Aidan Saggers, Lukas Alemu and Irina Mnohoghitnei
Decentralised Finance (DeFi) may seem a tempting option for those seeking financial gain, autonomy, and self-governance… But how safe is a world in which ‘code is law’? Closer inspection reveals an ecosystem experiencing several hacks, attacks, and fraud. Estimates show at least US$6.5 billion has been stolen since DeFi’s inception, and one particular DeFi feature is often at the centre of this theft – flash loans. Unlimited, ungoverned, and uncollateralised, flash loans give hackers the toolkit to highly leverage their potential attacks. The only cost is the gas fees required to send the transaction. In this blog post we consider the world of flash loans and their criminal counterpart – flash attacks.
What exactly is a ‘flash loan’?
Flash loans are unlimited uncollateralised loans, in which a user both receives and returns borrowed funds in the same blockchain transaction. Currently they exist exclusively within the DeFi ecosystem. DeFi aims to be an alternative to traditional financial (TradFi), with centralised intermediaries replaced by so-called decentralised code-based protocols. These protocols, based on distributed ledger technology, eliminate, in theory, the need for trust in counterparties and for financial institutions as we know them.
Flash loans are most commonly used for arbitrage opportunities, for example if traders look to quickly profit from a mismatch in cryptoassets’ pricing across markets. Flash loans can also be used for collateral swaps – a technique where a user closes their loan with borrowed funds to immediately open a new loan with a different asset as collateral – or debt-refinancing through ‘interest rate swaps’ from different protocols.
In TradFi, borrowers generally need to go through a due diligence process and, depending on the loan amount, provide a number of documents, including proof of identity, proof of income and, most importantly, collateral. None of this is necessary in the case of a DeFi flash loan.
It is important to understand that the lender is exposed to almost no credit risk when participating in a flash loan, hence collateral is not required. Flash loans leverage smart contracts (code which ensures that funds do not change hands until a specific set of rules are met) and the atomicity of blockchains (either all or none of the transaction occurs) to enable a form of lending that has no traditional equivalents.
Flash loans are therefore only available to the borrower for the short duration of the transaction. Within this brief period, the borrower must request the funds, call on other smart contracts to perform near-instantaneous trades with the loaned capital, and return the funds before the transaction ends. If the funds are returned and all the sub-tasks execute smoothly, the transaction is validated.
In TradFi, collateral is key because it reduces or eliminates the lender’s exposure in a default. However, if the borrower does not repay the flash loan as part of the same transaction in which it was taken out, then the entire transaction gets reverted, including the initial amount borrowed and any other actions that follow. In other words, if the borrower does not repay the flash loan, they never receive the loan in the first place.
A non-refundable fee that covers the operational costs of running the smart contracts must be paid up-front, known as the ‘gas fee’ for the transaction – this is true for any Distributed Ledger Technology transaction and not specific to flash loans. Further commission fees are charged only once the transaction executes successfully, making the whole endeavour nearly ‘risk free’ to both the borrower and lender.
Flash loan features
To better understand flash loans, we analysed the Ethereum blockchain (using Alchemy’s archive node) and gathered every transaction which has utilised the ‘FlashLoan’ smart contract provided by DeFi protocol Aave V1 and V2. The Aave protocol, one of the largest DeFi liquidity providers, popularised flash loans and is often credited with their design. Using this data we were able to gather 60,000 unique transactions from Aave’s flash loan inception through to 2023, letting us take a closer look at this new financial primitive.
In general, the properties of flash loans differ from other DeFi transactions. This is not only because they are near-instantaneous, uncollateralised, and unlimited, but because they tend to be complex, as measured through the number of events or logs emitted during a transaction. This higher complexity contributes to the second distinguishing feature, which is that flash loans typically incur much higher gas fees than standard DeFi transactions, see Figure 2. The more events included in a transaction, the more space it takes on the Ethereum Virtual Machine. Given the uncertain execution of these loans, some users are also willing to pay additional prioritisation fees for their transaction to be included in the most immediate block added.
Keeping those attributes in mind, we used the Aave data set to answer the following questions: Which assets are these flash loans borrowing and why? How complex are these transactions? And how expensive are these transactions compared to the average transaction?
Figure 1: Top five assets borrowed on Aave V1 and V2
Given flash loans require both price stability and deep liquidity to execute successfully, which assets are most commonly borrowed are not surprising. Figure 1 shows that three stablecoins and the two largest cryptocurrencies, Bitcoin and Ether, make up the top five most borrowed assets.
Figure 2: Distribution of the ratio between the gas fee paid by a flash loan transaction and the average gas fee paid on the same day, for all transactions on the Ethereum blockchain
Source: Etherscan Average Transaction Cost.
