A flash loan lets you borrow any amount of capital with zero collateral - the catch is you must repay everything within the same blockchain transaction. If repayment fails, the entire transaction reverts as if it never happened. This enables powerful arbitrage and liquidation strategies, but also powers some of DeFi's largest exploits.
What Are Flash Loans?
Flash loans are uncollateralized loans that must be borrowed and repaid within a single atomic transaction. They exploit a unique property of blockchain: transactions either succeed completely or fail completely (reverting all state changes).
This means a lender faces zero risk: if the borrower can't repay, the transaction simply reverts and the lender's funds never leave their control. It's as if the loan never happened.
The Magic of Atomicity
Traditional loans require collateral because lenders need protection against default. Flash loans don't need collateral because default is impossible:
- Loan disbursement, use, and repayment happen in one transaction
- If any step fails, the entire transaction reverts
- The lender's funds are never at risk
- The only cost is the gas fee for a failed transaction
How Flash Loans Work
The Transaction Flow
- Initiate - User calls the flash loan function, specifying amount needed
- Receive - Protocol transfers requested assets to the borrower's contract
- Execute - Borrower performs arbitrary operations (arbitrage, liquidation, etc.)
- Repay - Borrower returns principal plus fee (typically 0.05-0.09%)
- Verify - Protocol confirms repayment; if insufficient, entire transaction reverts
Technical Implementation (EIP-3156)
Most flash loans follow the EIP-3156 standard, which defines:
flashLoan()- Function to request the loanonFlashLoan()- Callback executed by borrower's contract- Automatic balance check ensuring repayment
Flash loans require smart contract development. You can't execute them through a standard wallet interface - you need to deploy a contract that implements the callback and contains your execution logic.
Legitimate Use Cases
Arbitrage
The most common use case. Spot a price difference between two DEXs? Borrow assets via flash loan, buy cheap on one exchange, sell expensive on another, repay the loan, keep the profit.
Example: ETH is $2,000 on Uniswap and $2,010 on Sushiswap. Flash borrow 1000 ETH, buy on Uniswap, sell on Sushiswap, profit $10,000 minus fees.
Liquidations
Lending protocols let anyone liquidate underwater positions for a bonus (typically 5-10%). Flash loans provide the capital to execute liquidations without pre-existing funds.
Example: A position with $100k debt and $105k collateral is underwater. Flash borrow $100k to repay the debt, receive $105k collateral, repay the flash loan, keep $5k profit.
Collateral Swaps
Change your collateral type without closing your loan position. Flash borrow to repay your existing loan, withdraw old collateral, deposit new collateral, take new loan, repay flash loan.
Self-Liquidation
Close your own leveraged position in one transaction instead of multiple steps, saving gas and avoiding slippage during the unwinding process.
Protocols Offering Flash Loans
| Protocol | Fee | Max Amount | Notes |
|---|---|---|---|
| Aave | 0.05% | Pool liquidity | Most popular, EIP-3156 compliant |
| Uniswap V2/V3 | 0.3% (swap fee) | Pool liquidity | Flash swaps (must return different token) |
| dYdX | 0% | Pool liquidity | Free but limited assets |
| MakerDAO | 0% | Unlimited DAI | Flash mint - creates DAI from thin air |
| Balancer | 0% | Pool liquidity | Free flash loans |
Evolution: Aave V3 Flash Loans
Aave V3 introduced significant upgrades to flash loans, expanding their utility while maintaining the same atomic safety guarantee. The key innovation is flashLoanSimple(), a gas-optimized variant for single-asset borrows that reduces execution costs by approximately 20% compared to the multi-asset flashLoan() function.
