Decentralized finance (DeFi) has made waves across the community beginning in 2020 and extending into 2021. It really is a great ecosystem because it offers everything centralized finance offers, but in a decentralized manner.
This means that anyone can utilize it without restrictions from a central organization.
However, it does have a few problems. One of the major problems is something called a flash loan attack. In fact, flash loan attacks are so devastating to decentralized exchanges, the most popular part about DeFi, that they have the potential to completely destroy the DeFi movement.
Anyway, this article will cover everything you need to know about flash loan attacks and why they can be so devastating to DeFi. We will also cover two of the biggest flash loan attacks in DeFi history.
What Are Flash Loans?
Flash loans are a simple concept to understand and a very fitting feature of DeFi. Basically, a flash loan is a loan that occurs entirely on a single block transaction.
What does this mean?
It allows anyone to borrow a large amount of cryptocurrency without any collateral. Remember, the entire transaction occurs on a single block transaction, which makes it possible to receive the funds and repay them pretty much instantaneously.
Now, flash loans are typically utilized by arbitrageurs to make even more profit. An arbitrageur will borrow money from a flash loan, use that flash loan for their arbitrage, and repay the loan plus interest all on a single block.
If any part of that process fails, then the loan is cancelled and the loaned funds are returned to the pool.
Anyway, this is extremely fair because it gives average people the ability to access millions of dollars worth of cryptocurrency. In other words, people can become whales that move markets by buying or selling cryptocurrency.
Unfortunately, this has resulted in the emergence of flash loan attacks targeting decentralized exchanges.
How Flash Loan Attacks Occur
The full inner workings of how a flash loan attack works is far beyond the scope of this article, but the basics are simple to understand.
To first understand flash loan attacks, you must understand how decentralized exchanges price their cryptocurrency. They typically rely on a pool of cryptocurrency pairs. The two cryptocurrencies are pegged to each other in price, which does work out great.
However, it does open up the exchanges for flash loan attacks.
Flash loan attacks are actually pretty simple to conduct. Here are the basic steps taken for the first flash loan attack:
- Take out a flash loan for enough capital to sway a stablecoin/Ether market that a flash loan provider relies on for pricing information.
- Purchase a large amount of stablecoin above the market rate with a flash loan.
- This drives up the price of the stablecoin.
- Take out another flash loan (Flash loan #2) at the artificially inflated value of the stablecoin (ie. $2 for a $1 stablecoin).
- Repay flash loan #2, borrowed at $2/stablecoin, with stablecoin you purchased for less than $2.
- The remaining stablecoin after loans are repaid is straight profit.
Ok, we admit that the actual process of setting up a flash loan and ensuring it’s profitable are complicated, but the actual mechanics of it are very simple to gr asp. For instance, it’s much more simple than hacking a smart contract.
The seeming simplicity of a flash loan attack almost begs the question, how common are flash loan attacks?
Are Flash Loan Attacks Common?
To answer the question, no. Flash loan attacks are not that common. There have been two successful flash loan attacks.
This should not surprise you. The flash loan attack we laid out only occured because a flash loan provider relied on a single source to price its stablecoin. A creative person with some technical skill figured out that they could inflate the price of a stablecoin, take out a loan at the inflated price, and then repay the loan with uninflated stablecoin.
Fortunately, this type of attack only works once because flash loan providers realized they needed to get pricing information from more than one source.
On the other hand, people will figure out a way to launch an attack with hundreds of thousands of dollars on the line.
All things considered, flash loan attacks are not nearly as common as people like to think. The market conditions must be perfect and some sort of error must be open for exploitation.
How to Prevent Flash Loan Attacks
In the example we cited, the simple solution is to pull pricing data from multiple sources. The problem is that this can still be exploited by attacking multiple sources with flash loans, though.
A simpler solution, though not always an option, is for decentralized exchanges to require a transaction take longer than a single block transaction. That solution would eliminate flash loan attacks from occurring because the loan cannot be rapid on the next block on the blockchain.
It’s actually a little surprising that decentralized exchanges have not utilized that solution, but it is technically difficult and would interrupt the natural flow of the exchange.
Will Flash Loan Attacks Kill DeFi?
No, flash loan attacks will most likely not kill DeFi. The better question is, will flash loan attacks hamper DeFi’s growth?
Again, the answer is probably not. DeFi is not one centralized group. Instead, it’s a patchwork of different protocols offering different financial services.
The one that will be impacted the most from flash loan attacks is the flash loan part of DeFi. Especially if attacks focus on stealing money from the loan provider.
Anyway, we find it extremely unlikely that flash loan attacks will destroy DeFi. DeFi protocols will get burned, but they will recollect and figure out how to prevent future exploits.
Remember, DeFi is a very new technology. There will be roadbumps in the process of full adoption – it’s nothing to worry about.
That’s about it for the chances of flash loans killing DeFi. It’s possible that a massive flash loan attack could bring DeFi down for a short amount of time.
But people will come back because DeFi offers a much better solution to the friction found in centralized finance.