Other related content can be found on: Personal homepage
The main references in this article are:
[Sharing of Whaling Ship] ( Principles of Flash Loans and Analysis of Security Incidents - Causes and Preventive Measures of Attacked Projects (youtube.com) )
[SharkTeam series of articles – Flash Loan]([Detailed explanation of Flash Loan Technology-Part 3 | Login Community | Blockchain Technology Community (learnblockchain.cn)](https://learnblockchain.cn/article/4502#Aave Flash Loan Excellent shortcoming))
What is flash loan on blockchain:
闪电贷:The original purpose was to be implemented on the blockchain and allow users to borrow money without providing anything as collateral.
How to truly realize the function of flash loans, relying on the atomicity of transactions on the blockchain, so that the borrowing and repayment of flash loans can be completed in the same transaction. If the corresponding repayment is not completed, the entire transaction will be rolled back;
In order to prevent the abuse of flash loans in Defi, each flash loan repayment needs to support the loan fee of the loan amount, such as 0.09%, otherwise the entire transaction will be rolled back.
Aave originally proposed the concept of flash loans in order to serve the product developer community in the financial industry, allowing more developers to use flash loans to create refinancing tools or arbitrage tools without the need for funds, build financial products, and lower the development threshold. . (I found a reasonable answer after searching around)
However, flash loans are currently being widely abused and used for arbitrage between assets.
Specific implementation example of flash loan:
Common flash loan platforms: Uniswap、Aave、Compound、MakerDAO、dYdXetc.
There is a difference between flash loan and flash exchange: whether the same assets need to be repaid.
Most of the existing flash loans are optimistic transfers. In the implementation of the loan function, the loan token is first transferred to the borrower, and then the borrower's function is called back, and the borrower performs his operation. Finally, before the loan function ends, The loan amount and corresponding handling fees must be repaid, otherwise the transaction will be returned
Aave_v2
-
Check the number of flash loan tokens, calculate handling fees, protocol fees, etc.
-
Make an optimistic transfer to transfer tokens to the user's address
-
Call back the user's excuteOperation function, and the user will perform the arbitrage operation himself. aave_v1 needs to make corresponding repayments at the end of the function. aave_v2 does not need to repay immediately, but needs to authorize the loan contract accordingly.
-
v1 checks the repayment amount (balance before contract loan + handling fee), and the v2 loan contract calls the safetransform function to perform the corresponding transfer and realize the corresponding repayment.
The figure below mainly shows the implementation of aave_v1 version
Uniswap_v2
uniswap also provides the function of flash loans. In the v2 version, it mainly implements flash loans through the swap function.
The principle of flash loan to detect whether to repay is based on the principle of automatic market maker AMM to perform k value test.
You can roughly understand uniswap. The pair of its tokens satisfies
x 1 ∗ x 2 = k x_1*x_2 = kx1∗x2=k
The final k value verification only needs to satisfy:
( b a l a n c e 1 ′ − f e e ) ∗ ( b a l a n c e 0 ′ − f e e ) ≥ k (balance^{'}_1-fee)*(balance^{'}_0-fee) \ge k (balance1′−fee)∗(balance0′−fee)≥The balance of account k
after repayment minus the corresponding transaction fees is sufficient to be greater than k.
From the above formula, we can easily see that when repaying money in uniswap, we do not necessarily need to pay back the same asset. We can also exchange it for the corresponding pair of assets.
- Conduct inspections on related loans
- Make an optimistic transfer
- Call back the borrower's uniswapV2call function, perform corresponding arbitrage operations, and realize repayment at the end of the function
- k value verification to determine whether to repay the loan
The remaining steps of its flash loan are similar to aave. The only difference is that uniswap transfers the corresponding repayment directly to the corresponding lending contract in the uniswapV2call function.
Types of flash loan attacks
- Using the large amount of funds in flash loans to manipulate prices, there are loopholes in the inquiry mechanism in some projects, which can be seen in [Price Manipulation Article] ( Reunderstanding of Price Manipulation Attacks | Emmanuel from Mentougou College (emmanuelwh.github.io) )
- Some projects will generate instant rewards during staking or other processes. Use flash loans to get large rewards.
- There are other logical loopholes in the project, and the large amount of funds in flash loans can be used to create large arbitrage opportunities.
DFX attack incident analysis
The main causes of vulnerabilities are mainly two:
-
The repayment logic of flash loan is the difference in the amount in the pool before and after the flash loan
-
However, the DFX contract does not impose re-entry restrictions on its lending methods and liquidity adding methods. In layman's terms, it means that the borrowed money is mortgaged into the same pool. The flash loan that users need to repay is very small, but there is a large amount of LP liquidity proof.
The main steps of the attack are:
- Call the flash function to borrow a large amount of USDC and XIDR
- Then the two borrowed tokens will be mortgaged in the same pool.
- At this time, the difference between the pools before and after the flash loan is far smaller than the funds lent by the attacker, and the attacker can return only a small amount of funds.
- However, the liquidity of user mortgages is still in its hands. It removes the liquidity and obtains a large amount of USDC and XIDR.
