Image Source - Flash Loan
Before we look at flash loans, let us first remind ourselves how a normal loan works
=> If I own a house worth $1mn. I offer the house as collateral to the lender. The lender then lends to me $600k (assuming a loan-to-value ratio of 60%). I repay the loan along with interest over a period of time as agreed in the terms of the loan agreement.
How is a flash loan different?
=> In case of a flash loan, I can borrow without posting any collateral.
Why would anyone lend me any money without collateral? I could easily run away with the money.
=> In case of a flash loan, there is no default risk for the lender. The lender gets back her money + fees before the transaction is completed. If the loan cannot be repaid then the transaction doesn’t happen at all.
Wait a minute! What is the point of taking a loan if I have to repay it the moment I borrow it?
=> You can use the funds to exploit any arbitrage opportunities across the DeFi ecosystem that you can find, without fronting any capital of your own.
But even arbitrage opportunities require a split second to execute. How do you invest in arbitrage opportunities before borrowing?
=> Smart contracts on Ethereum execute "atomically" (i.e. either all operations of the smart contract execute, or none do). All transactions, from taking a loan, investing the loan in an arbitrage opportunity, and repaying the loan are coded a single smart contract. Either the contract will get executed in full or not get executed at all. If it gets executed in full then you’ve exploited the arbitrage opportunity. If it doesn’t, then you haven’t lost anything.
Hmm - sounds like a win-win
Let us study in detail some USE CASES for Flash Loans
1. Arbitrage between Decentralised Exchanges (DEXs) - If for example, ETH is available cheaper on Uniswap vs dYdX, then using flash loans, one can arbitrage between the two without fronting any capital. How?
Step 1 - Take out a flash loan
Step 2 - Using the proceeds of the flash loan buy ETH on Uniswap for cheap
Step 3 - Sell the ETH you just bought on Uniswap on dYdX expensive
Step 4- Repay the flash loan
=> Final Outcome - Pocket the difference
2. Self Liquidation of Crypto Loans - When you borrow on a lending platform like Compound, you have to deposit collateral. The collateral value is higher than the borrowed amount. If the collateral value drops (which is very common given the volatility of cryptos), then the loan can be liquidated i.e. the borrower could lose the collateral + a penalty fee. Penalty fees vary from 3% to 15% depending on the platform. In such a situation, the best option for the borrower is to self liquidate. They would still lose the collateral but at least they avoid paying the penalty fee. How?
Step 1- Take out a flash loan
Step 2- Repay the debt
Step 3- Unlock the collateral
Step 4- Sell collateral
Step 5- Repay flash loan with proceeds from the sale of collateral
=> Final Outcome- Avoid paying the penalty
3. Swap Collateral of a Crypto Loan - If the deposited collateral (ETH) in a lending platform is volatile, you might want to swap it for a more stable cryptocurrency (USDT) using a flash loan. How?
Step 1 - Take out a flash loan
Step 2 - Buy USDT
Step 3 - Deposit USDT as collateral and unlock the original ETH collateral
Step 4 - Sell ETH
Step 5 - Repay flash loan with proceeds from the sale of ETH
=> Final Outcome - You've reduced the possibility of liquidation by replacing volatile collateral with stable collateral.
4. Wash Trading - The popularity of a cryptocurrency or DeFi platform is judged by the volume of trade that it attracts. Flash loans can be used to artificially inflate volumes. How?
Step 1 - Take out a flash loan
Step 2 - Execute lots of trades between wallets controlled by the same party to drive up volumes
Step 3 - Repay the flash loan
=> Final outcome - Volumes are artificially higher
The 2 attacks that made Flash Loans infamous:
Flash loans became infamous in February 2020 when 2 attacks using flash loans + market manipulation tactics drained ~US$1 million from the margin trading platform, bZx.
Attack 1 - (Final damage of US$350k)
* Step 1- The Attackers borrowed 10,000 ETH from dYdX.
* Step 2- They used 5,500 ETH as collateral to borrow 112 WBTC from the lending platform called Compound. (Note that this borrowing was overcollateralized).
* Step 3- Next they took 1,300 ETH. Leveraged it 5x. And shorted ETH on bZx.
* Step 4- bzX then shorted 5,637 ETH in return for 51 WBTC on a Decentralised Exchange (DEX) called Uniswap. This trade led to an over 200% slippage in the ETH/WBTC exchange rate on Uniswap. Before this trade, Uniswap had 2,818 ETH and 77 WBTC. It clearly did not have the depth/liquidity to execute this bZx short trade without impacting price. In plain English, ETH became dirt cheap on Uniswap.
* Step 5- The Attackers then used the 112 WBTC they had borrowed on Compound to buy the cheap ETH on Uniswap. They bought 6,871 ETH this way.
* Step 6 - They used the 6,871 ETH bought on Uniswap + the 3,200 (10,000-5500-1300) ETH leftover from the original loan to repay the original loan.
=> Final Outcome - The above steps left them with a profit of 71 ETH and an over-collateralized 112 WBTC loan on Compound. Over the next 2 days, the Attackers bought 112 WBTC from the market for 4,378 ETH. After repaying the loan, they got back the collateral of 5,500 ETH, making an additional profit of 1,122 ETH. bZx was left holding a short position of 5,637 ETH.
Attack 2- (Final damage of US$650k)
* Step 1 - The Attackers borrowed 7,500 ETH on bZx through a flash loan.
* Step 2 - They traded the 3,517 ETH for 940,000 sUSD (a stablecoin pegged to USD).
* Step 3 - They then used 900 ETH on Uniswap and Khyber to borrow sUSD. Due to low liquidity on these exchanges, these trades increased the price of sUSD 2.5x.
* Step 4- The Attackers then took out another loan (not a flash loan) on bZx. This time borrowing 6,796 ETH and giving as collateral (the now more expensive) sUSD they had bought earlier. bZx (at that time) got pricing data from Uniswap and Khyber.
* Step 5 - They used this borrowed ETH (6796) plus the ETH they had leftover from the earlier borrowing [3083 = (7500-3517-900)] to repay the original flash loan (7500) and pocketed the balance [2379 = (6796+3083-7500)].
=> Final Outcome - bZx was left with an undercollateralized 6,796 ETH loan when it became clear that the price of sUSD had been manipulated.
Was this a malicious attack?
There has been debate on whether these attacks were malicious or were they simply using flash loans for the purpose they were built for, i.e. "profiting from an arbitrage opportunity". After all, the opportunity was available to anyone who bothered to take the time to understand the code.
To my mind, these were clearly malicious as they manipulated market prices in illiquid exchanges. Using flash loans wasn't malicious. Manipulating prices was.
References:
Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit - Kaihua Qin, Liyi Zhou, Benjamin Livshits, Arthur Gervais
Are the BZx Flash Loan Attacks Signaling the End of DeFi? - Will Heasman
Flash Loans on Ethereum - Valentin Kalinov
What are DeFi Flash Loans? - Sara Joudrey