What is a Flash Loan - Loans That Must Be Repaid in 13 Seconds

Flash loans sound like science fiction: borrow millions with no collateral, no credit check, use it, and repay within seconds. If you can't repay, the transaction reverses like it never happened. This exists in DeFi, powering billions in volume and occasionally enabling attacks that drain protocols for millions.

A flash loan is an uncollateralized loan borrowed and repaid within the same blockchain transaction. Either the entire sequence (borrow-use-repay) succeeds, or failure causes complete reversion. Smart contracts enforce that you cannot keep borrowed funds beyond the transaction. This enables anyone to borrow massive capital instantly with zero collateral, if they can write code that uses funds profitably and repays the loan plus fees.

Flash loans separate capital from capital efficiency. Traditional finance requires collateral because time exists between borrowing and repayment. Flash loans eliminate time, eliminating risk and collateral requirements. You're borrowing money that exists for 13 seconds. If you can't profit and repay, the blockchain undoes everything.

Quick Answer

A flash loan is an uncollateralized DeFi lending mechanism where users borrow assets (often millions) that must be borrowed and repaid within a single blockchain transaction. Pioneered by Aave and dYdX (2019-2020), flash loans exploit transaction atomicity: either the entire sequence (borrow → use → repay + fees) succeeds, or failure causes complete reversion.

Flash loans require only: (1) smart contract code, (2) operations generating sufficient profit, (3) repayment of principal plus fees (0.05-0.09%) within the transaction. Common uses: arbitrage, collateral swapping, liquidations, and protocol exploits. Amounts are limited only by protocol liquidity—loans exceeding $100M have been executed. Anyone with coding skills can access unlimited capital for 13 seconds.

Failed transactions still cost gas fees. Flash loans democratize capital access but also enable attacks. Major protocols lost $100M+ to flash loan-assisted attacks in 2020-2023.

Flash Loan Feature	Traditional Loan	Flash Loan
Collateral Required	Yes (80-150% of loan value)	None
Credit Check	Required	None
Loan Duration	Months to years	~13 seconds (single transaction)
Repayment	Fixed installments	Immediate (same transaction)
Maximum Amount	Based on collateral	Limited only by protocol liquidity
Interest Rate	3-15% annual	0.05-0.09% per transaction
Default Risk	Yes	Impossible (transaction reverts)
Requirements	Bank account, documentation	Smart contract coding ability

How Flash Loans Work

Blockchains process transactions atomically—either fully succeed or fully fail. If any step fails, the entire transaction reverts. Flash loans exploit this: borrow and repayment happen in the same transaction, so if repayment fails, the borrow reverts too.

Transaction structure:

1. Call flash loan function → borrow funds
2. Execute operations (arbitrage, liquidation)
3. Repay loan + fees
4. Protocol verifies repayment
5. If successful: commit. If failed: revert

Fees: Aave 0.09%, dYdX 0%, Uniswap ~0.3%, Balancer 0%.

Gas: Transactions cost $50-500. Failed transactions still consume gas—you pay for computation even if reverted.

Flash Loan Use Cases

DeFi Arbitrage

Exploiting price differences across decentralized exchanges. Example: ETH/DAI differs between Uniswap ($2,000) and SushiSwap ($2,010). Borrow 1,000 ETH via flash loan, buy on Uniswap for $2M DAI, sell on SushiSwap for $2.01M DAI, repay flash loan, profit $10k minus fees.

Reality: Arbitrage opportunities are quickly exploited. MEV (Maximal Extractable Value) bots monitor the mempool and frontrun arbitrage transactions. Professional arbitrageurs use sophisticated algorithms and private transaction channels. Retail users rarely capture these opportunities.

Collateral Swapping

Changing collateral backing a loan without closing the position. Example: User has 10 ETH collateral on Compound, borrowed 15,000 DAI. Flash loan 15,000 DAI, repay Compound loan, withdraw ETH collateral, swap ETH for WBTC, deposit WBTC as new collateral, borrow 15,000 DAI again, repay flash loan. Same debt position, different collateral, all in one transaction.

Liquidation Efficiency

Flash loans enable efficient liquidation of undercollateralized positions. Identify undercollateralized position, flash loan borrow funds to repay debt, receive borrower's collateral (at liquidation discount, typically 5-15%), sell collateral on market, repay flash loan, keep liquidation bonus as profit.

This protects lending protocols from bad debt. Flash loans enable anyone to perform liquidations without requiring large capital, increasing liquidation efficiency and protocol security.

Flash Loan Attacks

Flash loans enable sophisticated attacks on DeFi protocols. Attack pattern: Attacker identifies vulnerability in protocol (price oracle manipulation, logic bug, reentrancy), flash loan borrow massive capital ($10M-100M), use capital to exploit vulnerability, extract profit, repay flash loan, keep stolen funds.

