Flash Loan Attacks And How To Prevent It
What is a Flash Loan Attack
Blockchain technology came breezing with a lot of possibilities. One of these is the Decentralised Finance (DeFi) space that allows you to easily perform some transactions compared to traditional financial institutions.
Obtaining a loan without collateral as a form of security from traditional finance institutions is stringent, and even if you were to have a good credit score in place, you may not be able to access huge amounts.
But in DeFi, loans without collateral are possible with no limits, and even credit score checks, thanks to the flash loan lending phenomenon.
Flash loans are unsecured loans that require the borrower of the loan to immediately repay the loan within seconds according to terms and conditions set out and enforced by smart contract codes.
This means you get to borrow whatever amount you want with no limits, provided you pay them back within the same transaction you initiated on the Blockchain. So much for the name “flash”.
How Does Flash Loan Work
Flash loans were first introduced in 2018 by Marble protocol and in 2020 brought to the Ethereum network by leading DeFi lending platform.
Aave flash loans have grown very popular across many DeFi protocols. Aave flash loans are an open-source and non-custodial protocol that enables you to earn interest on deposits and borrow assets.
For an amount that is gotten and paid back in a matter of seconds, plus interest too, is there any need for it? The opportunity lies mostly in
How Flash Loan Arbitrage Works
Arbitrage is a trading technique of making a quick profit from differences in the price of an asset in different markets. Crypto is a very volatile asset with its value changing sporadically.
Some exchanges may not be able to reflect the change in the value of a particular cryptocurrency quickly enough and such that can be utilized to make a profit by those who are fast enough.
This makes Arbitrage a common technique used when flash loans are applied for.
For example, if an asset is $40 on ABC Exchange and XYZ Exchange, that same asset is $50. One could decide to use a flash loan to buy from ABC Exchange, 100 units of the asset and sell them at XYZ Exchange.
Considering the value are the different exchanges that will be buying at $4000 and selling at $5000 giving a profit of $1000.
For a very flexible platform, utilizing flash loans on the blockchain is possible. How this works can be better explained in three stages.
In the first stage, you request and receive the loan while the network immediately gets on processing it. Now you have seconds to perform the second and third stages in quick succession.
The second stage involves using the temporary loan to do something, let’s say arbitraging and making profits.
Lastly, the third stage is paying back the loan from the profit you made before the transaction is concluded and you get to keep the profits.
One thing about the Ethereum blockchain is that transactions on the blockchain involve a lot of mini operations which must all be successful for the general transaction to be regarded as successful.
Anything other than that will mean an unsuccessful transaction and a complete reversal of the process.
So, if the loan is not paid back before the transaction request is concluded everything will be reversed and that means the loan was never given out.
Flash loan attacks
Flash loans can be very helpful when it comes to making a profit on the blockchain, but in the same way, the opportunity has also been exploited by hackers. DeFi degenerates to execute Pump and Dump (P&D) schemes and bail with a lot of money.
Through flash loans, hackers are also able to manipulate the price of a particular token by making use of vulnerable centralized oracles to repay the loan and then move away with their prize. Exchange is relying on a solo price oracle stands no chance against these attacks.
Recent flash loan attacks as of may 2021 saw tokens worth a value of $167 million drained from Binance protocol by hackers.
Preventing Flash Loan Attacks
DeFi technology is still at its early stages so it is no surprise that there are bugs and vulnerabilities in it. Over time these will continually be exposed and fixed but in the meantime, adequate defenses have to be put in place to curb flash loan attacks.
Because flash loans have recently exposed vulnerability on the DeFi network, there is no defined solution to prevent and remove them. However, there are different ways to keep them at a minimum.
One way of curbing flash loan attacks is by having Decentralised oracles.
This is achievable by providing some sort of interconnection across exchanges to enable oracle to tap from multiple sources and provide more reliable data.
Interconnection across exchanges will also bring to board higher liquidity differences and volume which curbs bad for flash loan attacks.
The use of flash loan attack detection tools will help to detect unusual activities on the blockchain network.
Very frequent pricing updates to reflect the tiniest change in prices. Though this in practice will be expensive, the updates will be more accurate.
Using two blocks for each transaction will also work to stop flash loan attacks but it has a messy interface downside.
Flash loan attacks are one of the many vulnerabilities of the DeFi network.
There are so many others which until discovered we will never know they exist and as such cannot be fixed.
It will take a series of hacks, discovery, and prevention to bring the network to near perfection.