Two recent attacks on decentralized finance () platform bZx prompted a number of discussions about flash loans. But what are these and how are they useful to a hacker - or rather, an "exploiter"?
DeFi lending usually requires a collateral, and given the volatility of the market, most lenders will allow users to borrow up to 75% of the available collateral, such as . Upon the return of the borrowed amount, the lender is paid a fee. On the other hand, a new product was introduced this year by DeFi protocol Aave - a flash loan.
Simply said, a flash loan happens through a smart contract that allows borrowing funds without any collateral, but with paying the loan back within a single transaction, that is - a single block. So a flash loan allows a person to borrow funds for free as long as they repay the loan by the end of that same transaction. Everything happens really quickly. It's meant to limit a trader's risk, while allowing that trader to use the borrowed money to make more money trading, by taking the advantage of price differences between markets - a strategy called '.'
Arbitrage is its most common use case, while it can also be used for collateral swap, liquidation of loans, refinance, and more will probably be invented in this very new field.
The product provider gets paid a fee in return. However, if the funds are not returned to the pool in time, the transaction gets reversed.
bZx offered the product as well, and flash loans have been gaining traction in various forms, such as ArbitrageDAO, a DAO that offers arbitrage opportunities by leveraging flash loans, and the Collateral Swap, which allows swapping collateral with another asset in one transaction, using Aave's flash loans, MakerDAO's vaults, and Uniswap, a protocol for automated token exchange on Ethereum.
Crypto juggling
An attack on the system requires a few more steps to be executed, with the exploiter going through several different systems, smart contracts, lending platforms, DeFi protocols, etc.
This is obviously a major issue. A trader who is proficient enough to understand how things work, so to say, can relatively easily exploit weaknesses in any system (instead of reporting them) and use the contract in an unintended way. And this is exactly what happened to bZx - a trader who exploited a flawed smart contract.
