One of the weaknesses of the current DEFI model is the difficulty of applications built on Smart Contracts getting data from the outside world, most importantly price data.
Any application that offers token swaps, for example, needs to know the current exchange rate, so will reference an Oracle, a service that feeds this data, via API, into Smart Contracts.
This arrangement presents a huge opportunity for anyone with the right combination of Solidity programming and Trading smarts. Here’s an example:
- Get a Flash Loan of 10,000 ETH
- Use the ETH to buy a large amount of wBTC (wrapped Bitcoin)
- Use the remainder of the ETH to short ETH/wBTC
- Use your wBTC to take out a large ETH loan & cause price slippage in ETH/wBTC
- Return the wBTC generating more ETH than was originally provided because of slippage on the ETH/wBTC pair
- Close out the Flash Loan paying the fee and pocket the additional ETH gained
This all happens instantaneously, giving none of the points along the chain any chance to react. Given that the attacker is simply manipulating the price of ETH/wBTC some people argue that what they are doing isn’t necessarily illegal or even immoral; remember that code is law.
Flash Loans present one of the greatest tests of that mantra; the alternative of greater oversight or regulation is seen as too great a compromise, so the only other options are:
- Smart Contract audits – which help, but don’t guarantee safety
- Incentivising white hat hackers to expose Smart Contract flaws through bug bounties
- Building out Insurance products specifically for DEFI
$2.3 billion
According to Chainalysis $2.3 billion was stolen from
DEFI applications in 2021, with 50% of that down to
code exploits and Flash Loans. Cream Finance was
exploited on three separate occasions via Flash
Loans within an eight-month period with losses
approaching $190 million. Some of these Flash Loan exploits might be put down to the speed at which DEFI has been evolving, but given the scale of losses, it seems likely that the ‘growing pain’ argument won’t wash with regulators who may feel mandated to step in to protect investors.
The validity of Flash Loans is just one component of the broader debate about the benefits of crypto. You can argue that they are helping iron out market inefficiencies, which indirectly benefits all users. On the flip side, many see Flash Loans as just an extension of the dark arts of shadow banking and derivatives trading within traditional finance, which generate little practical value and illustrate how disconnected the gamified nature of DEFI is from reality.
Leave a Reply