1/ What are Flash Loan?
1.1/ Lending in CeFi
The two most common types of loan in CeFi are secured loan and unsecured loan.
Secured Loan
This is a type of loan where the borrower must pledge a valuable asset as collateral for the loan. The collateral can be any asset that the borrower owns, such as a house, land, car, etc. These assets serve as a recovery mechanism for the lender in case the borrower cannot repay the loan. For example, you mortgage your house to a bank to borrow money for personal activities. If you cannot repay the loan by the due date, the lender will sell your house to recover the loan.
Unsecured Loan
This is a type of loan where the borrower does not need to pledge any assets to access the loan. Not everyone can access this type of loan; only individuals or large organizations with high creditworthiness can use this form. In the event that the borrower is unable to make payments, the lender cannot seize any of the borrower's assets to recover the loan.
For example, a bank lends an unsecured loan to a reputable organization in the region. If, after a period of time, this organization goes bankrupt and cannot repay the loan, the bank cannot claim any other assets of that organization.
1.2/ Lending in DeFi
The operating model of lending platforms in the DeFi market is quite similar to traditional markets, but there are some notable differences. Anyone can participate in these platforms without the need to prove income or credit score.
There are three main types: P2P, Over-Collateralized Lending, and Under-Collateralized Lending. However, most platforms operate on the Over-Collateralized Lending model, similar to secured loan in the CeFi market. In this model, the borrower can only borrow an amount less than the value of the collateral. This ensures that platforms avoid bad debts.
In the event that the borrower is unable to repay the loan or the value of the collateral falls below a certain threshold, the platform will sell the collateral at a discount to partially repay the loan. This process is called liquidation.
Flash Loan
Flash loan are unsecured loan that allow borrowers to access funds as long as the borrowed assets are returned to the lender at the end of the transaction.
*The nature of transactions on a blockchain. A transaction can consist of multiple sub-transactions within it. In the blockchain space, most ordinary users only execute one sub-transaction, such as transferring tokens or buying and selling.
2/ How do flash loan work?
Like many other concepts, flash loan are an exciting new financial primitive. They allow borrowers to draw from a pool of on-chain assets without the need for any collateral, provided that the initial borrowed amount and transaction fees are returned in the same transaction. If the initial borrowed amount is not returned at the end of the transaction, the loan, along with all subsequent actions, will not be executed, and the contract will be reverted. This mechanism opens up new opportunities and increases accessibility to capital in various scenarios.
Example: A user borrows 100 USDC on Aave, then swaps 100 USDC for 10 ETH, then swaps 10 ETH for 110 DAI on Uniswap, swaps 110 DAI back to 125 USDC on Curve, and then repays the 100 USDC to Aave plus transaction fees. In the end, the borrower makes a profit of 25 USDC. This is one of the use cases of Flash Loan.
3/ Applications of Flash Loan Flash loan were created with various purposes to address the shortcomings still existing in DeFi and CeFi mechanisms. At the time of its launch, flash loan emerged as a powerful feature in the DeFi market. Here are the most common use cases:
-
Arbitrage: Arbitrage traders often use flash loan the most as it allows them to profit from price differences between different DEXs.
- Example: ETH on Uniswap is priced at $3000, but on SushiSwap, it's priced at $3010. At this point, traders can take advantage of this price difference to profit as follows: The trader flash loan 10 ETH at a price of $30000 on Uniswap and sells it on SushiSwap for $30100, then repays the 10 ETH on Uniswap, and finally, the trader earns a profit of $100.
-
Collateral Swaps: DeFi users can take advantage of swapping collateral in lending platforms.
- Example: A user is borrowing USDC on Aave and using ETH as collateral, but then the user wants to use WBTC as collateral and withdraw ETH. First, they will borrow the amount of USDC they borrowed previously, repay the USDC to the loan on Aave to get ETH back, swap ETH for WBTC, and then collateralize it back on Aave to borrow USDC again.
4/ Flash loan and price oracle attacks
Although there are useful use cases, flash loan are also a tool for carrying out a series of attacks, draining funds from platforms. After discovering a vulnerability, attackers will manipulate certain functions of a transaction to control the funds in the vault. Since flash loan do not require borrowers to provide collateral, attackers do not need to spend any assets for the attack but can still withdraw funds from the protocol.
Attacks have different methods depending on the vulnerabilities of the protocol, but most flash loan attacks target protocols that use price feeds from a single DEX. For this reason, attackers can easily manipulate the protocol, leading to losses. The price of an asset is easily volatile when witnessing a large sell-off, and relying on only one DEX is easily exploitable.
Here's how an attacker exploits a platform that supports flash loan but only uses a single DEX price feed:
-
Step 1: The attacker borrows a large amount of token A.
-
Step 2: The attacker swaps token A for token B, causing the price of token B to increase and the price of token A to decrease.
-
Step 3: The attacker deposits token B as collateral on another platform that also uses the same single DEX price feed to borrow token A. At this point, a large amount of token A has been borrowed compared to the initial amount.
-
Step 4: The attacker repays the amount of token A to the original platform, and the attacker keeps the profit from the price difference.
-
Step 5: When the price of token A and token B returns to normal, the platform will suffer losses.
5/ Notable Attacks
According to Certik's data in 2023, the lending platform Euler Finance on Ethereum was attacked using flash loan, resulting in a loss of $200 million, including USDC, WBTC, stETH, and DAI. The good news for Euler is that the attacker returned the funds.
Another unfortunate case was Platypus Finance on Avalanche, which was drained of $8 million by an attacker but did not have a happy ending like Euler Finance. These are two of many projects attacked using flash loan, indicating that flash loan can be seen as a 'double-edged sword' for platforms if not thoroughly vetted.
This is one of the most common types of flash loan attacks in the early stages of the DeFi era. Currently, projects have enhanced their price feeds to prevent manipulation. iLoop is one of the platforms that uses its own oracle price feed, independent of DEXs. This means that even if the price of an asset fluctuates significantly, positions are not affected.
For example, if you deposit 1 jitoSOL into iLoop and borrow 0.93 SOL, but the price of jitoSOL is heavily influenced by a large sell-off from Raydium, causing 1 jitoSOL to equal 0.6 SOL, iLoop's positions will not be affected by the price on the DEX, so the loan remain safe.
About iLoop
iLoop is a next-generation Lending & Borrowing platform focused on the Liquid Staking market within the Solana ecosystem, providing solutions to optimize the holdings of LST stakers directly on a single platform.
Join us on this exciting journey with iLoop. iLoop is committed to continuously improving and developing our services to deliver the best experiences for the community in the Liquid Staking fields on Solana.