What is surprising though, is the outsized cost of flash loan transactions. Figure 2 shows that, on average, flash loans cost roughly 15 times as much as a standard DeFi transaction. As previously mentioned, cost is proportional to the complexity of a transaction, and on this count, flash loans also stand out from typical transactions. Flash loans typically contain between 35–70 logs (Figure 3) per transaction compared to roughly 5–10 logs for the average Aave transaction.
Figure 3: Count of logs per flash loan transaction
Figure 4: Cumulative total exploited vs total value locked in DeFi
While giving benefits to some users, the DeFi ecosystem has been exposed to significant attacks, hacks, and fraud, with flash loans a particular vulnerability.
In general, hacks, exploits, or price manipulations implemented using flash loans are dubbed ‘flash attacks’. Flash attacks take advantage of the unregulated, uncollateralised, and near-unlimited capital that flash loans enable to, for example, manipulate crypto markets or exploit platform vulnerabilities and generate profits. To this date over US$6.5 billion dollars’ worth of cryptocurrency has been stolen in attacks directly attributable to flash loans.
Flash attacks are unlike anything we have seen in TradFi because flash loans, and therefore flash attacks, are a function of the underlying DeFi technology. A typical flash attack involves taking out a flash loan to borrow a large amount of crypto from a DeFi platform. Next, these funds might be used to manipulate the price of a particular cryptoasset, or to exploit a vulnerability in the DeFi platform. If the flash attack is successful, then the final step involves repaying the borrowed funds along with any fees due, while keeping the profits. However, should the attack not materialise, then the entire transaction is reversed as if it never happened (bar gas fees). In accordance with the unofficial DeFi ethos that ‘code is law’, some argue that select forms of flash attacks are legitimate, describing them as ‘complex arbitrage’.
Flash attacks can be implemented in a multitude of ways, for example by utilising smart contract code in unintended manners, or to generate and exploit price slippage through oracle manipulation. DefiLlama’s list of known hacks records the largest DeFi hacks, ranging from rug pulls and re-entrancy attacks to flash attacks. Out of roughly 150 attacks, 45 were supported using flash loans. Additionally, Table A shows that out of the top five largest amounts borrowed via flash loans, four of these were used to attack protocols.
Table A: Top five flash loans by amount borrowed on the Aave protocol
|Date||Amount borrowed (US$ millions)||Protocol attacked||Amount stolen (US$ millions)|
|17/04/2022||500||Beanstalk (loan 1)||181 (total)|
|17/04/2022||350||Beanstalk (loan 2)||181 (total)|
Are flash attacks preventable?
By enabling a whole host of low-risk avenues for attack, flash loans increase the cost to DeFi protocols of securing themselves from cyber threats. Despite that, there are steps which DeFi systems are already starting to take to protect themselves.
One of the simplest attack vectors, price manipulation, could be reduced, to some extent, by employing decentralised pricing oracles. While they are not without faults, these services provide live-pricing data by using a host of independent off-chain sources to validate an exchange rate.
A common approach to minimising code errors or unexpected behaviours is to use audits, which are thorough code reviews undertaken by independent third-party entities. It is important to note that even well-audited protocols have been exploited in the past. Similarly, separate ‘test networks’ called testnets, which replicate the ‘live’ blockchain environment, allow developers to simulate common attack methods and test their protocol’s resilience.
More similar to TradFi, ‘circuit breakers’ can be implemented when suspicious activity is detected. These are similar to TradFi’s trading halts, and have encountered great scepticism in the crypto ecosystem. Further, time-locks could be used to delay the execution of certain transactions, allowing the platform time to respond to potential flash attacks.
From the perspective of those involved in TradFi, flash loans might seem somewhat reality-bending, despite being entirely possible using technology developed within the DeFi ecosystem. Although flash loans and DeFi are in their relative infancy, what is apparent is that while they may service valid uses, they have also enabled some of the biggest thefts in the DeFi space. Whether they will be widely adopted and how they might look in the future remains to be seen.
What are your thoughts? Do flash loans have a place in DeFi? Let us know in the comment section below.
 The term ‘wrapped’ describes an interoperable token that mirrors the entire value of the underlying cryptoasset referred to.
 This is almost certainly a lower bound for the actual number of attacks.
Aidan Saggersworks works in the Bank’s Foreign Exchange Division, Lukas Alemu works in the Bank’s Current Economic Conditions Division and Irina Mnohoghitnei works in the Bank’s Fintech Hub.
If you want to get in touch, please email us at firstname.lastname@example.org or leave a comment below.
Comments will only appear once approved by a moderator, and are only published where a full name is supplied. Bank Underground is a blog for Bank of England staff to share views that challenge – or support – prevailing policy orthodoxies. The views expressed here are those of the authors, and are not necessarily those of the Bank of England, or its policy committees.