Flash Loans: How to cosplay as a whale in 2022
DeFi loans often require very high collateral because of the inherently high risk that surrounds cryptocurrency. Imagine walking into a bank to get a loan for a 2014 Toyota, but having to put your house up as collateral. Flash loans set out to change that by allowing users to borrow funds without putting up any collateral. Now, don’t book a vacation to Tijuana just yet because there’s a small catch. Flash loans use smart contracts, which are blockchain-enabled mechanisms that only transfer funds once certain conditions are met. The borrowed funds must be returned within the same transaction, or the transaction simply reverts.
That doesn’t make any sense. Why take a loan then?
Flash loans give you access to a very large amount capital for a very short time.
Depending on how you use those funds, you can make a lot of money.
For instance, you could borrow 10 DAI, use them to buy 20 ADA on one exchange. You could then visit another exchange and sell the 20 ADA for 15 DAI (capitalizing on the price differences between exchanges), and then return 10 DAI to the flash loan contract, pocketing the difference. Smart contracts allow you to chain such actions one after another.
What if my grand plan falls through due to a 3am Elon Musk tweet?
The transaction simply doesn’t go though, and the only thing you’ll probably lose are gas costs. This, combined with the fact that borrowers must put up zero upfront capital, make flash loans great assets for attackers.
Price Oracle Attacks
Price Oracles are websites that receive and display asset price data from external websites. While some price oracles are decentralized, many are still centralized, drawing their data from a single decentralized exchange.
If an attacker manages to manipulate the price of an asset on the Decentralized exchange, the price oracle will be fed inaccurate information, which the oracle will then in turn display to a protocol that relies on that oracle for asset data. Large fraudulent transactions could be made on that protocol using funds from flash loans. Of course, this is just one way flash loans could be used in attacks, and hackers are constantly trying to find new ways to exploit flash loans and centralized price oracles.
Notable protocols that have been hacked include bZX and Cheese Bank. The latter was performed with a 21,000 ETH loan from dYdX, which the hacker then swapped for CHEESE at Uniswap, before using the tokens to get LP tokens from Uniswap. These LP tokens combined with an artificial pump in the CHEESE price by swapping 20k ETH to 288k CHEESE, allowed the hacker to drain the USDC, USDT, DAI withheld by Cheese Bank with borrow() calls, making off with over $ 3 million.
Now that’s a lot of cheddar.
For a detailed look at how the hack was carried out check out PeckShield’s analysis
The wild adoption of flash loans and how they tie in to the DeFi environment means flash loans will probably stick around. That said, there’s still work to be done to make sure security stays a step ahead of the curve. Do your own research, and never YOLO your daughter’s college fund.
Disclaimer: This post is not financial advice
Find us at www.Pointnetwork.io
Join our Telegram at: https://t.me/pointnetworkchat