The evolution of blockchain brought about the birth of decentralized finance (DeFi).  The system aims to create a permissionless, decentralized, and transparent financial ecosystem built on blockchain. Every day, systems like Bitcoin are used to transfer a massive amount of value all around the globe.

The new wave of DeFi technologies may open many potentials for developing our financial system. Today, you can take out crypto-backed loans, trustlessly exchange digital assets, and store wealth in coins that mimic the price of fiat currencies.

This article will take a closer look at a specific category of loans - flash loans. Soon, you will see that these are truly unique additions to the growing decentralized finance stack.

How does the flash loan work?

To understand how flash loans work, we must first understand what a non-collateral loan is.

Usually, when you need to take a loan at the bank, you have to collateralize some assets. But with a non-collateral loan, you don’t have to collateralize any tangible assets.

For example, you have wanted a new PC for a long time, and it has a 20% sale-off this week. But you still need a little bit more money to be able to buy it, and your paycheck only comes after the end of the sales. Fear of missing out on the sale, you ask your close friend Bob to lend you a little money to buy the PC before the sale ends and promise to return the money as soon as possible. Since Bob is your close friend, there is no reason Bob would refuse, and you successfully borrow some money without collateralizing assets. But are you not collateralizing anything?

The answer is no. You “collateralized” your reputation as Bob’s close friend to borrow him some money. By doing this, you guarantee that you will definitely return the money because you don’t want to lose a kind friend like Bob.

Coming back with flash loans, with the help of blockchain technology, users can actually borrow money without collateralizing anything by any means.

The catch? A flash loan must be repaid in the same transaction. That doesn't sound reasonable, but don’t forget that you are using blockchain technology. So you can imagine that your transaction “program” is made up of three parts: receive the loan, do something with the loan and repay the loan. And it all happened in a "flash"!

Step of flash loan including tranfer loan, invoke, run operations, payback loan and check state
Step of flash loan. Source: arxiv.org

First, the transaction gets submitted to the network, temporarily lending you those funds. Then, you can do some stuff in part two of the transaction. Do whatever you want, so long as the funds are back in time for part three. If they are not, the network rejects the transaction, and the funds return to the lenders. Actually, as far as the blockchain is concerned, they always had the funds.

So what is the point of doing all this?

You’re probably wondering why you’d take out a flash loan. If all of this occurs in a single transaction, you don’t really own the money here.

Indeed, you can use that money to make profits for yourself even though you don’t actually own that money. There are a couple of use cases where this can be implemented. For example, suppose that DEX A trades a token at 100$, but DEX B trades at 101$. Assuming that the fee is pretty low (almost neglectable), if you buy ten tokens at DEX A and then sell at DEX B, you would yield a profit of 10$. That seems to be a small gain for some people, but if you scale up the initial fund, let's say 100.000$, the profit would be more considerable.

That is an unrealistic example where the condition is almost perfect for the users (no transaction fee, no price slippage, etc.). In real life, the condition is much harsher. In most cases, the profit wouldn’t make up the transaction fee, and the price is pretty volatile. To make use of this, you would need to find some game-changer elements.

Flash loan attack

Flash loan is a relatively new and promising feature, but the potential it holds comes with the risk that goes along. Ever since it was introduced in 2018 by Marble Protocol, flash loans have been a helpful tool for hackers that need funds to perform capital-intensive attacks. That led to multi-millions lost for many projects and protocols. In the next part, we will take a closer look at the specific case study of flash loan hacks.

Example of flash loan hacks.

C.R.E.A.M Finance (October 2021)

That is the latest example of a flash loan attack, which led to 130M $ lost for C.R.E.A.M Finance. With 2.5B $ funded by a flash loan from Aave and C.R.E.A.M, the hacker performs a price manipulating hack and successfully drains 130M $ from C.R.E.A.M Finance’s treasury.

The critical point of this hack is that the price of crUSD is inherited from yUSDVault, and yUSDVault is calculated internally and does not refer to any price oracle. The attacker flash borrows 2.5B$ from Aave and C.R.E.A.M to generate the fund, then exchanges it to 1.5B$ crUSD and 500M$ yUSD. Since the price of yUSDVault is calculated atomically, and the market cap of this token is not too big, the hacker uses his money to double the price. After that, the hacker uses 1.5B $ worth of crUSD from the fund that he flash loan earlier, deposited into C.R.E.A.M. Since the price of yUSDVault is double, now C.R.E.A.M “think” that 1.5B crUSD worth 3B $. As a result, the hacker can borrow 2B $ to repay the initial flash loan debt and still have 1B $ worth of collateral in C.R.E.A.M. Then he uses the remaining collateral to drain 130M $ out of C.R.E.A.M. All of this complex process happens in a blink of an eye and is almost inevitable.  

PancakeBunny (May 2021)

PancakeBunny - a popular Binance Smart Chain-based decentralized protocol, has suffered a major exploit that caused its token to plummet by more than 95% of its previous value.

The attacker initially borrowed a large amount of BNB through PancakeSwap and used it to manipulate the price of USDT/BNB and BUNNY/BNB in PancakeBunny’s pools. That allowed the hacker to steal a large amount of BUNNY, which they dumped on the market, causing the price to crash. The hacker then paid back the debt via PancakeSwap. Data suggests that the hacker could get away with nearly 3M $ in profits, leaving a tarnished protocol in its wake.

Conclusion

Flash loan is a relatively new and highly experimental feature. It takes time to take full advantage of its potential. The concept of non-collateral loans, enforced only by code, opens up a world of possibilities in the new financial system. By now, the use cases of flash loans are fairly limited, but in the future, when the DeFi ecosystem is more mature and secure, the flash loans will have more chances to prove their value.

References

[1] Towards A First Step to Understand Flash Loan and Its Applications in DeFi Ecosystem, arxiv.org, accessed May 17th, 2022.