Flash Loan Attacks

Flash loans allow borrowing massive amounts of capital without collateral, as long as it's repaid in the same transaction. While a legitimate DeFi primitive, they're often used in attacks.

How Flash Loans Work

1. Borrow large amount (no collateral needed)

2. Execute operations with borrowed funds

3. Repay loan + fees in same transaction

4. If repayment fails, entire transaction reverts

Attack Patterns

Price Manipulation Attack

1. Flash loan 10M USDC
2. Buy large amount of TOKEN on DEX A
3. Price of TOKEN increases significantly
4. Use inflated price on protocol using oracle from DEX A
5. Profit from manipulated price
6. Sell TOKEN back
7. Repay flash loan

Collateral Manipulation

1. Flash loan ETH
2. Supply ETH as collateral in lending protocol
3. Manipulate oracle price
4. Borrow maximum amount against inflated collateral value
5. Withdraw some collateral
6. Repay flash loan, keep borrowed funds

Defense Strategies

1. Use Manipulation-Resistant Oracles

// Use TWAP instead of spot price
function getPrice() public view returns (uint) {
    return uniswapV3Oracle.getTWAP(1800); // 30 minute TWAP
}

2. Flash Loan Detection

mapping(address => uint) public userBalanceAtBlockStart;

modifier noFlashLoan() {
    require(
        userBalanceAtBlockStart[msg.sender] > 0 || 
        block.number > lastUserBlock[msg.sender],
        "Flash loan detected"
    );
    _;
}

3. Reentrancy Guards

Flash loans often combine with reentrancy:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract MyProtocol is ReentrancyGuard {
    function criticalFunction() external nonReentrant {
        // Protected from flash loan + reentrancy combo
    }
}

4. Rate Limiting

mapping(address => uint) public lastActionBlock;
uint public constant COOLDOWN = 10; // blocks

function criticalAction() public {
    require(
        block.number >= lastActionBlock[msg.sender] + COOLDOWN,
        "Cooldown period"
    );
    lastActionBlock[msg.sender] = block.number;
    // Execute action
}

Best Practices

1. **Never use spot prices** for critical financial operations

2. **Use TWAP oracles** with sufficient time windows

3. **Implement multiple oracle sources** and validate consistency

4. **Add circuit breakers** for abnormal market conditions

5. **Set maximum transaction sizes** to limit attack impact

6. **Implement cooldown periods** for large operations

7. **Monitor for flash loan usage** in your protocol

8. **Test with flash loan scenarios** during audits

Detection & Monitoring

During Development

- Test contracts with simulated flash loan attacks

- Use tools like Foundry to simulate complex attack scenarios

- Review all price-dependent logic

In Production

- Monitor for flash loans interacting with your protocol

- Set up alerts for large, single-transaction value changes

- Track price deviations from multiple sources

Notable Flash Loan Attacks

- **bZx (2020)**: $954K - Price oracle manipulation

- **Harvest Finance (2020)**: $34M - Curve pool manipulation

- **Cream Finance (2021)**: $130M - Price oracle exploit

- **Pancake Bunny (2021)**: $45M - Price manipulation

Tools

- **Tenderly**: Simulate flash loan scenarios

- **Foundry**: Write flash loan attack tests

- **Forta**: Monitor for flash loan activity

References

- [Aave Flash Loans Documentation](https://docs.aave.com/developers/guides/flash-loans)

- [Flash Loan Attack Patterns](https://github.com/OffcierCia/DeFi-Developer-Road-Map)