What are Flash Loans, and How are They Susceptible to Attacks?

2022-08-08, 03:20


[TL;DR]

We are gradually moving past the era of centralized finance involving a third party, the bank, or some other financial institution, whereby receiving loans requires a lot of rigorous and prolonged procedures.

One of the most significant advancements in Decentralized Finance(DeFi) is the introduction of "Flash Loans". It has helped to simplify, speed up, and improve the reliability of financial transactions.

Flash loans date back to 2018 but were officially launched on the Ethereum network in January 2020. They have become increasingly popular in recent years since they offer a way to access funds quickly without going through The hassle of the traditional lending process.

In flash loans, there are no credit checks, third parties, banks, or rigorous processes, as they are guided by smart contracts.

Through the borrow, repayment, and arbitration techniques available in Flash loans, any user in the cryptocurrency space has the opportunity to engage in profitable business operations.

Unfortunately, while flash loans are seen as super sophisticated and beneficial, there are still some flaws. Just like any other technology, flash loans have their downsides.

Read through this article to understand the concept of Fast loans, what they really are, some processes involved in acquiring a loan, and how susceptible the system is to attacks.


Flash loans, Flash loan attacks, Cryptocurrency, Decentralized finance, Smart contracts, Hacks.



What are Flash Loans?



Flash Loans are loan measures in cryptocurrency, offered by DeFi protocols which allow users to be granted some funds without putting up any collateral.

Like we said earlier, the trend of Centralized finance is moving down so fast with that of Decentralized finance taking its place.

Like the traditional way of getting loans, Flash loans involve a borrower, the lender, and little to no profit at the end. The crypto user or the borrower pledges for a loan through an available protocol, receives the loan, makes an arbitrage trade with the loan, and promptly returns the loan to the lender, taking the profit.

Like the word “flash”, flash loans happen within a short time, and the whole lending and returning process takes place within a single transaction on the blockchain.

Flash loans are typically used for short-term trading, and loans are often returned within the same day.

To guarantee transparency and adherence to the contract’s guiding terms, flash loans leverage on a technology called Smart contracts. For a smart contract, if, in any case, one of the required steps in Flash loans is disrupted, the whole transaction will be reverted, meaning that steps executed until that point will be invalid.

A flash loan without a Smart contract is highly unsafe because hackers can easily carry out malicious attacks on users. For instance, some hackers try to manipulate the smart contracts, bombarding the blockchain with “buy and sell” orders with different prices to provide possibilities for arbitrage. Thus, the use of smart contracts is one notable property of Flash Loans transactions as it helps keep checks and minimizes any possibilities of malicious attacks. This feature in flash loans makes them, however, more desirable than the traditional process.



How Do Flash Loans Work?




Source: bitcoinist.com


Any User who wishes to get a loan would;


- First, send out a request to any available lending protocols, specifying the desired amount of funds.
- The request is either approved or disapproved. However, if the user's request is approved, the funds are instantly transferred to the borrower’s wallet.
- The borrower can then use this available fund for any investments, business, or whatever purpose.
- After which, the loan is repaid by the borrower within an agreed time frame, which most times does not exceed 24 hours.

Nevertheless, if The loan is not repaid within the time frame agreed, the lending protocol assumes ownership of the collateralized tokens.

It is good to note that the smart contract, in this case, is what ensures that a borrower repays the loan before the transaction ends. If not, the transaction becomes reverted and wholly canceled.



What are Flash Loan Attacks?



source: Chainanalysis.com


Of all DeFi hacks, Flash loan attacks account for a significant portion. Hacks against DeFi projects, like that of Flash loans, are known to have increased in rate over the past years, with security breach and Code exploit topping the chart.

A Flash loan attack is a type of cryptocurrency theft whereby a hacker loans a huge amount of digital currency using flash loans and then forwards the currency to an open market where they can resell it for a profit.

In a flash loan attack, hackers arbitrage the money they have loaned from flash loans, then return the capital immediately after making a profit.

