ChainScore Labs
All Guides

Flash Loan Attack Anatomy in DeFi Protocols

LABS

Flash Loan Attack Anatomy in DeFi Protocols

Chainscore © 2025

Core Concepts and Prerequisites

Understanding the technical and economic foundations required to analyze flash loan exploits.

Flash Loans

Flash loans are uncollateralized loans that must be borrowed and repaid within a single blockchain transaction. They rely on atomicity: if the loan is not repaid, the entire transaction reverts. This enables arbitrage, collateral swapping, and self-liquidation. Attackers exploit this to borrow massive capital to manipulate on-chain prices or governance without upfront capital, making them a central vector for DeFi exploits.

Automated Market Makers (AMMs)

Automated Market Makers like Uniswap's constant product formula (x*y=k) determine asset prices algorithmically based on pool reserves. Price manipulation is possible by drastically altering these reserves within a transaction. Attackers use flash loans to skew the price in one pool, then exploit the arbitrage discrepancy with another protocol's oracle or lending pool that relies on that price feed.

Price Oracles

Price oracles provide external market data to smart contracts. Many DeFi protocols use decentralized oracles like Chainlink or simple time-weighted average prices (TWAP) from AMM pools. A critical vulnerability exists when a protocol uses a single, manipulable on-chain source (e.g., a DEX pool) for pricing. Flash loan attacks often target these weak oracle designs to artificially inflate or deflate an asset's reported value.

Smart Contract Composability

Composability allows DeFi protocols to interact and build upon each other's functions within a single transaction. This "money Lego" property is what enables flash loan attacks: an attacker's contract can call a lending protocol, multiple DEXs, and a target protocol sequentially. The attack's success hinges on exploiting the interconnected logic and state changes across these composed contracts before the transaction finalizes.

Arbitrage and Slippage

Arbitrage is the practice of exploiting price differences between markets. Slippage is the difference between expected and executed trade prices due to market depth. In an attack, a flash loan creates artificial arbitrage opportunities by causing massive slippage in a victim pool. The attacker then "arbitrages" this manipulated price against another system, profiting from the engineered discrepancy before repaying the loan.

Transaction Atomicity and Reverts

Atomicity ensures all operations in a transaction succeed or fail together. This is the core security mechanism for flash loans, as the lender's funds are only at risk within the block's gas limit. For attackers, it means their complex, multi-contract exploit either completes profitably or leaves no trace. Understanding this is key to analyzing why failed attack transactions don't result in lost collateral for the attacker.

Common Flash Loan Attack Vectors

How Flash Loans Enable Attacks

Flash loans provide attackers with immense, uncollateralized capital to manipulate on-chain markets within a single transaction. The core mechanic is borrowing a large sum, executing a series of operations to exploit price discrepancies or protocol logic, and repaying the loan plus fees—all atomically. If the final step fails, the entire transaction reverts, eliminating the attacker's financial risk. This creates a powerful tool for testing and executing complex financial attacks that would otherwise require significant upfront capital.

Key Exploitation Patterns

  • Price Oracle Manipulation: Borrowing huge amounts of a token to drain its liquidity on a DEX, artificially inflating or deflating its price, and tricking protocols that use that DEX as a price feed. This was central to the Harvest Finance and Cheese Bank attacks.
  • Governance Takeover: Using borrowed funds to acquire a majority of a protocol's governance tokens temporarily, voting in a malicious proposal (e.g., to drain the treasury), and then returning the tokens.
  • Arbitrage & Liquidation Abuse: Exploiting slight price differences between protocols or triggering undercollateralized liquidations on lending platforms like Aave or Compound by manipulating account health factors.

Auditing for Flash Loan Risks

A systematic process for identifying and mitigating vulnerabilities related to flash loan manipulation in DeFi protocols.

1

Map Protocol Dependencies and Price Oracles

Identify all external price feeds and dependencies that can be manipulated.

Detailed Instructions

Begin by creating a dependency map of all external price oracles and data sources used by the protocol's core logic, such as AMM pools, lending markets, or liquidation engines. Oracle manipulation is a primary attack vector.

