The world of block chain is filled with many strange and complex things that cannot exist outside of it, and one of the least understood is the controversial subject ‘quick loan’ which is issued by Decentralized finance (or ‘DeFi‘) lending/borrowing applications. DeFi exploded in popularity with the invention of cryptocurrency lending/borrowing apps.
Crypto holders have the ability to borrow stablecoins (cryptocurrencies valued at one dollar) against their crypto holdings, as well as taking out loans denominated in other cryptocurrencies, which can be used to establish short positions. In return, cryptocurrency and stablecoin depositors earn the interest paid by borrowers. These applications rely on “liquidity poolsto work, where users deposit their crypto into a pool with other users, which the app draws from to issue loans to borrowers.
Normally, taking out a crypto loan requires posting collateral that can be liquidated if the loan goes bad, but flash loans work differently. As Decrypt explains, the full amount of the loan must be returned at the end of the transaction, otherwise the transaction will be canceled, eliminating the need for collateral. Blockchain smart contracts are used to call a flash loan, allowing the borrower to use the loan on many other DeFi applications throughout the short life of the loan. The most common use of flash loans is to arbitrate price differences between decentralized exchanges (often referred to as ‘DEXes‘) like Uniswap. Arbitrage with flash loans is a win-win situation for all parties involved, as the trader makes low risk profits while the ecosystem benefits from price stability between DEXs, but it is also highly competitive and difficult to achieve without the use of bots. Flash loans are also used by non-traders to “warranty exchange,“allowing them to exchange the collateral asset of their crypto loan for something else, potentially avoiding liquidation of their loan.
Flash loans can be weaponized
Although flash loans are invaluable for DeFi, they are extremely dangerous for projects that did not prepare for their capabilities during development. For instance, decentralized autonomous organizations or DAOs that use token-based voting mechanisms can be exploited by flash loans if not designed properly. DeFi Stablecoin Lending Protocol Beanstalk suffered this type of attack in April 2022, where the attacker used a flash loan to obtain enough DAO governance tokens to push through his own proposal to withdraw approximately $77 million in assets from the community treasury.
The DeFi industry has learned the hard way that flash loans can be used to manipulate prices on DEXs, which can open up opportunities or attack vectors on decentralized applications (commonly referred to as “dApps“) which relies on DEX price feeds. As DappRadar reported in February 2020, one of DeFi’s most controversial and infamous flash loan attacks involved the DyDx trading platform, one of the first to offer flash loans. In this case, a smart coder borrowed millions of ETH, traded it for BTC on one platform, took a short position against BTC on another platform, sold the borrowed BTC on a DEX for drive the price down, closed the short position in profit, and repaid the flash loan. This smart smart contract generated a profit of $360,000 with only $8.23 in transaction fees, which sparked controversy in the community as to whether it was a hack or just smart coding skills.
Flash loans are an advanced DeFi technique used to borrow massive sums of cryptocurrency for a single transaction. They are commonly used to offset price differences between decentralized exchanges and sometimes to exchange collateral used for crypto lending/borrowing apps, but they are also commonly used by hackers as tools to break or manipulate DeFi smart contracts. Flash loans are unique to block chain technology, and are one of many threats developers should be aware of, but are also a powerful tool used to stabilize the on-chain economy.