Crypto
4 min read

Flash Loan

An uncollateralized loan that must be borrowed and repaid within a single Ethereum transaction. If the borrower fails to repay, the entire transaction reverts. Used for arbitrage, refinancing, and exploits.

How flash loans work

The mechanic exploits the atomic-transaction nature of EVM:

  1. User initiates a transaction that calls a flash-loan contract.
  2. The flash-loan contract sends the requested amount to a specified address.
  3. The user's transaction does whatever it wants with the borrowed funds (swap, leverage, refinance, exploit) — all within the same transaction.
  4. Before the transaction concludes, the borrowed amount plus a small fee must be returned to the flash-loan contract.
  5. If the repayment fails, the entire transaction reverts — as if the loan never happened.

The atomicity guarantees safety to the lender: either the loan is repaid in full within the same transaction, or it doesn't happen at all. No collateral is needed because there's no risk of non-repayment.

Common uses

A few legitimate categories:

  • Arbitrage. A user spots a price difference between two DEXes. Flash-loan a large amount, swap on the cheap venue, sell on the expensive one, repay the loan, pocket the spread — all in one transaction.
  • Liquidation execution. When a position needs to be liquidated, liquidator bots use flash loans to fund the repayment, seize the collateral, then sell the collateral and repay the flash loan.
  • Refinancing. Move a borrowing position from one protocol to another. Flash-loan the debt amount, repay protocol A (unlocking collateral), move collateral to protocol B and re-borrow, use those new borrowings to repay the flash loan.
  • Collateral swaps. Change the collateral type behind a CDP without unwinding the position.

Where they live

  • Aave — pioneered the concept; remains the dominant flash-loan provider.
  • dYdX — provides flash loans alongside its perpetuals exchange.
  • Uniswap — V3 enables flash swaps (similar concept; receive tokens before paying for them).
  • Various smaller protocols — many DEXes and lending protocols offer some form of flash-loan-like capability.

Total flash-loan volume runs into hundreds of billions of dollars annually across these protocols.

Flash loans and exploits

Flash loans have been the most common capital source in DeFi exploits:

  • bZx (February 2020) — early flash-loan attack, drained ~$1M.
  • Cream Finance (October 2021) — $130M lost to a flash-loan-funded oracle attack.
  • Beanstalk (April 2022) — $182M lost to flash-loan-funded governance attack.
  • Euler Finance (March 2023) — $200M+ exploit using flash loans.

The pattern: an attacker uses a flash loan to amass enormous temporary capital, manipulates a protocol's price oracle or governance, drains funds, and repays the flash loan. Without flash loans, these attacks would require enormous upfront capital that few would have.

This has sometimes led to calls to restrict flash loans. The counter-argument: the flash-loan capability itself isn't the vulnerability; it's the protocols that fail to handle large-volume manipulation properly. Disabling flash loans wouldn't prevent the underlying weaknesses, just raise the capital bar.

Why they're significant

Flash loans collapse the "you need money to make money" constraint that limits arbitrage and refinancing in traditional finance. Anyone with the technical skill can execute capital-intensive strategies without the capital.

This produces several effects:

  • More efficient markets. Arbitrage opportunities close faster because anyone can execute them.
  • Better borrower outcomes. Refinancing, collateral swaps, and other complex operations are accessible to retail users.
  • Faster liquidation execution. Bad positions clear quickly because liquidators can fund repayments instantly.
  • Lower barriers to attacks. Sophisticated exploits don't require deep capital.

The democratization of capital-intensive operations is genuinely novel; flash loans don't have a clear analog in traditional finance.

Limitations

A few practical constraints:

  • Single-transaction scope. Flash loans must be opened and closed within one transaction. Can't carry positions overnight.
  • Gas costs. Complex flash-loan strategies involve many operations, each costing gas. On Ethereum mainnet, simple flash-loan arbitrages can cost $50-200 in gas; profitable opportunities have to exceed that bar.
  • Composability friction. Not every protocol integrates cleanly with flash loans; some require specific routing.
  • MEV competition. Public mempool flash-loan opportunities are heavily contested by bots; success requires either being first or using private flow services like Flashbots.

Where to learn more

For developers interested in implementing flash-loan-using contracts, Aave's documentation is the canonical reference. The general pattern is straightforward — implement a callback that performs your strategy and ensures repayment — but the specific edge cases (price impact, gas optimization, error handling) are non-trivial.

For users, flash loans are usually invisible — they happen as part of liquidations, arbitrage, and protocol operations without direct user interaction. Understanding they exist helps make sense of why crypto markets price more efficiently than they otherwise would, and why exploits often involve sums far larger than the attacker's apparent capital.