Flash Loans

What is a Flash Loan

A flash loan is DeFi's innovative mechanism of borrowing without collateral and repaying within the same transaction. It leverages blockchain's atomicity.

Core Rule:

If borrowed funds + fees are not repaid within the same transaction, the entire transaction fails.

In other words, if you can't repay the borrowed funds, the loan itself is treated as never having happened. This is why you can borrow millions of dollars without collateral.

---

Atomic Transactions

Blockchain Atomicity

Blockchain transactions either succeed entirely or fail entirely. There is no intermediate state.

• If steps A, B, C, D exist
• If C fails, A and B are also cancelled
• Partial execution is impossible

Applied to Flash Loans

1. Borrow $1,000,000 from protocol
2. Swap tokens on DEX A
3. Swap again on DEX B
4. Repay loan + fees

If there's insufficient funds at step 4? Steps 1-3 are all cancelled. It's as if you never borrowed.

---

Why Flash Loans are Possible

Why Impossible in Traditional Finance

Borrowing without collateral from a bank:

• Borrower could run away with the money
• Bank risks loss

Why Possible on Blockchain

• Transaction atomicity is guaranteed
• If not repaid, the loan never occurred
• No risk to the protocol

Because the protocol "has nothing to lose," it can lend to anyone, unlimited amounts.

---

Flash Loan Fees

Borrowing $1,000,000 from Aave costs about $500-900 in fees. If arbitrage profit exceeds this, you profit.

---

Flash Loan Use Cases

1. Arbitrage

Pursue profit from price differences between exchanges.

Scenario:

• DEX A: 1 ETH = 3,000 USDC
• DEX B: 1 ETH = 3,100 USDC

Flash Loan Arbitrage:

1. Flash loan 3,000,000 USDC
2. Buy 1,000 ETH on DEX A (3,000,000 USDC)
3. Sell 1,000 ETH on DEX B (3,100,000 USDC)
4. Repay flash loan (3,000,000 + fees)
5. Profit: ~$97,000 (excluding gas)

Generate profit without capital!

2. Self-Liquidation

Unwind your position before getting liquidated.

Scenario:

• Borrowed DAI with ETH as collateral
• Health factor at dangerous level
• Can't repay because you don't have DAI

Flash Loan Self-Liquidation:

1. Flash loan DAI
2. Repay debt -> Collateral (ETH) released
3. Swap ETH to DAI
4. Repay flash loan
5. Remaining amount is yours

You avoid the 5% liquidation penalty!

3. Collateral Swap

Replace collateral asset with a different asset.

Scenario:

• Borrowed DAI with ETH as collateral
• Want to switch collateral from ETH to WBTC

Flash Loan Collateral Swap:

1. Flash loan DAI
2. Repay debt -> ETH collateral released
3. Swap ETH to WBTC
4. Deposit WBTC as collateral
5. Borrow DAI again
6. Repay flash loan

Complete in a single transaction!

4. Liquidator Role

Participate in liquidations without capital.

1. Find liquidatable position
2. Flash loan the debt asset
3. Execute liquidation -> Receive collateral
4. Sell collateral
5. Repay flash loan
6. Liquidation bonus is pure profit

---

Flash Loan Attacks

Flash loans are used not only for legitimate purposes but also for protocol attacks.

Oracle Manipulation Attacks

Vulnerability: Protocol relies on single DEX's current price

Attack Method:

1. Flash loan large amount
2. Large swap on DEX -> Price distortion
3. Make favorable trades on other protocols using distorted price
4. Reverse the swap
5. Repay flash loan
6. Keep ill-gotten gains

Defense:

• Use TWAP (Time-Weighted Average Price)
• Reference multiple oracles (Chainlink, etc.)
• Set price change limits

Governance Attacks

Vulnerability: Only checking token balance at voting time

Attack Method:

1. Flash loan governance tokens
2. Vote on malicious proposal
3. Return tokens
4. Malicious proposal passes

Defense:

• Snapshot-based voting (based on specific past block)
• Timelock (waiting period before execution)
• Strengthen quorum requirements

Reentrancy Attacks

Vulnerability: External call before state update

Attack Method:

• Re-call same function from flash loan callback
• Bypass balance checks for multiple withdrawals

Defense:

• Use ReentrancyGuard
• Check-Effects-Interactions pattern

Notable Attack Cases

---

Using Flash Loans Directly

Programming Required

Flash loans require smart contract coding, not UI.

Basic Structure (Aave):

function executeOperation(
    address[] calldata assets,
    uint256[] calldata amounts,
    uint256[] calldata premiums,
    address initiator,
    bytes calldata params
) external override returns (bool) {
    // Perform operations with borrowed funds here

    // Repay
    for (uint i = 0; i < assets.length; i++) {
        uint amountOwed = amounts[i] + premiums[i];
        IERC20(assets[i]).approve(address(POOL), amountOwed);
    }

    return true;
}

No-Code Tools

Some tools support flash loans via UI.

• DeFi Saver: Collateral swaps, leverage adjustments
• Furucombo: Drag-and-drop flash loan combinations

However, complex arbitrage still requires custom coding.

---

The Significance of Flash Loans

Maximizing Capital Efficiency

Anyone can execute large-scale transactions without capital. This:

• Quickly eliminates arbitrage opportunities
• Improves market efficiency
• Activates liquidation systems

Redistribution of Risk

In traditional finance, you need capital to capture opportunities. Flash loans allow anyone with execution capability to participate.

Double-Edged Sword

The same mechanism is used for both market efficiency and attacks. Protocol developers must always consider flash loan attacks.

---

Summary

Flash loans are a DeFi-unique mechanism for borrowing unlimited amounts without collateral and repaying within the same transaction. Thanks to blockchain atomicity, if repayment fails, the loan never occurred, so there's no risk to protocols. They're used for arbitrage, self-liquidation, collateral swaps, and more, but there are also many abuse cases like oracle manipulation and governance attacks. Direct use requires smart contract programming.

Next article: DeFi Leverage Strategies - Amplifying Returns and Managing Risk