Chainlink
$15.54 -1.41%
LINK · 1w

Flash Loans and the Importance of Tamper-Proof Oracles

Like the concept of yield farming, flash loans are exciting and powerful new liquidity mechanisms that have recently emerged in the decentralized finance (DeFi) ecosystem. Flash loans enable users to borrow assets from an on-chain liquidity pool with no upfront collateral as long as the borrowed amount of liquidity, plus a small fee, is returned to the pool within the same transaction. This innovative design increases access to capital for all users in a variety of use cases while ensuring the full, continuous solvency of the underlying liquidity pool.

For a short period of time—the span of a single transaction—a flash loan can make anyone a very well-capitalized actor, providing access to hundreds of millions of dollars in liquidity. This creates unique opportunities for arbitrage, collateral swapping, and the creation of leveraged positions, but it also creates certain risks, especially for a nascent ecosystem of protocols with varying degrees of decentralization and security. These risks should be understood by smart contract developers so more robust applications can be built for users.

Flash Loans and Price Oracle Attacks

As explained in our previous article on data quality for DeFi smart contracts, protocols that fetch prices from a single source are easily exploitable by malicious actors with a large amount of funds who can manipulate the market with one large trade. Because flash loans can provide instant and sizable liquidity to anyone in the world, at any point in time, they have increasingly been used to fund attacks on DeFi protocols. However, there is a key distinction to be made here: flash loans only provide funding to execute attacks—the real issue at hand is centralized price oracles that do not offer adequate market coverage.

While often differing in methodology and scope, the most common form of attack using flash loans is designed to manipulate protocols that use a blockchain-based decentralized exc...

Continue on blog.chain.link
No posts found
Recent news
No posts found