Publisher avatar
LearnCrypto
6 min read

What is a flash loan?

What is a flash loan?

A flash loan is a way to borrow crypto funds from a lending pool without the need for collateral, provided the liquidity is returned before the underlying chain confirms transactions in the next block. 

Flash Loans are therefore a form of unsecured loan used to fund complex chains of instant, programmed trades exploiting arbitrage within the DEFI ecosystem - price inefficiencies across tokens and other lending pools. 

If the funds are not returned within one block, all the associated actions are reversed as if they never happened. 

If the funds are returned within the space of one block then the lending pool the funds were borrowed from doesn’t lose out - because the funds are returned and they pocket a fee - and the person who took out the Flash Loan gets to keep whatever value they were able to generate across a complex series of transactions, net of the transaction costs associated with each step in the chain.

Now, this might sound like dark financial arts, but Flash Loans just apply the existing techniques that generate value within TradFi (investment banking and hedge funds), to the new world of DEFI (Decentralised Finance).

Time is Money

Michael Lewis is one of the greatest financial journalists of the last 30 years, most celebrated for his book ‘The Big Short’ about the build-up to the 2008 financial crisis, later made into a film with Brad Pitt and Christian Bale. 

He followed up on that success with another equally important book in 2014, Flash Boys, that exposed the dark side of what is known as high-frequency trading in the US financial market - often abbreviated to just HFT.

High-frequency trading is the practice of making small gains from frequent trades using automation. The key to success is speed, through what is known as front running. 

Front running is taking advantage of the knowledge that a retail investor wants to buy share A, jumping ahead of that trade request to buy it before them, knowing they can make an instant profit by selling to the retail investor at a slightly higher price than they would have otherwise paid. The retail investor has absolutely no idea what is happening in the background.

loading...

The focus of Flash Boys was to expose how high-frequency trading essentially rips off the average investor, and the lengths that they would go to receive/execute trades faster than anyone else. It should also explain why apps like Robinhood can offer zero commission on trades because they are essentially being paid by third parties for information on the flow of orders from which they can profit.

The level of competition to be at the head of the front running queue within existing financial markets means that even a nanosecond can make a massive financial difference. 

In fact, most of the money made within TradFi - traditional finance - comes from exploiting minute market inefficiencies. Given that knowledge, it shouldn’t be a surprise that as liquidity has suddenly flowed into a completely new type of financial market - DEFI - that similar types of techniques have emerged to exploit the greater inefficiencies which come from the immaturity of the markets involved. This is really one of the main reasons why Flash Loans have emerged.

Developers are the new Masters of the Universe

Flash Loans have emerged as the existing approaches within TradFi have blended with the technical realities of DEFI. Decentralised Finance has grown so fast because of the composable nature of the Ethereum ecosystem, within which it exists.

Composability is the ability of different components to seamlessly integrate; DEFI is often described as financial lego. Applications that can work together because of the token standards that Ethereum provides, and the common programming language, Solidity, for building Smart Contracts, the logic for how each lego component works and interfaces with other pieces of the system.

DEFI powers lending and borrowing, yield aggregation, Stablecoin trading and decentralised exchanges. Across all those sectors are numerous applications that are interoperable, allowing value to flow, facilitated by Smart Contracts and the logic they contain.

The Marble Protocol, which dubbed itself as a "smart contract bank", was probably one of the earliest to introduce the flash loan in DeFi. It launched a flash lending option in 2019 via a smart contract on the Ethereum blockchain, claiming that users could use it to take out "zero-risk" loans.

It is important to note that Marble Protocol made this flash lending smart contract to combat the original risk of traditional lenders, that is, when the borrower just ups and disappears with the money. The other risk that their flash lend addressed was the risk of lending too much of a lender's assets at a given time, or repayment delays and failures that will render the lender insolvent (bankrupt).