The process is quick and easy, and the attacker repeats the process several times before finishing and leaving without a trace.

As the value of cryptocurrencies has increased in recent times, flash loan attacks have increased drastically, and this is one of the leading security threats for digital currency exchanges.


Some common examples of Flash loan attacks:

- The DAO Attack
- The bZx Protocol Attack
- The dForce Attack
- The MakerDAO Attack


How Susceptible are Flash Loans to Attacks?



On Christmas Day 2020, a flash loan attack was recorded against the DeFi lending protocol AAVE, adding to several other flash loan attack instances before this one.

These attacks have increased in multiple frequencies, and the latest and fourth most significant theft recorded at the time is from the DeFi platform Beanstalk. The Criminals stole $182 million, surpassing the $167 million total from the previous greatest attack campaign in 2021.

These facts, however, go a long way to reveal how prone and vulnerable Flash loans are if not used appropriately.

There are a few reasons for the susceptibility of the Flash loans, which include:


1. Easy to Execute:

For flash loans, you only require access to a liquidity pool and a sizable amount of collateral. Once you have these, it will be simple for you to take out a sizable loan and utilize the proceeds to purchase a number of assets. The price differential between the two assets can then be immediately monetized. This makes flash loans very much susceptible and easily attacked by cyber frauds.

2. They are Cheap:

Flash loans are very cheap, and hackers barely take seconds to a few minutes to carry out their plans. There are no intermediaries because DeFi protocols are decentralized. As a result, the costs are considerably lower (often between 0.1 and 5 percent).


3. They Are Low-Risk:

Flash loan attackers are not scared of being caught because it rarely happens, and can easily get away with stealing from DeFi protocols. The nature of permissionless networks and the accessible techniques for obfuscating identities cause the majority of them to disappear without leaving a trace.


4. No Collateral:

Collaterals are not key requirements in Flash loans, and this is a downside because a borrower may decide not to pay back a loan and would go scot-free.

Since there are no risks of not repaying the loan to the lender, these loans are also not secured by any collateral. Either you fully complete the transaction and reimburse the lender for the initial loan amount, or the transaction fails, and the initial loan remains within the DeFi protocol.


5. Developer's errors:

Since blockchain technology is still relatively new, the developer's inability to account for all potential flaws is the first obstacle. Another issue is that systems are created quickly, and each of these initiatives costs a lot of money. The stakes are enormous; thus, many developers experiment with various techniques to identify system bugs. Some attackers of flash loans use erroneous calculations of liquidity pools. Other examples include coding errors or miner attacks.



How to Reduce the Occurrence of Flash Loan Attacks



While using the contract's supply of different tokens to calculate the price is the "purest" method of valuing assets; this leaves the contracts open to manipulation and abuse.

However, these measures should be taken in order to minimize or totally avoid flash loans attacks occurrence:
- Utilize a decentralized marketplace. There is no single point of attack because a DEX is not required to retain your assets.
- Utilize a non-custodial wallet. This keeps your keys secure and gives full control over funds.
- Utilize a decentralized lending protocol: These are less likely to be threatened as they don’t hold user assets.
- Keep up with the recent and relevant developments in the DeFi space to be prepared for any potential threats.
- Users should verify the platform in question for Trust & reliability.


In the End



Flash loans are great tools for propelling the exchange of financial assets to an era where security and trustless protocols are in high demand.


They may be as vulnerable now; however, the future holds a better story.

As developers begin to provide better smart contracts and more systems deploy security tools and decentralized oracles for pricing, the DeFi space will also experience a decline in attacks.

However, the developers' contributions alone may not fully solve the issue. Users also have some part to play in minimizing the attack vulnerability of flash loans. Users should never forget to carefully examine and weigh the risks involved in a flash loan and never deposit funds they cannot afford to lose.







Author: Gate.io Observer: M. Olatunji

Disclaimer:

* This article represents only the views of the observers and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted, provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.

Share
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank