Flash loans are a new kind of uncollateralized lending offered by DeFi platforms, including Aave and dYdX. DeFi traders use flash loans for different types of profit-generating tactics, including arbitrage and collateral swaps. They’ve proven vastly popular, with Aave having issued half a billion dollars in flash loans during the first nine months since launching the feature.
Flash loans have also hit the news headlines on more than one occasion, when “hackers” have manipulated markets to their advantage, making off with vastly inflated profits.
Flash Loans – Explained
In the world of traditional finance, people can obtain two types of loans – secured and unsecured. An unsecured loan simply means that the lender doesn’t require the borrower to put down any kind of collateral. Banks will offer unsecured loans to their customers based on credit history. A secured loan is where the borrower has to put down collateral – something of value that the lender can claim as their own if the borrower fails to repay. A real-world example of this could be a pawn shop, where people can temporarily “sell” their jewelry or other goods and then buy them back later.
In DeFi applications such as Compound or Maker, users have to provide collateral to borrow funds. Usually, these loans are heavily overcollateralized, meaning that the user has to lock up assets of more value than their loan. This ensures that the user will repay their loan, as in the pseudonymous world of DeFi, there’s no such thing as a credit rating – at least not yet. It also offsets the volatility risks of lending and borrowing cryptocurrency.
How Does a Flash Loan Work?
A flash loan enables a DeFi user to borrow crypto without putting down any collateral. The catch is that the loan terms are coded into a smart contract that requires the user to repay it in the same transaction before the Ethereum blockchain updates the user’s account balances. If they don’t repay, the transaction will fail.
Of course, this means that the loan is, by definition, very short term. However, flash loans offer the opportunity for DeFi users to profit based on what they can do with the loan in a single transaction.
(Curious about the DeFi hype? Read our analysis on the DeFi Hype and ETH)
Arbitrage traders take advantage of slight differences in price across different decentralized exchanges. So, imagine that a DAI/USDC is trading at a 1:1 value on Uniswap, but you can buy 1 USDC with 0.99 DAI on Curve Finance.
A trader who borrows 10,000 DAI can trade them for 10,101 USDC on Curve Finance. They can then swap them back to DAI at 1:1 on Uniswap, repaying the 10,000 DAI loan and pocketing the 101 DAI difference. In reality, there will be fees involved, and arbitrage trading comes with the risk of price slippage. Therefore, traders usually trade at high values to offset the fees and seek out token pools with deep liquidity to reduce slippage risk.
A collateral swap enables DeFi users to switch the collateral they’ve used to take out a loan on a multi-collateral lending app. For example, suppose a trader has staked their ETH in Maker to create DAI.
They can take out a flash loan in DAI to the same value as they’ve borrowed from Maker. They can then use the flash loan to repay their Maker loan, withdraw their ETH, and trade it for BAT on a DEX. They use the BAT to collateralize the creation of more DAI on Maker, which in turn repays the flash loan.
Flash Loan: The DeFi Attacks
In February 2020, when flash loans were still very much a new concept for the DeFi markets, bZx hit the headlines after a so-called hacker managed to manipulate the markets to reap significant profits. In two separate attacks, the attacker managed to gain around $950,000 by using flash loans to exploit vulnerabilities in DeFi.
It’s still not known who executed these attacks. However, they must have been extremely well-versed in how DeFi protocols work because it was a sophisticated operation involving multiple applications. Effectively, the hacker precipitated a series of transactions that took advantage of the low liquidity in a WBTC/ETH pool on Uniswap. They were able to conduct parallel swaps and trades that forced a price pump, from which they could profit and repay their flash loan.
It’s worth pointing out that these incidents weren’t “hacks” in the traditional sense of the word. The attacker was simply exploiting vulnerabilities in the DeFi infrastructure without actually changing code or stealing funds.
The rapidly-expanding DeFi movement has been one of the revelations of crypto in 2020. Among the myriad of new terms and concepts that have emerged is the idea of flash loans. Given the popularity of flash loans, it seems likely that they’re here to stay. Even the February hacks weren’t sufficient to deter users. However, these incidents underscore the immaturity of the DeFi space and how much work still needs to be done to ensure that smart contracts and markets aren’t prone to exploitation and manipulation. In the wild west of DeFi, make sure you know the risks before putting your funds on the line.