Flash Loans
Flash Loans are uncollateralized loans that must be borrowed and repaid within a single blockchain transaction. If the borrower fails to repay, the entire transaction reverts as if it never happened. This seemingly impossible mechanic—borrowing millions without collateral—is enabled by the atomic nature of blockchain transactions.
TL;DR
- Flash loans let you borrow unlimited funds with zero collateral, but you must repay within the same transaction
- If repayment fails, the entire transaction reverts—the lender faces zero risk of loss
- Primary use cases: arbitrage, collateral swaps, liquidations, and self-liquidation
- Flash loans are tools—they enable both legitimate strategies and attacks on vulnerable protocols
- Major providers: Aave, dYdX, Uniswap, Balancer (fees range from 0% to 0.09%)
- Attack vector: flash loans amplify existing protocol vulnerabilities, especially Oracle Manipulation
- Over $300M has been stolen using flash loan-assisted attacks since 2020
How It Works
Traditional loans require collateral because time exists between borrowing and repaying. The lender needs protection during that window. Flash loans eliminate this problem by compressing the entire loan lifecycle into a single atomic transaction.
sequenceDiagram
participant User
participant FlashLender
participant DeFi Protocol
User->>FlashLender: 1. Request 10,000 ETH
FlashLender->>User: 2. Transfer 10,000 ETH
User->>DeFi Protocol: 3. Execute strategy
DeFi Protocol->>User: 4. Return profits
User->>FlashLender: 5. Repay 10,000 ETH + fee
Note over FlashLender: 6. Verify repayment
alt Repayment successful
FlashLender->>User: Transaction succeeds
else Repayment failed
FlashLender-->>User: Transaction reverts entirely
endFigure 1: Flash loan execution flow. Steps 1-6 occur within a single transaction.
The key insight: Ethereum transactions are atomic. Either everything succeeds, or everything fails. The lender's funds are never at risk because if repayment doesn't happen, the loan never happened either.
The Code Pattern
Flash loan interactions follow a callback pattern:
- Your contract calls the lender's
flashLoan()function - The lender transfers tokens to your contract
- The lender calls a callback function on your contract (e.g.,
executeOperation()) - Your contract does whatever it needs with the borrowed funds
- Your contract approves repayment and returns control
- The lender pulls back principal + fee
- If the balance check fails, the entire transaction reverts
Legitimate Use Cases
| USE CASE | DESCRIPTION | EXAMPLE |
|---|---|---|
| Arbitrage | Exploit price differences across DEXs | Borrow 1M USDC, buy cheap ETH on DEX A, sell on DEX B for profit |
| Collateral Swap | Change collateral type without closing position | Flash borrow to repay Aave debt, withdraw ETH collateral, deposit WBTC, reborrow, repay flash loan |
| Self-Liquidation | Close underwater position cheaper than liquidation penalty | Borrow to repay your own debt before liquidators take their 5-15% cut |
| Liquidations | Liquidate others without capital | Borrow funds to repay someone's debt, receive their collateral at discount |
| One-Transaction Leverage | Build leveraged position atomically | Flash borrow, deposit, borrow against it, deposit again, repeat, repay flash loan |
Flash Loan Providers
| PROVIDER | FEE | MAX AMOUNT | NOTES |
|---|---|---|---|
| Aave V3 | 0.05% | Pool liquidity | Most popular, supports many assets |
| Uniswap V2 | 0.3% | Pool liquidity | Called "flash swaps"—can return different token |
| Uniswap V3 | 0.05-1% | Pool liquidity | Fee varies by pool tier |
| Balancer | 0% | Pool liquidity | Free flash loans to attract volume |
| dYdX | 0% | Pool liquidity | Technically a "flash mint" pattern |
| MakerDAO | 0% | Unlimited DAI | Flash mint—creates new DAI temporarily |
Flash Loan Attacks
Flash loans don't create vulnerabilities—they amplify existing ones. A protocol bug that requires $10M to exploit becomes exploitable by anyone with a flash loan.
Common Attack Patterns
| ATTACK TYPE | MECHANISM | NOTABLE EXAMPLES |
|---|---|---|
| Oracle Manipulation | Skew on-chain price oracle, exploit protocol using bad price | bZx ($350K, 2020), Harvest Finance ($34M, 2020) |
| Governance Attacks | Borrow governance tokens, vote, return tokens | Beanstalk ($182M, 2022) |
| Reentrancy Amplification | Use borrowed funds to amplify reentrancy attack | Fei Protocol ($80M, 2022) |
| Price Impact Exploitation | Manipulate thin liquidity pools | Numerous small protocols |
Anatomy of an Attack
The Beanstalk Governance Attack (April 2022) illustrates the pattern:
- Attacker flash borrows $1B in stablecoins and ETH
- Swaps into BEAN governance tokens
- Deposits tokens to gain 67% voting power
- Proposes and executes malicious governance proposal (in same transaction)
- Drains $182M from protocol treasury
- Repays flash loan, keeps profits
Total capital required: gas fees only (~$1M in bribes to block builders).
See the full Beanstalk Governance Attack deep dive for detailed analysis of the exploit mechanics and lessons for governance design.
Defending Against Flash Loan Attacks
If you're building a protocol:
| DEFENSE | MECHANISM |
|---|---|
| Use TWAP oracles | Time-averaged prices can't be manipulated in a single block |
| Add time delays to governance | Require votes to persist across multiple blocks |
Check tx.origin == msg.sender |
Blocks contract interactions (but also blocks legitimate composability) |
| Implement borrowing caps | Limit maximum flash loan size |
| Use multiple oracle sources | Require consensus across Chainlink, Uniswap TWAP, etc. |
If you're a user:
- Protocols that rely on spot prices for critical operations are vulnerable
- Governance systems without time delays are attackable
- "Audited" doesn't mean "flash loan safe"—many audited protocols have been exploited
Flash Loans vs. Flash Swaps
| FLASH LOAN | FLASH SWAP | |
|---|---|---|
| Provider | Aave, dYdX, Balancer | Uniswap, Sushiswap |
| Repayment | Same token borrowed | Can return different token |
| Use case | General purpose | Arbitrage across token pairs |
| Gas | Single callback | Can be more efficient for swaps |
Flash swaps (Uniswap) let you receive Token A and repay with Token B, making single-transaction arbitrage simpler.
References
- Aave Flash Loans Documentation
- EIP-3156: Flash Loans
- Uniswap Flash Swaps
- Damn Vulnerable DeFi - Flash Loan Challenges
- Rekt News - Flash Loan Attack Database
- Beanstalk Post-Mortem
Changelog
| DATE | AUTHOR | NOTES |
|---|---|---|
| 2026-01-08 | Artificial. | Generated by robots. |
| 2026-01-08 | Denizen. | Reviewed, edited, and curated by humans. |