  • Sub-step 1: Trace all calls to getPrice() or similar functions from libraries like Chainlink (AggregatorV3Interface) or Uniswap V2/V3 pools.
  • Sub-step 2: Document the minimum update delay and price deviation thresholds for each oracle. For example, check if a Chainlink oracle has heartbeat of 1 hour.
  • Sub-step 3: Identify any internal price calculations, like time-weighted average prices (TWAP) from DEXes, and assess their window size (e.g., 30-minute TWAP).
solidity
// Example: Checking a Uniswap V2 pair for manipulable reserves
(uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast) = IUniswapV2Pair(pairAddress).getReserves();
// A flash loan can drastically alter reserve0/reserve1, skewing the price.

Tip: Use static analysis tools like Slither to automatically generate call graphs and visualize dependencies.

2

Analyze State Changes Within a Single Transaction

Review all functions that can be called in one transaction to find inconsistent state updates.

Detailed Instructions

Audit the protocol for state consistency vulnerabilities that arise when multiple actions are performed sequentially within the same block. Flash loans enable atomic multi-step attacks.

  • Sub-step 1: List all user-facing functions that modify protocol state (e.g., borrow(), swap(), provideLiquidity()).
  • Sub-step 2: Check for functions that perform critical actions (like awarding governance tokens or executing liquidations) based on a snapshot of user balance or collateral value taken earlier in the transaction.
  • Sub-step 3: Verify that any checks (e.g., solvency checks in repay()) use the final state after all internal calls, not an intermediate state.
solidity
// Vulnerable pattern: Using stale collateral value
function liquidate(address user) public {
    uint256 collateralValue = getCollateralValue(user); // Snapshot taken here
    // ... perform a flash loan to manipulate price, lowering collateralValue ...
    require(collateralValue < debt, "Not undercollateralized"); // Check uses stale value
    executeLiquidation(user); // Liquidation executes incorrectly
}

Tip: Manually trace through complex multi-contract flows using a debugger in a forked mainnet environment.

3

Stress-Test Economic Assumptions and Invariants

Simulate extreme market movements and large capital inflows to break protocol invariants.

Detailed Instructions

Define and test the protocol's economic invariants—conditions that must always hold true, such as totalCollateral >= totalDebt. Use flash loan simulations to violate them.

  • Sub-step 1: Formally define all system invariants. For a lending protocol, this includes collateralization ratios and reserve solvency.
  • Sub-step 2: Use a forked testing environment (e.g., Foundry's cheatcodes) to simulate a flash loan. Mint a large sum of tokens to the attacker address using vm.deal or vm.startPrank.
  • Sub-step 3: Write a test that executes the attack path: borrow a flash loan, manipulate the oracle price via a large swap, trigger a faulty protocol function (like minting synthetic assets), and repay the loan. Assert that an invariant breaks.
solidity
// Foundry test example for invariant breakage
function test_flashLoanBreaksInvariant() public {
    vm.startPrank(attacker);
    // 1. Execute flash loan logic via a helper contract
    attackContract.executeAttack();
    // 2. Check invariant post-attack
    assertLt(protocol.getTotalCollateralValue(), protocol.getTotalDebtValue()); // This should fail, revealing the bug
    vm.stopPrank();
}

Tip: Integrate invariant testing into your CI/CD pipeline using tools like Echidna or Foundry's fuzzing capabilities.

4

Review Access Controls and Emergency Safeguards

Ensure critical functions have proper permissions and circuit breakers exist for extreme volatility.

Detailed Instructions

Examine access control on admin functions and the presence of circuit breakers or pause mechanisms that can halt operations during market manipulation.

  • Sub-step 1: Verify that functions for updating oracle addresses, fee parameters, or price thresholds are protected by a timelock or multi-signature wallet, not a single owner.
  • Sub-step 2: Check for a global pause function that can freeze deposits/withdrawals. Ensure it cannot be triggered by a flash loan attacker.
  • Sub-step 3: Assess if the protocol uses maximum trade size limits or slippage protections on internal swaps to dampen the impact of large, manipulative trades. Look for hard caps like maxSwapAmount = 1_000_000e18.
solidity
// Example of a crucial timelock check
function setPriceOracle(address newOracle) external {
    require(msg.sender == timelock, "Only timelock");
    require(newOracle != address(0), "Invalid address");
    priceOracle = newOracle;
}

Tip: Use automated tools like Slither's arbitrary-send or controlled-delegatecall detectors to flag dangerous permission settings.

