The dream of every borrower is to get loans without collateral and Flash loans in DeFi allow you to fulfill that dream. If you’ve been denied a loan application for lack of security, you’ll understand the accompanying frustrations. Some of the traditional financial institutions can be hardcore when it comes to loans. But who needs the headache when you can leverage the power of DeFi to hit the ground running.
The emerging DeFi sector eliminates the hassles of traditional banking. With this new entrant called “flash loans,” enthusiasts of digital finance are constantly making quick profits every day. But what exactly is a flash loan?
Flash loan is a system that allows users to lend and borrow cryptocurrencies on a small amount of interest. One main feature of Flash Loan is that you can get it without collateral. You don’t need to drop your car as security for the loan in case you fail to pay. Another feature of a flash loan is that it operates on an open-source protocol.
This kind of protocol has no third party in control of user funds or control the policy with which it runs. The best part of flash loans is that everyone can easily access it. And you can transact with strangers in different parts of the world. Also, you are not bound to disclose your personal information, which may expose you to online hackers.
Flash Loan is one of DeFi’s lending platforms. So, it is impossible to talk about flash loans without explaining some details about DeFi.
What is Decentralized Finance (DeFi)?
DeFi stands for Decentralized Finance. It is a set of financial applications that are built on cryptocurrency or blockchain networks. It specifically refers to a switch from our normal traditional or conventional financial system that has centralized control. DeFi is an open-source permission-less and transparent financial service ecosystem that is available to everyone. It operates without any central authority or control.
All users of DeFi maintain full control over their assets and interact with the ecosystem through peer-to-peer DApps.
It is important to mention here that DeFi is one area that has attracted a lot of investors in recent times. The total value of capital locked in DeFi protocols has increased tremendously. It’s up to 271% in less than two months to surpass $7 billion for the first time, according to DeFi Pulse. If the current rate of growth continues, DeFi will be worth more than $27 billion by the end of 2020. If you want to know more about Decentralized Finance then you can navigate to our extensive guide.
Role of Smart Contracts in Flash loans
A smart contract is a computer application that runs on blockchain as a self-operating computer program. It automatically executes when specific conditions are met. Smart contracts run on blockchain exactly as they are programmed, without any possibility of censorship, downtime, fraud, or third-party interference. This is why we consider Smart Contract as an application that swiftly facilitates the exchange of money, property, or anything of value.
Flash loans are all about RUP (Receive Use and Pay) according to some definite rules. The rules of smart contract hold it that the process of receiving, use, and payback must complete in the same transaction. If the transaction fails to complete demand by the system programmed set-off, security measures are activated. The security measure is that the network will automatically turn down the transaction.
By this, the funds return to the lender. This is a very clear reason why collateral is not actually important in flash loans. So, we can say that the system is programmed in such a way that lenders’ funds are secure.
Difference between Regular and Flash Loans
The regular loan comes in two flavors. It can come as an unsecured loan or secured loan.
Regular Loans – Unsecured
Speaking of unsecured loans, the money you borrow from an individual or a financial institution is the reference point. You can refer to this kind of loan as an unsecured loan because there is no collateral to act as security. If there is no collateral then the lender cannot replace it with the amount borrowed in case of your inability to pay back.
Is it possible to get such a loan? Yes, it is, but the process is not simple. The lender of such a loan will make you expose your past financial records and business operation. Furthermore, the full detail of what you want to use the money for will be requested. You may also be made to give a post-dated check. In any case, there are some bottlenecks in getting an unsecured loan.
Regular Loans – Secured
A Secured Loan is a loan where a lender asks you to provide a property or properties that are equal to or above the value of the loan. One of the major reasons for this is that when you default on your promise to pay, the institution takes the collateral automatically. This measure enables the lender to recover the borrowed fund. Imagine that you ask for a loan of $20,000 and give a piece of land that you bought for $25,000 as collateral.