The Masters of the DEFI Universe are therefore the developers that can code a Smart Contract and also understand the rules of Lego finance. People like Andre Cronje have become minor celebrities within the sector creating new services and applications, while there are also those who shun the limelight but have the ability to use options like Flash Loans in both legitimate and illegitimate ways. The difficulty is that the boundary between good and bad uses of Flash Loans isn’t always obvious.

The Good & Bad of Flash Loans

There are legitimate reasons why someone would want to utilise a Flash Loan, which would benefit them and the wider DEFI ecosystem. Here’s an example from Aave’s website where a Flash Loan enables the swapping of collateral for a MakerDAO Vault:

In this case, the user holds a collateralised ETH position with MakerDAO but wants to swap that for BAT (Basic Attention Token). A Flash Loan provides an alternative way to achieve this that benefits the user because they don’t have to return the DAI that was originally minted and lose out on the yield it is generating.

The user can then swap ETH for different collateral such as BAT, presumably because they feel that has greater upside, and with the BAT vault opened, can return the original loan within the space of one block and pay the Aave fee for the Flash Loan of 0.09% of the amount borrowed.

There are far more complicated Flash Loan applications, but all will centre on some kind of arbitrage opportunity. So the legitimate benefits of Flash Loans can be summarised as:

  • Improving the efficiency of DEFI
  • Generating revenue for lending providers in Flash Loan fees
  • Providing a revenue stream for those taking out a Flash Loan

So what’s the downside to Flash Loans? The problem is that they can also be used in ways where the benefits are skewed dramatically to whoever is taking out the Flash Loan, and very much to the detriment of lending pools and token issuers. 

No surprise that there has been a huge increase in Flash Loan Exploits where attackers use increasingly complex chains of actions combining the manipulation of illiquid tokens and flaws within Smart Contracts.

How Flash Loan Attacks Work

One of the weaknesses of the current DEFI model is the difficulty of applications built on Smart Contracts getting data from the outside world, most importantly price data. 

Any application that offers token swaps, for example, needs to know the current exchange rate, so will reference an Oracle, a service that feeds this data, via API, into Smart Contracts.

This arrangement presents a huge opportunity for anyone with the right combination of Solidity programming and Trading smarts. Here’s an example:

  • Get a Flash Loan of 10,000 ETH
  • Use the ETH to buy a large amount of wBTC (wrapped Bitcoin)
  • Use the remainder of the ETH to short ETH/wBTC
  • Use your wBTC to take out a large ETH loan & cause price slippage in ETH/wBTC
  • Return the wBTC generating more ETH than was originally provided because of slippage on the ETH/wBTC pair
  • Close out the Flash Loan paying the fee and pocket the additional ETH gained

This all happens instantaneously, giving none of the points along the chain any chance to react. Given that the attacker is simply manipulating the price of ETH/wBTC some people argue that what they are doing isn’t necessarily illegal or even immoral; remember that code is law.

Flash Loans present one of the greatest tests of that mantra; the alternative of greater oversight or regulation is seen as too great a compromise, so the only other options are:

  • Smart Contract audits - which help, but don’t guarantee safety
  • Incentivising white hat hackers to expose Smart Contract flaws through bug bounties
  • Building out Insurance products specifically for DEFI 
$2.3 billion
According to Chainalysis $2.3 billion was stolen from DEFI applications in 2021, with 50% of that down to code exploits and Flash Loans. Cream Finance was exploited on three separate occasions via Flash Loans within an eight-month period with losses approaching $190 million. 

Some of these Flash Loan exploits might be put down to the speed at which DEFI has been evolving, but given the scale of losses, it seems likely that the ‘growing pain’ argument won’t wash with regulators who may feel mandated to step in to protect investors.

The validity of Flash Loans is just one component of the broader debate about the benefits of crypto. You can argue that they are helping iron out market inefficiencies, which indirectly benefits all users. On the flip side, many see Flash Loans as just an extension of the dark arts of shadow banking and derivatives trading within traditional finance, which generate little practical value and illustrate how disconnected the gamified nature of DEFI is from reality.