Recently, interest in the crypto space has surprisingly grown exponentially. Even if skeptics see it differently, the use of blockchain to transform traditional financial systems and processes. Therefore, you can see the opportunities related to DeFi or Decentralized Finance in the future. DeFi aims to introduce a permissionless, transparent and decentralized financial ecosystem over a blockchain network.
Cryptocurrencies have changed the way people think about money, and DeFi has added momentum to the growth of the alternative finance ecosystem. DeFi has also boosted the popularity of flash loans, drawing much attention to them. Ethereum lending platform Aave introduced the concept of flash lending in 2020. The idea is relatively new, and many problems are still to be solved.
In this article, we will discuss what DeFi flash loans are and how DeFi systems can protect themselves from flash loan attacks.
What is a Flash Loan in DeFi?
It is a unique trading tool that allows users to borrow unsecured loans from lenders without intermediaries. Smart contracts help manage transactions while ensuring that trades are executed according to the rules set out in the contract.
Traditional banking methods involve two different categories of loans, such as secured and unsecured loans. Secured loans require some security as collateral, while unsecured loans require no collateral. The likelihood of being approved for an unsecured loan largely depends on previous credit scores based on previous loan repayments.
Features of the DeFi Flash Loan
- Smart Contracts: Flash loans use smart contracts, a blockchain-backed tool that allows funds to change hands only when specific rules are met. The rule with flash loans is that the borrower must repay the loan before the transaction is completed, or the smart contract reverses the transaction – so it’s as if the loan never happened.
- Unsecured Loans: Lenders often require borrowers to provide collateral to ensure that the lender can get their money back if the borrower fails to repay the loan. However, no collateral is required for unsecured loans. A lack of collateral does not mean that the flash lender will not get their money back. It’s just sent back differently. Instead of posting collateral, the borrower has to repay the money immediately, which brings us to the next point.
- Instant: Getting and processing a loan is often a lengthy process. If a borrower is granted a loan, he usually has to make regular repayments over months or years. However, flash loans are readily available. The smart contract for the loan must be fulfilled in the same transaction as the loan. This means borrowers have to call other smart contracts to make instant transactions with the lent funds before the transaction is completed, which usually takes a few seconds.
The Use of Flash Loans in DeFi
- Arbitrage: Traders can make money by looking for price differences on many exchanges. Suppose the two markets value coins differently. The price on exchange A is $1, and the price on exchange B is $2. A user can use a flash loan and invoke a separate smart contract to buy 100 coins on exchange A for $100 and sell them on exchange B for $200. The borrower then repays the loan and profits from the difference.
- Collateral Exchange: DeFi users can also use Collateral Exchange to get credit through multi-collateral loan applications. For example, if you borrowed LUNA from Compound and then pledged ETH as collateral, you would need to exchange the ETH collateral for LUNA collateral through a LUNA flash loan to offset the borrowed LUNA.
- Lower Transaction Fees: Transaction fees are reduced as flash loans combine multiple transactions into a single transaction in some cases. Transaction costs are deducted from the loan amount. Therefore, a flash loan can reduce fees.
How Does a Flash Loan Work?
Flash loans allow Defi members to borrow cryptocurrencies without collateral. The point is that flash loans are encoded in smart contracts that force users to return them in the same transaction, altering the user’s account balance on the Ethereum blockchain. If they don’t pay back, the deal will not be successful.
This means, of course, that loans are relatively short-term in nature. However, flash loans allow Defi users to benefit from the flexibility of lending in a single transaction.
What is a Flash Loan Attack?
Flash loans are a relatively new technology and, as such, are vulnerable to hackers and malicious users trying to mess with the system and use it to their advantage.
In a flash loan attack, a borrower can fool a lender into believing that the loan has been repaid in full, even if it hasn’t been repaid.
Technically, a thief poses as a borrower and takes out a flash loan from the loan agreement. The protocol was then used to manipulate the market and defraud lenders. In some cases, attackers create arbitrage opportunities to exploit vulnerable smart contracts. This allows an attacker to buy the token cheaply or sell it at a higher price to an exploited contract.
Why are Flash Loan Attacks Happening in DeFi?
Because the protocols associated with flash loans are not yet foolproof against new attacks and manipulations and transactions happen in seconds, hackers can target multiple markets at once.
The most common flash loan attacks in DeFi are fake arbitrage opportunities, which we mentioned above. In a flash loan attack, the attacker creates an arbitrage opportunity by modifying the relative value of a token trade pair. This can be achieved by flooding the contract with the tokens they loan and causing slippage.
How Can DeFi System Protect Themselves from Flash Loan Attacks?
Although DeFi systems are vulnerable, they can take a few precautions to protect themselves:
- Decentralized price oracles to avoid slippage
- When contracts internally perform their calculations of a particular token or transaction pair value, they are vulnerable to manipulation and exploitation. Therefore, flash loan attacks can be mitigated by using decentralized pricing oracles (like ChainLinks and Band protocols) to obtain pricing information. In this way, DeFi systems no longer rely on a single DEX platform but can avoid being vulnerable to arbitrage fraud.
- Smart contracts can continue to update their prices based on the supply and demand of different tokens in the market. However, the price range should also be limited by external values.
- Tools to detect possible attacks
- DeFi platforms can use tools to mitigate the likelihood of attacks by detecting unusual activity and smart contract vulnerabilities and exploits.
- It is also important for platforms to conduct security audits to address vulnerabilities before rolling out smart contracts.