The land will be taken in place of the loan if you are not able to pay back as at when due. Usually, the agreement between both parties contains term and conditions. So, in a secured loan, the lender may subject the borrower to the following:
- Compare the borrower to show proof of credible business experience
- Blueprint of how the money is expected to be spent
- Detail explanation of what the loan is to be used for
- Submission of business plan
- Provision of credit history
- Submission of some detail personal information
- Cash flow
How flash loans DeFi work?
A cryptocurrency platform is a place where a user can make a quick purchase of a particular currency and sell it at a higher price. So, a user can generate a quick profit sharply by borrowing funds and using the fund to buy and sell.
He buys low on one market and sells high in another market; pay the borrowed loan back and keep the profit. When this kind of borrowing and repayment happens on the same transaction, then the act of flash loan comes into play.
One major thing about the flash loan is the fact that it is uncollateralized. The owner of the fund does not require collateral or security? No, that is not the case. The system on which flash loan runs has taken care of fund security. So, no extra collateral is needed. So, whoever that seeks flash loans and whoever that gives focuses on RUP (Receive Use and Pay).
Get a lender to give you a loan, use the loan to do whatever you want to do with it, and pay it back. All of these must happen in a flash (quickly) in the same transaction and must follow a laid down particular protocol. Smart Contract controls the protocol that runs Flash loans.
Importance of flash loans
The reason for the flash loan is to generate profit. So, the idea is to load up the funds into a smart contract or chain of contracts for the purpose of generating profits. The process of borrowing and repayment must complete in the same transaction. The bone of contention here refers to the technical know-how of identifying actions to expect results.
Tapping into DeFi protocols is one of the main ways you can spin your loan around to make good money. Arbitrage is one of the applications you can use to forecast and take advantage of price disparities across different trading venues.
Arbitrage is the purchase and sale of an asset in order to profit from a difference in the asset’s price between markets. It is a trade that profits by exploiting the price differences of identical or similar financial instruments in different markets or in different forms. Arbitrage exists as a result of market inefficiencies and would, therefore, not exist if all markets were perfectly efficient.
Arbitrage is a type of trade in which security, currency, or commodity is nearly simultaneously bought and sold in different markets.
The purpose of arbitrage is to take advantage of the difference in prices available for the same financial instrument offering on different exchanges.
Arbitrage occurs when a security is purchased in one market and simultaneously sold in another market at a higher price, thus considered to be risk-free profit for the trader. Arbitrage provides a mechanism to ensure prices do not deviate substantially from fair value for long periods of time.
With advancements in technology, it has become extremely difficult to profit from pricing errors in the market. Many traders have computerized trading systems set to monitor fluctuations in similar financial instruments. Any inefficient pricing setups are usually acted upon quickly, and the opportunity is often eliminated in a matter of seconds.
So, you would need to find a way to game price differences to make the activity profitable. Your chance of making is slim if you are faced with a situation where compete against thousands of other users trying to do the same.
Flash loan attack
From a technical viewpoint, the web is a highly programmable environment. It allows mass system customization through the deployment of a large and diverse range of applications to millions of global users.
Cryptocurrency or blockchain upon which Flash Loan runs is a web application where the capture, processing, storage, and transmission of sensitive user data is allowed. Serious weaknesses or vulnerabilities allow criminals to gain direct authorized access to databases in order to manipulate sensitive data for selfish reasons. This is what is called an application attack. Databases containing financial information is frequently the target of attacks hackers. The attackers of Defi flash loan devised or created a loophole by which they launch their attacks.
The first attack
The first thing the attackers did was to take out a 10,000-ETH loan on the DeFi lending platform dYdX. They then split the loan between bZx and another lending platform known as Compound. The ETH sent to Compound collateralizes another loan for 112 wrapped Bitcoin (WBTC). Meanwhile, the 1,300 ETH assigned to bZx shrinks ETH in favor of WBTC.
