Executive Summary: Flash loan attacks represent a sophisticated and rapidly evolving threat vector in decentralized finance (DeFi), leveraging uncollateralized, instantaneous loans to manipulate market conditions, exploit pricing oracles, and extract value from vulnerable protocols. This article dissects the mechanics of flash loan attacks, their integration with oracle manipulation and protocol-level flaws, and provides actionable security recommendations for DeFi developers and users. With over $3.5 billion lost to flash loan attacks since 2020, understanding these mechanisms is critical for maintaining the integrity of the DeFi ecosystem.
A flash loan is a smart contract-enabled unsecured loan that must be borrowed and repaid within a single blockchain transaction. This atomicity ensures lenders are not exposed to default risk. The transaction fails entirely if repayment is not made—preventing losses to the lender. This mechanism was popularized by Aave and dYdX in 2020 and has since become a standard tool in DeFi arbitrage, refinancing, and, unfortunately, exploitation.
The lifecycle of a flash loan attack consists of four phases:
Oracle manipulation remains the dominant vector due to the reliance of DeFi protocols on external price feeds. Attackers exploit time-weighted average price (TWAP) mechanisms or off-chain oracle updates with delays to create temporary price disparities.
Example: In the BadgerDAO exploit (2021), attackers used a flash loan to borrow WBTC, manipulated the price via a manipulated Sushiswap TWAP, then withdrew funds from BadgerDAO’s vault at inflated prices. The attack netted $120 million.
Mechanics:
Some flash loan attacks exploit reentrancy vulnerabilities in protocols that do not follow the checks-effects-interactions pattern. During the repayment phase, a malicious contract makes recursive calls back into the lender’s contract before state updates are finalized.
Example: The Harvest Finance hack (2020) used a flash loan to manipulate Curve Finance’s price oracle, enabling the attacker to withdraw more assets from Harvest’s vault than they deposited.
Vulnerable patterns include:
call() or delegatecall() without reentrancy guards.Flash loans can temporarily increase an attacker’s voting power in decentralized autonomous organizations (DAOs). By borrowing governance tokens (e.g., COMP, AAVE) just before a vote, an attacker can pass a malicious proposal—such as changing fee structures, pausing contracts, or redirecting funds.
Example: A theoretical attack could involve borrowing 10,000 AAVE tokens to surpass the quorum threshold, voting to set a withdrawal fee to 100%, then withdrawing all deposited funds before returning the tokens.
This vector is mitigated by snapshot-based voting (e.g., Compound uses time-weighted snapshots), but not all DAOs have implemented such safeguards.
The attack exploited a vulnerability in the bZx protocol where a flash loan was used to manipulate the price of WBTC on Uniswap, which was then used as collateral in a synthetic asset (iBTC) on bZx. The attacker borrowed 10,000 ETH, used it to manipulate WBTC’s price down, then borrowed iBTC against the now-overvalued WBTC. The attack netted $350,000 and demonstrated the potency of flash loan attacks.
Attackers exploited a reentrancy vulnerability in Cream Finance’s Iron Bank, combined with a manipulated price oracle on Yearn Finance. Using a flash loan, they borrowed large amounts of yUSD, manipulated its price via Curve Finance, and drained $130 million from Cream’s lending pool.
ReentrancyGuard or equivalent to prevent recursive calls.