Flash loans are a DeFi feature that limits a trader’s risk, while improving the possible upside of their trades. They allow traders to take out uncollateralised loans to increase the payout of a singular trade. You can borrow cash without surrendering your collateral., mostly because flash loans are paid back right away, in the same transaction in which they are taken out.
Q3 2020 hedge fund letters, conferences and more
How Flash Loans Work
Here’s how it works. Clever arbitrageurs, for example, borrow money and pay it back immediately, taking advantage of incredibly short term price fluctuations in the process. These arbitrageurs take out loans on underpriced markets, and then profit quickly by selling high on another market, repaying the loan, and pocketing the profit. This can be done within a single on-chain transaction through decentralised exchanges. Arbitrageurs might code the steps into a single smart contract.
Flash loans are nearly risk-free for borrowers, because the Ethereum network settles the transactions through an atomic swap, which is a smart contract technology that enables the exchange of one cryptocurrency for another without centralised intermediaries, so either all of the steps within a transaction execute or none of them do. A trader who cannot pay back his loans with his trade loses nothing, because the transaction never occurred.
The transactions--that is the loan and the trade--transpire simultaneously on the network. If the network sees that a flash loan cannot instantly be repaid, it will refuse every transaction associated with it, in effect canceling the entire transaction. If the loans do go through, everything is executed simultaneously. Theoretically, the lender earns a small fee, and the make a profit.
5 different exploits of various yield farming products have led to many millions of dollars drained from liquidity pools - Harvest and Pickle, for example. In the Harvest example, $24 million worth of stablecoins, approximately, were siphoned from project’s pools in late October, according to CoinGecko. An attacker reportedly used a flash loan, a technique that allows a trader to take on massive leverage but no downside, therefore manipulating DeFi prices for profit. The platform’s native token, FARM fell by 65% in only one hour. The project’s total value locked (TVL) fell quickly, as well, dropping from over $1 billion before the exploit to $430 million as of press time.
The Pickle Finance Exploit
On the heels of Akropolist ($20 million), Value DeFi ($7.4 million), and Origin Protocol ($7.7 million) exploits proceeding it, attackers exploited on November 21 the DeFi project “Pickle Finance” for $19.7 million. The Pickle Finance exploit left analysts perplexed. They didn’t know how the attacker had compromised the protocol. Whilst some speculate it had been another flash-loan attack, others say that the exploit was more complex than the typical flash-loan attack.
Eventually, the Pickle Finance team announced it took four hours to figure the complex exploit out, recommending that its liquidity providers withdraw their funds from any Pickle Finance pool until the issue is solved. The team later announced the attack vector had been patched and providing liquidity in any Pickle Finance pool, except its DAI pool, was safe again.
There's also the curious tale of TEND, which is trading related. It's seemingly pushing millions of dollars in volume, when in reality, a daily 2000 ETH flash loan allows an attacker to drive up the price and immediately sell. and settle the loan. Is this to keep TEND in the top 20 by volume on Uniswap?
The bZx Hack
bZx was one of the first demonstrations of how a flash loan works. For instance, a hacker drained bZx’s lending platform Fulcrum of about $350,000 by taking advantage of pricing data and a bug in the part of bZx’s protocol used to secure the payout. bZx quickly updated its GitHub code repository to arguably lock down endangered funds.
The firm worked to contain the damage by liquidating collateral to pay uncovered loans, building an insurance fund and spreading losses across platform users. Although trading resumed briefly thereafter, the hacks kept coming. After the first hack, attackers hit bZx again for $633,000.
Instead of buying low and selling high, the bzX attacker used the borrowed funds to manipulate vulnerable markets. In the first attack, the attacker pumped and then dumped WBTC on Uniswap (“wrapped bitcoin,” which is an ethereum token backed by Bitcoin), the Ethereum-based decentralised exchange. The attacker then took profits in Ether, repaid the flash loan, and then failed to pay back bzX on another loan related to the WBTC pumping.
The hacker had manipulated the Uniswap WBTC/ETH for profit by artificially manipulating the WBTC/ETH price up to 109.8, while the normal market price was at only around 38. This was made possible by a poorly designed price feed. A security wire should have been tripped so the price did not fluctuate so dramatically.
Poor price data made the second attack possible, too. The attacker borrowed 7,500 ether on bZx and then inflated the value of SUDF on Kyber by swapping ether for SUSD. By purchasing so much SUSD, the attacker causes the price to jump 2.5 times above the $1 market rate.
The attacker then exploited bZx’s dependency on Kyber for pricing data and put up the SUSD as collateral for 2,000 more Ether than the same amount of SUSD would have normally purchased on an open market. After having paid back the flash loan, the attacker did not pay back the under collateralised SUSD/ETH loan taken out on bZx. This resulted in 2,378 ETH profit and bzX holding buttons.
Before it occurred, the type of attack foisted upon bZx was outlined by white-hat hacker Samczsun in a September 2019 blog post. “By relying on an on-chain decentralized price oracle without validating the rates returned, DDEX and bZx were susceptible to atomic price manipulation,” he wrote. “This would have resulted in the loss of liquid ETH in the ETH/DAI market for DDEX, and loss of all liquid funds in bZx.”
On small exchanges like bZx, code (good or bad) which relies on poor pricing data exposes exchanges to new attacks, such as flash loans. The issue is essentially an oracle problem, with many DeFi exchanges relying on a few on-chain pricing APIs. What the flash loan debacles show us is that, just because your smart contract code has been audited, doesn’t mean it is immune to hacks.
CryptoShark
With a background in IT spanning Software Engineering, Business Analysis and Intelligence and Infrastructure Architecture, CryptoShark first found the Cryptocurrency space through mining Ethereum from a spare gaming computer and later developed the popular decentralized charting platform, ChartEx.
Working in the FinTech industry, it wasn’t long before he started applying his analytical skills, coupled with a software engineering background to build tools to analyse trading data from emerging exchanges. This led CryptoShark to build ChartEx, a leading provider of full candlestick charting and other widely used trading tools for markets in the largest exchanges in the industry.
Twitter: @CryptoShark
