Flash loans are relatively new lending systems that have become popular in the DeFi space, yet their popularity has risen to the mainstream as they have been used to exploit hundreds of vulnerable DeFi protocols that resulted in the loss of millions of dollars.
How Does a Flash Loan Work?
Flash loans work similarly to traditional loans, the main difference is that they use smart contracts — digital contracts coded with programming languages and deployed on a blockchain. These loans are unsecured. To understand flash loans in-depth, let’s review how traditional loans work.
Say you need US $10,000 to pay for a car, and you ask a financial institution for two options, a secured loan or an unsecured loan. Secured loans require the borrowers to put up collateral to ensure the lender is still able to get their money back if the borrower isn’t able to pay back the loan.
Unsecured loans from these institutions require a credit check, so they’ll review your credit record to measure your capability to repay them. If you have a successful record of paying loans back on time, your probability of receiving the funds is higher. In both cases, the institution will charge you interest rates for the service, meaning, you will pay a higher amount when it’s time to pay the loan.
We can think of Flash Loans as the DeFi version of traditional unsecured loans as you can borrow large amounts of money without putting any collateral. How is it possible? As a borrower, you repay your lender in the same transaction that issued the funds by using smart contracts. You can simply ask a lender for US $100k in Bitcoin, for example, and they will lend it to you. Sounds cool, but where does the lender take a win? The catch is that the loan must be repaid in the same transaction.
The reason why it’s called a “Flash” loan is because it consists of three parts: receive the loan, do what you’re going to do with it, and repay the loan, all in a single, seamless transaction. How? This is where the magic of smart contracts comes into play: the money is held on the blockchain, so after you receive the loan and do whatever you need to do with it, if you can’t repay it, the network rejects the transaction and returns the funds to the lender. Reason why you don’t need to put up collateral.
Putting Flash Loans into Practice
Flash loans have no use off-chain, meaning, you can only use them through a series of things in the DeFi space. The idea behind flash loans is to profit from on-chain activities. For example, you can use your flash loan to benefit from distinct markets by buying tokens at lower prices in one DEX (decentralised exchange) and then sell it at a higher price on another venue.
Say you buy 10 tokens priced at $10 at Uniswap, but as that same token is priced at $10.50 at SushiSwap, you can resell it there and make a profit of $5. If we scale it, buying 10,000 tokens per $100,000 and then selling them at $10.50 gives you 105,000, with a profit of $5,000. This activity is known as arbitrage.
In a nutshell:
- Get the flash loan
- use it to buy tokens on DEX A,
- sell the tokens on DEX B,
- return the loan with interest,
- keep your profit.
Yet you’d have to be smart about it and plan a good strategy because there are lots of factors to consider —interest rates, slippage, fees, and especially, competitors. A lot of traders in the DeFi space are making an income doing arbitrage. It’s a tight space and practically no one will share their strategies with you. Doing so would be pointless as everyone would be doing the same thing.
What Are Smart Contracts?
Smart contracts are a type of digital contract designed to execute themselves when predetermined conditions are met. Smart contracts are written using a programming language, like Solidity, which is the programming language supported by the Ethereum and the Ethereum Virtual Machine.
Smart contracts are deployed on a blockchain and will automatically execute themselves once a set of conditions are met, without the use of third parties, so it’s pretty much a peer-to-peer agreement where the two parties can always be sure of the outcome. The basic chunks of codes of smart contracts are “if/when/then.” These statements are the core of smart contracts, and include actions such as releasing funds to the other party, registering assets like NFTs or tokens, sending notifications, etc.
Smart contracts have become a pillar in the DeFi space as they power a blockchain’s entire network activity. Without them, we would need to trust third parties that will charge a fee to write the contract and execute the actions. In a nutshell, smart contracts provide:
- Security: smart contracts are secured thanks to blockchain technology. Every transaction record on the blockchain is encrypted and connected to the previous record, so a hacker would have to alter the entire network structure to change a single record
- P2P Negotiations: With smart contracts you don’t need a third party to review the security and transparency of the digital document. Users can be safe that what’s written won’t be altered for personal benefit.
- Efficiency and speed: In traditional contracts, the third party that writes the contract usually takes several days, delaying the negotiation. Smart contracts are automated and instantly triggered once the established conditions are met.
Flash Loans Exploits
While flash loans have come in handy for DeFi enthusiasts seeking an extra income, they have also come in handy for hackers. 2021 has been the year where malicious actors have exploited hundreds of vulnerabilities found in DeFi projects, stealing hundreds of thousands and even millions of dollars.
Yet one of the biggest heists happened in mid-2020, when a hacker used flash loans to exploit an engineering error in the Harvest Finance protocol, stealing over $34 million. Another controversial heist happened in February 2021, when an attacker drained $37 million from Cream Finance using flash loans. It was reported the hacker only paid $15,000 in transaction fees.
Are Flash Loans Worth it?
While flash loans have gotten a bad reputation thanks to malicious actors in the DeFi space, we need to consider they are a relatively new technology which is still in progress. They are a barely two-year-old concept, so DeFi protocols will have to adapt and to combat malicious actors using this technology to manipulate their systems.
In the meantime, oracles can be handy tools for protocols to reduce the probability of being attacked. Decentralised oracles like Chainlink and Bond Protocol can provide real time data services to keep track of price feeds. This has worked for yield farming protocol Alpha Homora, which was attacked this year and decided to implement the Alpha ORacle Aggreater in May 2021.
Flash loans have their benefits and their downsides, and as the DeFi space continues to advance and bring new technologies, hackers and other malicious actors will certainly try to take advantage of protocol vulnerabilities. Yet these advancements are also being oriented to how to make DeFi a safer and more robust ecosystem. Numerous projects are working on implementing security measures and protocols to keep users safe and sound.