Aave V3 Flash Loan Modes
| Feature | flashLoan() | flashLoanSimple() |
|---|---|---|
| Assets | Multiple assets in one call | Single asset only |
| Gas cost | Higher (multi-asset overhead) | ~20% cheaper |
| Debt modes | Can open variable/stable debt positions | Must repay in same tx |
| Fee | 0.05% (waived for approved borrowers) | 0.05% |
A critical V3 addition is the debt mode parameter: flash borrowers can choose to leave the debt open (mode 1 for stable, mode 2 for variable) instead of repaying within the transaction. This effectively converts a flash loan into a standard Aave borrow, enabling sophisticated position-opening strategies in a single transaction.
Governance Flash Loans
One of the most concerning flash loan applications targets DAO governance. An attacker can flash borrow governance tokens, vote on a malicious proposal, and return the tokens — all in one block. The Beanstalk exploit ($181M, April 2022) demonstrated this: the attacker used a flash loan to acquire 79% of Stalk voting power, passed a governance proposal that drained the protocol treasury, and returned the borrowed tokens.
Defenses against governance flash loans include:
- Snapshot-based voting — Vote weight based on token balance at a past block, not the current one
- Vote-escrow (veToken) models — Require locking tokens for months/years, making flash loan governance impossible
- Timelock + quorum requirements — Multiple blocks between proposal creation and voting, with minimum participation thresholds
Flash Loan Attacks
The same power that enables arbitrage also enables exploits. Flash loans have been used in over $300 million in DeFi attacks.
Major Exploits
| Attack | Loss | Vulnerability |
|---|---|---|
| Euler Finance (2023) | $197M | Rate calculation flaw in eToken function |
| Cream Finance (2021) | $130M | yUSDVault token supply manipulation |
| Pancake Bunny (2021) | $45M | Price oracle manipulation |
| bZx (2020) | $8M | First major flash loan attack, oracle abuse |
Attack Taxonomy
Flash loan attacks fall into distinct categories, each exploiting a different vulnerability class:
| Category | Mechanism | Example |
|---|---|---|
| Oracle manipulation | Move DEX spot price to trick protocols using on-chain price feeds | Pancake Bunny ($45M), bZx ($8M) |
| Governance hijack | Flash borrow governance tokens to pass malicious proposals | Beanstalk ($181M) |
| Rate manipulation | Exploit exchange rate calculations in token contracts | Euler Finance ($197M), Cream ($130M) |
| Reentrancy amplification | Use flash-borrowed funds to amplify reentrancy attack profits | Multiple DeFi protocols |
Common Attack Pattern
- Borrow - Flash borrow massive capital (often $100M+)
- Manipulate - Execute large trade to move DEX price
- Exploit - Trigger vulnerable protocol that uses the manipulated price
- Profit - Extract value from the protocol
- Restore & Repay - Trade back to restore price, repay flash loan
Most flash loan attacks exploit protocols that use DEX spot prices as oracles. A flash loan can move these prices dramatically within a single transaction. Secure protocols use time-weighted average prices (TWAP) or external oracles like Chainlink that can't be manipulated in one transaction.
Defense Mechanisms
Protocols protect against flash loan attacks through several mechanisms:
For Protocol Developers
- TWAP Oracles - Time-weighted average prices can't be manipulated in one block
- External Oracles - Use Chainlink or other external price feeds
- Reentrancy Guards - Prevent recursive calls that enable exploits
- Access Controls - Limit who can call sensitive functions
- Flash Loan Guards - Detect and block calls originating from flash loans
For Users
- Check if protocols use secure oracle mechanisms
- Verify audit reports specifically address flash loan vectors
- Monitor for unusual activity patterns
- Use protocols with time-tested security track records
Key Takeaways
- Flash loans are uncollateralized loans repaid within one transaction
- Zero risk to lenders - failed repayment reverts the entire transaction
- Legitimate uses: arbitrage, liquidations, collateral swaps
- $300M+ exploited through flash loan-enabled attacks
- Oracle manipulation is the most common attack vector
- TWAP oracles and external price feeds defend against attacks
- Requires smart contracts - not usable from standard wallets