A flash loan is an uncollateralized short-term loan. They are a new invention in the Defi space, introduced by the lending protocol, AAVE.
A smart contract is used to borrow and repay flash loans in the same transaction. If a flash loan isn’t repaid in the same transaction, the transaction fails, making it as though the loan never happened.
Flash loans present an opportunity for high-frequency and arbitrage traders with the ability to instantaneously access capital, allowing a trader to sell on one exchange and purchase on another.
Arbitrage was more common when liquidity was low and exchanges didn’t share price feeds. Flash loans have been used to attack exchanges and protocols.
This occurs when a malicious user takes out a flash loan from a lending protocol and uses the borrowed funds to manipulate prices on another protocol.
Flash loan attacks are very lucrative because the attacker does not have to deploy a lot of capital to carry out the attack. Smart contract audits are a necessary first step in mitigating a flash loan attack.
CertiK’s Skynet on-chain monitoring helps recognize these attacks in real-time and broadcasts community alerts on the Security Leaderboard.
From smart contract audits to on-chain monitoring, there are tools in place to help projects build safer protocols from the ground up.
