Consider the mechanics of a Flash Loan, where transaction reversal occurs if the Borrower cannot pay back the Lender. Since a smart contract governs the entire transaction occurring within a single block, this reduces the risk on the Borrower, allowing them to conduct Flash Loan attacks with alarming ease.

The essence of a Flash Loan attack is borrowing a large sum and using the obtained liquidity to manipulate a pool(s) to seek a profit. In the case of $Bunny, the attacker used PancakeSwap, a DEX and yield farming platform built on BSC, to take out a big Flash Loan on BNB.

The attacker then used these funds to manipulate prices in USDT/BNB and BUNNY/BNB trading pairs and buy a massive amount of Bunny, which he then dumped on the market, destroying the token's price in the process. After completing the attack, the attacker then paid back his Flash Loans.

Due diligence protects your funds from the dangers of Flash Loan attacks

Hence, you can see how Flash Loans can be potent tools and allow many attack vectors for those with the resources and malintent. Always check the liquidity of a pool and ensure some 'software engineer' Flash Loan abuser can't easily manipulate it to clean out your funds away.

See you again for the next update.

- q

Follow us for more detailed analysis on all markets, including Decentralised technology:

Subscribe to our newsletter, with daily content free for a limited time only:

Join our Facebook group and speak with likeminded traders:

Like our Facebook page for future updates:

The information on this website is for general information purposes only. It is not intended as legal, financial and/or investment advice and should not be construed and/or relied on as such. Before making any commitment of a legal and/or financial nature you should seek advice from a qualified and registered legal practitioner and/or financial and/or investment adviser. No material contained within this website should be construed or relied upon as providing recommendations in relation to any legal and/or financial product. Qluster does not recommend and/or endorse products and does not receive remuneration based upon investment and/or other decisions by our email recipients, publications, newsletter or website users.