DeFi Insight: Flash Loans

Flash Loans Use Cases

Since flash loans don’t last long, borrowing a volatile asset such as ether doesn’t pose a price risk. Flash loan can be performed with any ERC-20 asset provided there is enough liquidity in the pool. Interesting use-cases include:

  • Arbitrage between decentralized exchanges
  • Liquidation of crypto loans on lending platforms like Compound
  • Refinancing Crypto Loans
  • Flash Minting — instantaneous minting of an arbitrary amount of an asset being burned at the end of the transaction cycle
  • Create a leveraged long or short positions

Example: Liquidation of Crypto Loans

Borrowers on Compound and similar platforms are required to put up collateral before they take a crypto loan. Such loans are always overcollateralized. One other aspect of taking a crypto loan is the variable interest rates. Both interest rates and asset prices could play a crucial role in the decision to close a position by quickly repaying the loan. If the price of the underlying collateral drops fast and reaches, a liquidation stage one could lose the collateral and also pay a penalty fee. By using flash loans, one could self-liquidate the loan by losing the collateral while avoiding the penalty fee. In the DeFi ecosystem, the liquidations penalties for loans could range between 3% and 15% depending on the platform. Avoiding the penalty fee could be a considerable cost saving. Obviously, flash loans also impose fees, but it is much better to pay under 1% fee for a flash loan rather than a 15% penalty fee.

Loan self-liquidation example. Step-by-step guide
Figure 1: Loan self-liquidation example — step-by-step (source: https://blog.kalinoff.com/)

Flash Loan Attacks

Flash loans offer endless opportunities. This, of course, opens many attack vectors for some DeFi protocols. Any arbitrage opportunity or code mistake could result in a loss of funds. With flash loans hackers have millions of dollars at their disposal. One of the earlier flash loan hacks happened in February 2020 when a hacker used his flash loan to manipulate the price of wBTC (a BTC synthetic asset on Ethereum). With 112 wBTC on his disposal, he placed a large sell order on Kyber (DEX) while also shorting wBTC. The result was a profit of $350,000. In this case, the attacker was able to make a profit by manipulating market prices on a Decentralised Exchange.

Other notable flash loan attacks include:

  • February 2020, September 2021, bZx: bZx was one of the first DeFi protocols to be a victim of a flash loan attack. The hacker made off with 1,300 wrapped ETH, worth $366,000 at the time.
  • May 19, 2021, Pancake Bunny: The attacker was able to manipulate price differences to steal 114,631 WBNB worth approximately $45 million.
  • May 20, 2021, Belt Finance: Belt fell victim to a flash loan attack that netted the attacker about $6.3 million in cryptocurrency
  • August 30, 2021, CREAM Finance: A flash loan attack wiped out an estimated $130 million from its Ethereum-based liquidity pools.
  • October 2, 2021, Twindex: A fractional-algorithmic synthetic asset system was exploited by an attacker to gain a profit of approximately $538,110.
  • October 2021, Cream Finance: The lending protocol lost $130 million in a flash loan attack
  • December 2021, Grim Finance: The protocol suffered a reentrancy attack, a type of exploit where an attacker fakes additional deposits into a vault while a previous transaction has yet to be settled. $30 million were stolen.
  • April 2022, Deus Finance: $13 million were stolen from the platform by manipulating the price of its stablecoin (DEI).
  • April 2022, Beanstalk: An attacker used a flash loan to vote to send themself $182 million netting $80 million in profits.

The classification of DAI according to the ITC:

Since many of the flash loan examples include Maker and the stablecoin DAI here is the DAI classification according to the ITC:

The classification of DAI stablecoin according to the ITC
Figure 2: The DAI Tokenbase entry (Source: https://itin.itsa.global/HT6PV80N4)

List of all DAI tokens:

List of all DAI stablecoins in Tokenbase

The International Token Standardization Association (ITSA) e.V.

The International Token Standardization Association (ITSA) e.V. is a not-for-profit association of German law that aims at promoting the development and implementation of comprehensive market standards for the identification, classification, and analysis of DLT- and blockchain-based cryptographic tokens. As an independent industry membership body, ITSA unites over 100 international associated founding members from various interest groups. In order to increase transparency and safety on global token markets, ITSA currently develops and implements the International Token Identification Number (ITIN) as a market standard for the identification of cryptographic tokens, the International Token Classification (ITC) as a standard framework for the classification of cryptographic tokens according to their inherent characteristics. ITSA then adds the identified and classified token to the world’s largest register for tokens in our Tokenbase.

  • The International Token Identification Number (ITIN) is a 9-digit alphanumeric technical identifier for both fungible and non-fungible DLT-based tokens. Thanks to its underlying Uniform Token Locator (UTL), ITIN presents a unique and fork-resilient identification of tokens. The ITIN also allows for the connecting and matching of other media and data to the token, such as legal contracts or price data, and increases safety and operational transparency when handling these tokens.
  • The International Token Classification (ITC) is a multi-dimensional, expandable framework for the classification of tokens. Current dimensions include technological, economic, legal, and regulatory dimensions with multiple sub-dimensions. By mid-2021, there will be at least two new dimensions added, including a tax dimension. So far, our classification framework has been applied to 99% of the token market according to the market capitalization of classified tokens.
  • ITSA’s Tokenbase currently holds data on over 4000 tokens. Tokenbase is a holistic database for the analysis of tokens and combines our identification and classification data with market and blockchain data from external providers. Third-party data of several partners is already integrated, and API access is also in development.

Remarks

If you like this article, we would be happy if you forward it to your colleagues or share it on social networks. More information about the International Token Standardization Association can be found on the Internet, on Twitter, or on LinkedIn.

References:

Flash Loans Cover Photo

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
International Token Standardization Association

International Token Standardization Association

283 Followers

The International Token Standardization Association (ITSA) is a not for profit organization working on holistic market standards for the global token economy.