What Are Flash Loans

2022-10-27 16:37:17

Web3 is often referred to as the next generation of the Internet, and crypto wallets are considered the gateway to the world of Web3. To fully prepare you for a Web3 adventure, CoinEx Wallet has introduced a series of Web3 know-how articles, illustrating the current status and future development of the Web3 industry.

 

Recently, Supremacy, a blockchain security team, tweeted that the contract of DeFi investment management tool Earning.Farm suffered a flash loan attack, through which MEV bots earned 480 ETH and the hacker made a profit of 268 ETH.

 

Though veteran DeFi users are very familiar with flash loans, the term could be confusing for many crypto beginners. In this article, we will focus on flash loans and help new crypto users understand these loans that are unique to the crypto space.

 

Types of loans

We are all familiar with loans in everyday life. There are two types of typical loans: secured loans and unsecured loans. For example, if someone needs funds to start a business, he can apply for a loan to a bank with his property as collateral. The borrower will still own the property once the loan is repaid. However, if he fails to repay the loan when it becomes due, the bank will be entitled to take away his property.

 

Unsecured loans, also called credit loans, include the credit cards that we use when shopping in a mall. As such loans are unsecured, the bank will check your credit records and cash flow when you apply for a credit card to make sure that you’ll be able to repay the loans.

 

In DeFi, lending is also one of the most frequent use cases. In our previous article CoinEx Wallet|What is Decentralized Lending, we elaborated on the most common over-collateralized loans in decentralized lending. In addition to secured loans, decentralized lending also offers unsecured loans called flash loans, which are our focus today.

 

Flash loans explained

Simply put, flash loans describe a process of borrowing and repaying loans in the same block. In the case of Ethereum, we should first make it clear that a block can accommodate multiple transactions, and one transaction can involve many steps. As shown in the picture below, this particular transaction involves 24 transfer records.

 

 

This means that we can include the following steps in one transaction: Borrow a loan, spend the loaned funds on something, and repay the loan. Unlike regular interactions, these steps must be put into a transaction through programming in the specified order. Once the last step (repaying the loan) is completed, the steps will be packaged into the transaction and uploaded onto the blockchain. Meanwhile, if the steps included even one error (e.g. the loan was not repaid), then the whole transaction would be rolled back, and the transaction would fail.

 

Therefore, in this case, the flash loan provider does not worry about the borrower’s ability to repay, and it only needs to adjust the contract so that the borrower must repay the loan within the same transaction. In this way, the loan will be revoked automatically if it is not repaid. Since all records will be rolled back, there is no risk of default.

 

Use cases of flash loans

Now that you know how flash loans work, you might ask a new question: what’s the use of flash loans if they can be instantly borrowed and repaid? In fact, flash loans have a lot of use cases. Most typically, flash loans are used for arbitrage.

 

To veteran traders, arbitrage is nothing new. It refers to the process of buying low on one exchange and selling high on another when there is a price gap between the two exchanges. The more funds you’ve got, the more arbitrage opportunities there will be, and the larger the arbitrage profit. In this context, flash loans provide users access to massive funds.

 

Suppose you could now swap 1 USDC for 1.01 USDT on UniSwap and exchange 1 USDT for 1 USDC on Curve. You could then borrow 100,000 USDC through a flash loan and sell the borrowed crypto on UniSwap to get 101,000 USDT. Then, you could trade the USDT for 101,000 USDC. Finally, you repay the 100,000 USDC flash loan, which means that you would get 1,000 USDC without paying a dime.

 

Of course, the above case is merely an example, and arbitrage through flash loans involves much more complicated operations. To start with, flash loan providers charge a certain fee. Moreover, large transactions often come with significant slippages, in which case you wouldn’t be able to swap cryptos at the current price. As such, real-world arbitrage through flash loans is more subtle and involves more accurate timing. In addition to arbitrage, flash loans are also used for liquidation. For instance, some users conduct self-liquidation through flash loans to reduce the cost of liquidation.

 

Flash loans can also be exploited by hackers to launch flash loan attacks, which refer to the process of earning huge profits by manipulating the crypto prices using massive funds. Such behaviors often cause losses to other users, and are thus regarded as malicious attacks.

 

For example, suppose a hacker borrowed 10,000 ETH through a flash loan to attack a DeFi protocol that allows him to swap 1 ETH for 1,500 USDT. He would first convert all the ETH borrowed into USDC. At this point, the ETH price would plummet due to the large order, and 1 ETH can now only be swapped for 750 USDC, allowing the hacker to make a profit of 11,250,000 USDT (as the AMM algorithm and the K value are both uncertain, the figure is for reference only and does not reflect actual price changes). Subsequently, the hacker borrows cryptos on the same platforms. At the current swap rate (1 ETH: 750 USDC), according to the collateral ratio of 75%, he could borrow 11,250 ETH with his USDC holding, which means that the hacker would get 1,250 ETH after he pays off the flash loan. While the hacker made a huge windfall, he also brought an enormous impact on the market prices.

 

Controversial as flash loans are, most people believe that hackers could still pull off similar attacks using massive funds even without flash loans because such attacks exploit the flaws of the oracle mechanism of the relevant protocols. Flash loans, a type of loans unique to DeFi, are undoubtedly innovative. As a typical case of code execution, these loans might inspire new ways to design financial products in the future.