5

Verify Liquidity and Slippage in Internal DEX Interactions

Audit how the protocol interacts with DEXes for internal swaps and assess slippage risks.

Detailed Instructions

Protocols often perform internal swaps on DEXes (e.g., to convert collateral during liquidation). Low liquidity pools are highly susceptible to slippage manipulation via flash loans.

  • Sub-step 1: Identify all DEX pool addresses the protocol interacts with. Check their liquidity depth on-chain or using APIs.
  • Sub-step 2: Review the slippage tolerance parameter used in swap functions. A fixed, low tolerance (e.g., 0.1%) can be exploited.
  • Sub-step 3: Calculate the maximum input amount the protocol could send in a single transaction (e.g., a full liquidation). Simulate the price impact this would have on the target pool using the constant product formula x * y = k.
solidity
// Calculating price impact for a Uniswap V2 swap
function getPriceImpact(uint256 amountIn, uint256 reserveIn, uint256 reserveOut) public pure returns (uint256) {
    uint256 amountOut = (reserveOut * amountIn) / (reserveIn + amountIn);
    uint256 theoreticalOut = (reserveOut * amountIn) / reserveIn; // No impact
    return ((theoreticalOut - amountOut) * 1e18) / theoreticalOut; // Impact as a percentage
}
// If amountIn is huge from a flash loan, impact can be >50%.

Tip: Recommend dynamic slippage based on pool depth or using a DEX aggregator that splits trades across multiple liquidity sources.

Defensive Mechanisms and Their Trade-offs

Comparison of common security measures used to mitigate flash loan attack vectors.

Defensive MechanismImplementationSecurity BenefitPerformance/Cost Trade-off

Oracle Price Update Frequency

Every block (12 seconds on Ethereum)

Minimizes stale price arbitrage windows

High gas cost and infrastructure overhead

Maximum Slippage Tolerance

Set to 0.5% for swaps

Prevents large price manipulation via flash loan volume

Can cause legitimate large trades to fail, reducing UX

TWAP (Time-Weighted Average Price) Oracle

Uses 30-minute price average from Uniswap V3

Resistant to instantaneous price spikes from flash loans

Introduces latency; assets may be undervalued during rapid rallies

Debt Ceiling per Collateral Asset

Limits to $10M per asset type

Contains damage from a single asset's price manipulation

Restricts protocol scalability and capital efficiency

Flash Loan-Specific Fee

0.09% fee on flash loan borrowed amount

Directly increases attack cost, making some exploits unprofitable

Penalizes legitimate use cases like refinancing and arbitrage

Minimum Liquidity Requirement for Pools

Requires $1M in liquidity for price feeds

Reduces impact of a flash loan's borrowed amount on price

Limits listing of newer, smaller-cap assets

Multi-block Execution Limit

Reverts transactions exceeding 1 block duration

Prevents multi-block MEV attacks and time-based manipulations

Breaks complex, legitimate multi-step DeFi interactions

SECTION-FAQ

Frequently Asked Technical Questions

Further Reading and Analysis

Ethereum DeFi Developer Docs: Flash Loans

Explains how flash loans work at the protocol level, including atomic execution guarantees and common use cases relevant to attack construction.

Visit resource

Aave Flash Loan Documentation

Details Aave's flash loan architecture, callback patterns, fee mechanics, and security considerations that attackers frequently target.

Visit resource

OpenZeppelin: Flash Loan Attacks

Analyzes real flash loan exploits with emphasis on price oracle manipulation, reentrancy vectors, and state dependency failures.

Visit resource

Paradigm: Understanding Flash Loans

Breaks down flash loan mechanics, attacker incentives, and why protocol composability amplifies systemic risk.

Visit resource

DeFiLlama Exploit and Hack Database

Tracks historical DeFi exploits, including many flash loan-based attacks, with loss data and incident summaries.

Visit resource

Ready to Start Building?

Let's bring your Web3 vision to life.

From concept to deployment, ChainScore helps you architect, build, and scale secure blockchain solutions.

Start Your ProjectView Our Work
Chat on Telegram
Chat on WhatsApp