A loan from strangers that doesn’t require the user to sacrifice any of their own money? It’s possible, on one condition: individuals must repay the lender in the same transaction that issued the funds. That sounds strange, doesn’t it? What can you do with a loan that needs to be paid back seconds later?
Well, it turns out that you can call smart contracts in that same transaction. If you can make more money using your loan, you can return the money and pocket the profits in the blink of an eye. It’s not that easy, though. Read on to learn more about the newest additions to the DeFi ecosystem.
- How do regular loans work?
- How does a flash loan work?
- Flash loan attacks
- Closing thoughts
How do regular loans work?
Most of us understand how a regular loan works. Still, it’s worth reiterating so that we can make the comparison later.
You speak to your friend Bob. You explain to him how badly you want this chain, how it will improve your trading game by at least 20%, and he agrees to lend you the money. On the condition, of course, that you repay him as soon as your paycheck comes in.
Bob’s your good friend, so he didn’t leverage a fee when he lent you the $3,000. Not everyone will be so kind – but, then again, why should they be? Bob trusts you to pay him back. Another person might not know you, so they don’t know if you’re going to run off with their money.
You might be familiar with this model if you use a credit card. If you don’t pay your bill for a given period, you get charged interest until you repay the full balance (and additional fees).
If you ask someone for a big loan, it’s risky for them to accept it. To lower their risk a bit, they’ll demand that you put some skin in the game. An asset of yours – it could be anything from jewelry to property – will become the lender’s if you fail to pay them back in time. The idea here is that the lender can then recover some of the value that they’ve lost. In a nutshell, that’s collateral.
Suppose that you now want a $50,000 car. Bob trusts you, but he doesn’t want to give you the money in the form of an unsecured loan. Instead, he asks that you put up some collateral – your collection of jewelry. Now, if you fail to repay the loan, Bob can seize your collection and sell it.
How does a flash loan work?
That explains why the lender doesn’t require collateral from you. The contract to repay is enforced by code.
But what’s the point?
At this stage, you’re probably wondering why you’d take out a flash loan. If all of this occurs in a single transaction, you can’t exactly purchase a Lambo, can you?
- Take out a $10,000 loan
- Use the loan to buy tokens on DEX A
- Resell the tokens on DEX B
- Return the loan (plus any interest)
- Keep the profit
All in one transaction! Realistically, though, the fees to transact, combined with high competition, interest rates, and slippage, make the margins for arbitrage razor-thin. You would need to find a way to game price differences to make the activity profitable. When you compete against thousands of other users trying to do the same, you won’t have much luck.
Flash loan attacks
In 2020, two high-profile flash loan attacks saw attackers make off with almost $1,000,000 in value at the time. Both attacks followed a similar pattern.
The first flash loan attack
At the same time, the attacker took out a Compound loan of WBTC using the rest of the dYdX loan. The price pumped, they flipped the borrowed WBTC on Uniswap and made off with a decent profit. Lastly, they repaid their loan from dYdX and pocketed the leftover ETH.
It seems like a lot of work, and might even be difficult to follow. The bottom line is that the attacker leveraged five different DeFi protocols to manipulate the markets. Incredibly, all of this happened in the time it took the original flash loan to be confirmed.
Have you identified where the problem was? It was in the bZx protocol used by Fulcrum. By manipulating the market, the attacker was able to trick it into thinking that WBTC was worth a lot more than it actually was.
The second flash loan attack
Despite their name, smart contracts aren’t that intelligent. They don’t know what stablecoins are meant to cost. So when the attacker put in a huge order to buy sUSD (using borrowed ETH), the price doubled on Kyber.
bZx thought that sUSD was worth $2 instead of $1. The attacker then took out a much bigger ETH loan than would have been normally allowed on bZx since their $1 coin had the purchasing power of $2. Finally, the attacker repaid the initial flash loan and ran off with the rest.
Are flash loans risky?
All in all, this isn’t a fault with flash loans, specifically – the vulnerabilities that were exploited were in other protocols, while the flash loans just financed the attack. This form of DeFi lending could have many interesting use cases in the future, especially given the low risks for both borrowers and lenders.
Flash loans are a nascent entry to the DeFi space, but they’ve certainly made a lasting impression. The concept of uncollateralized loans, enforced only by code, opens up a world of possibilities in a new financial system.
Use cases are fairly limited at the moment, but, ultimately, flash loans have laid the foundation for innovative new applications in decentralized finance.