The flash loan isn't the vulnerability—it's the capital that makes exploitation feasible. Without flash loans, attacks would require tens of millions in capital. Flash loans democratize attacks.

Famous Flash Loan Attacks

Beanstalk (April 2022) - $182M: Attacker borrowed $1B, gained governance voting power, voted for malicious proposal, executed immediately (no timelock), drained protocol.

Harvest Finance (October 2020) - $34M: Borrowed $50M, manipulated Curve pool prices, exploited Harvest's price oracle, drained vaults.

Cream Finance (August 2021) - $18M: Exploited reentrancy vulnerability using flash-loaned capital to manipulate collateral values.

Common Attack Vectors

Oracle Manipulation: Protocols use price oracles from DEX liquidity pools. Attacker uses flash loan to execute massive trades, temporarily manipulating oracle price, then exploits manipulated price. Protection: Time-weighted average prices (TWAP), Chainlink oracles, multiple oracle sources.

Governance Attacks: Flash loan borrow governance tokens, vote on malicious proposal, execute proposal (if no timelock), extract funds, repay flash loan. Protection: Timelocks on governance, snapshot-based voting (prevents flash-loaned tokens from voting).

Are Flash Loans the Problem?

No. Flash loans don't create vulnerabilities—they expose and accelerate exploitation of existing vulnerabilities. If a protocol can be profitably attacked with borrowed capital, it's fundamentally broken. Flash loans expose vulnerabilities faster, incentivizing better security.

Real solution: Better protocol design, comprehensive audits, manipulation-resistant oracles, governance protections.

Flash Loan Providers

Aave (market leader): 0.09% fee, 30+ tokens, $5-10B liquidity, multi-chain. Best for most use cases.

dYdX: 0% fee, ETH/USDC/DAI, hundreds of millions liquidity. Best for cost-sensitive strategies.

Uniswap V2/V3: ~0.3% fee, any token pair, billions in major pairs, multi-chain.

Balancer: 0% fee, 100+ tokens, tens of millions liquidity, multi-chain.

Flash Loan Criticisms

Attack enablement: Flash loans remove capital barriers to attacks. Without flash loans, attacking a protocol requiring $50M would require raising traceable funds. With flash loans: borrow $50M instantly, attack, repay. Counterargument: If a protocol can be attacked with borrowed capital, it's fundamentally broken.

Technical complexity: Requires smart contract skills. Only developers capture arbitrage opportunities.

MEV and frontrunning: Profitable strategies are often frontrun by MEV bots. Value extraction is centralized despite permissionless access.

Frequently Asked Questions

Do I need collateral for a flash loan?

No. Flash loans are completely uncollateralized. You can borrow millions with zero collateral because repayment is enforced within the same transaction. If you don't repay, the transaction reverts and the borrow never happened. However, you do need coding skills to build smart contracts that use flash loans.

How much can I borrow with a flash loan?

Flash loan amounts are limited only by available liquidity. Aave has $5-10B liquidity, allowing loans of $100M+ in major assets.

What happens if I can't repay?

The transaction reverts. The borrow never happened, operations are reversed, protocol keeps funds. You lose gas fees ($50-500) but cannot keep borrowed funds.

Can I make money with flash loans without coding?

Difficult but increasingly possible. No-code platforms are emerging: Furucombo provides visual interfaces, DeFi Saver automates position management. These lower barriers but still require significant DeFi knowledge, and profitable opportunities are often captured by MEV bots.

References

1. Aave - "Flash Loans Documentation" - https://docs.aave.com/developers/guides/flash-loans - Official implementation guide and technical specifications
2. Qin, K., Zhou, L., Afonin, Y., Lazzaretti, L., & Gervais, A. (2021). "Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit" - https://arxiv.org/abs/2003.03810 - Academic analysis of flash loan attack vectors
3. DeFi Pulse - "Flash Loans: What They Are and How to Use Them" - https://www.defipulse.com/ - Industry overview and use cases
4. Consensys - "The State of Flash Loans" (2024) - https://consensys.net/ - Current statistics and market analysis
5. Rekt News - "Flash Loan Attack Archive" - https://rekt.news/leaderboard/ - Comprehensive database of DeFi exploits including flash loan attacks
6. Chainalysis - "Flash Loan Attacks and DeFi Security" (2023) - https://www.chainalysis.com/ - Security analysis and attack patterns
7. dYdX - "Flash Loans Technical Documentation" - https://docs.dydx.exchange/ - Alternative flash loan implementation
8. Immunefi - "Flash Loan Security Best Practices" - https://immunefi.com/ - Security guidelines for developers
9. Uniswap - "Flash Swaps Documentation" - https://docs.uniswap.org/contracts/v2/guides/smart-contract-integration/using-flash-swaps - Uniswap flash loan mechanism
10. PeckShield - "Flash Loan Attack Analysis Reports" - https://peckshield.com/ - Technical analysis of major attacks and vulnerabilities