Harnessing the low liquidity of a decentralized exchange known as Uniswap, which shares price data with bZx via the DeFi network Kyber, the attacker managed to pump the price of WBTC on Uniswap through the WBTC short placed on bZx.
The antagonist then dumped the WBTC borrowed from Compound on Uniswap, taking advantage of the inflated market rate. With profits in hand, the attacker paid back the original loan from dYdX in full and pocketed a cool profit of 1,193 ETH, leaving bZx with an undercollateralized loan.
But here’s the kicker: Everything detailed above was executed in a single transaction — accomplished through a DeFi product known as a “flash loan.”
Zhuoxun Yin, head of operations at dYdX, told Cointelegraph that the attackers succeeded because flash loans allow traders to take out a loan without any backing — i.e., they remove the need for collateral. They’re able to do this because the loan is paid back immediately. Arbitrageurs use flash loans in conjunction with smart contracts. which they code to carry out calculated arbitrage trades: the simultaneous buying and selling of assets in different markets.
Executed atomically, flash loans are marketed as “risk-free” as the Ethereum network rectifies any failure to pay back the loan by reverting the original transaction. As a result of their atomic nature, no party was able to intercept the flash loan attack. While it was happening in the exchange where the flash loan was borrowed.
The second attack
Four days later, on Feb. 18, bZx fell victim to yet another attack, forcing yet another protocol suspension. Similar to the first, flash loans facilitate a pump and dump on Uniswap — this time resulting in the attacker netting 2,378 ETH.
This time around, the attacker took out a flash loan of 7,500 ETH on bZx. Trading 3,517 ETH for 940,000 Synthetix USD (sUSD) — a stable coin pegged one-to-one with the United States dollar. Next, the attacker used 900 ETH to purchase another round of sUSD on Kyber and Uniswap, pumping the price of sUSD on to over 2.5 times the market rate.
Then, using the now-inflated sUSD borrowed from Synthetix as collateral. The attacker took out a loan of 6,796 ETH on bZx. Using the freshly borrowed ETH and the ETH left over from the original loan, the attacker paid back the 7,500 ETH flash loan. And once again skimmed a profit, this time to the tune of 2,378 ETH.
This left bZx with yet another under-collateralized loan. Luckily this money was covered by the insurance fund.
Are Flash loans risky?
It is ok to ask if a flash loan is safe, owing to the smart activities of the attackers. The acts of the attacker coming into the system without investing their money and cater to some cash calls for concern. They invade the system and instantaneously borrow hundreds of thousands of dollars of ETH.
Threaded it through a chain of vulnerable on-chain protocols, extracted hundreds of thousands of dollars in stolen assets. And then paid back their massive ETH loans in an instance without a trace of who they are and where they are from. This sent a very bad signal to the general public about the seen flash loans as a very big risk.
Shortly after the first attack, investors were jumping from the bZx ship. However, things seemed to get back to normal after the firm released a statement acknowledging the issue and addressing the way forward.
As for the future of DeFi security, the DeFi experts agree that this is new territory. Hence mistakes can occur. Speaking to CoinDesk, Staked CEO asserted: “These are big risks. It’s a new category, it’s moving fast, and some things are going to break.”
The bZx team focuses on securing the network and deterring future attacks. The firm already implements a check that will disallow even overcollateralized loans in the future. It has already put a cap on maximum trade sizes so as to limit the scope of potential attacks. It will also be implementing a Chainlink oracle to supplement Kyber’s price feed to be able to get correct price info at any given time.
If you can lend to strangers and pocket profits in a flash, isn’t that great? That’s one of the reasons for the increasing popularity of DeFi. And its “flash loans.” From the look of things, a flash loan is one thing that has come to stay because of its simplicity and liberality.
Flash loan is not where the problem of possible risk lies. It is rather the vulnerability of the entire system. So, the focus is not drifting towards grounding flash loans but upgrading the system security.