The open-source bank Marble first introduced Flash Lending in 2018. Marble designed this innovative financial instrument to allow its users to profit from inefficiencies in the price of ERC-20 all over the Ethereum network. Then, Aave democratized the concept of Flash Loans in January 2020 by bringing them to its lending platform. Six months later, Aave was issuing more than $100 million worth of Flash Loans per day. By June 2021, Aave had processed more than $4 billion of Flash Loans.

The concept behind Flash Loans

Fundamentally, Flash Loans are uncollateralized loans instantly executed by a smart contract if some conditions are met. These financial instruments allow users to complete short-term transactions like arbitrage in the span of a single blockchain transaction. But, the loan is only executed if the transaction is profitable. To run Flash Loans, you need to build a smart contract that requests loans. In this contract, you’ll enter the conditions of your transactions. Then, the contract will only execute the loans if the conditions you entered would result in a profitable trade that can be performed in a single block, so 13 seconds on the Ethereum network.

A quick example of a Flash Loan transaction

Let’s take an example: you’re an advanced trader, and you see an arbitrage opportunity. The price of 1 ETH is $4,000 on UniSwap and $4,004 on SushiSwap.

You write a contract that says, “I want to buy 1,000 ETH at $4,000 on UniSwap and sell 1,000 ETH at $4,004 on SushiSwap”. Then you feed the contract into the Aave protocol. Since the transaction is profitable, Aave will instantly buy on UniSwap and sell on SushiSwap without using your funds or asking for collateral.

Here, you’ll take a $4,000,000 loan, buy 1,000 ETH, then sell 1,000 ETH and receive the proceeds of $4,004,000. With this arbitrage operation, you would make around $4,000 in less than 13 seconds. A 1% price difference can look small, but when you engage hundreds of thousands of dollars, profits can be substantial, and the only cost for a borrower on Aave is a 0.09% fee on the loan.

This is the concept behind Flash Loans, uncollateralized loans executing themselves instantly as long as the borrowers pay back the loan in a single transaction. Such an operation is absolutely impossible in the realm of traditional finance, which makes Flash Loans a true innovation, whereas traditional crypto loans are only loans labeled in crypto assets.

Flash Loan use cases

There are several use cases for Flash Loans:

  • Arbitrage. Taking advantage of price discrepancies like we saw above. Buying an asset on an exchange and instantly selling it for a higher price elsewhere.
  • Collateral swap. You can write in your smart contract that you want to instantly change the collateral locked on a lending protocol, as in the chart below provided by Aave.
  • Reduced transaction fees. Flash Loans are basically several transactions packed up into one. Reducing the number of transactions also lowers fees, which can be really useful in the current state of the Ethereum network.
Example of the use of a flash loan to change from one collateral to another on MarkerDAO
Example of a collateral swap using a Flash Loan

Unfortunately, Flash Loans are also used for less savory activities, like exploiting weaknesses in decentralized protocols.

Flash Loans, the favorite tool of crypto hackers

Since a flash loan has no capital requirements, the borrower can access millions of dollars of crypto assets with no collateral. The fund can, in turn, be used to flood the market and manipulate prices upward to make a profit or downward to buy cheap tokens. Those nefarious strategies have been used with success since Aave democratized flash loans in 2020.

To date, the most significant flash loan attack was the Cream Finance hack in late October 2021. During this exploit, the attackers left with more than $130 million of tokens; it was the third time in 9 months that Cream suffered this type of attack. Here are a couple of the biggest successful flash loans attacks:

  • Cream Finance – October 2021. The attackers stole $130 million by manipulating 68 ERC-20 through a dozen of flash loans.
  • PancakeBunny – May 2021. The attackers used a bug in the price calculations for the BUNNY token and $45 million ???
  • Alpha Finance – February 2021. The attacker exploited a rounding error in the protocols of smart contracts through flash loans to steal $37 million.

The decentralized finance ecosystem is thriving with innovations. However, the sector is still new, and developers are still experimenting with the wonderful possibilities brought by DeFi. Like all experiments, there’s an error margin that can lead to some risks, like the exploits above.