Is Flash Loan an Angel or a Devil?

When people in the crypto industry talk about flash loan, they are a little bit frightened because there are indeed too many DeFi protocols that have been attacked by flash loan as well as suffered huge losses.

Let’s list a few:

1. Harvest Finance, a DeFi project with a total lock-up volume of more than $1 billion, was exposed to hacker attacks, causing approximately $24 million in losses on October 26, 2020.
2. The Origin Protocol stable currency OUSD was exposed and was attacked by flash loan. Origin Protocol lost a total of $2.25 million in DAI and $1 million in ETH on November 17, 2020.
3. The DeFi staking, governance and liquidity strategies platform xToken was attacked, the xBNTa Bancor pool and the xSNXa Balancer pool were exhausted. xToken lost approximately $25 million On May 12, 2021.
4. The DeFi revenue aggregator PancakeBunny on the BSC chain was attacked by flash loan. The attacker used PancakeSwap to manipulate the price of LP Token (BNB-BUSDT/BNB-BUNNY), causing a loss of more than $45 million on May 20, 2021.

The loss of a huge amount of funds is vivid, making all kinds of DeFi agreements skate on thin ice. Therefore, many people in the industry have pointed the finger at “flash loan” and believe that flash loan is the source of evil.While criticizing, many people also admire the No-cost arbitrage of flash loan, which is “To get something from nothing”.

So is Flash Loan an Angel or a Devil?

Next Let’s understand what a flash loan is!

In the traditional economy, when a lender provides a loan to a borrower, there is always a risk that the borrower may not be able to repay the debt.

It leads to the following questions:

Is it possible that there is a situation in which money is lent, but there is no possibility that it will not be repaid?

The above-mentioned things that cannot be achieved in the traditional industry are completed by the blockchain, which is flash loan.

A flash loan is a loan that is only valid in a block transaction. If the borrower does not repay the loan before the end of the transaction, then the flash loan will fail and will not be executed. This is because if the repayment conditions are not met, the blockchain will not execute the transaction.

The assets of flash loans come from a public smart contract pool. The most popular ones are the fund pools provided by Aave and dYdX, as well as the rising stars,VAVA. VAVA is an innovative lending protocol will be listing on the Polygon (Matic).The interest rate of flash loans is the same as AAVE, which is 0.09%.

Flash loan can generally be used for self-liquidation, helping others to liquidate, arbitrage, collateral replacement, etc.As an innovative financial tool, in essence, the use of flash loan to achieve “get something for nothing” is to take advantage of the loophole of the protocol itself.

Vulnerabilities in oracles are the most common. Because many protocols access token prices through third-party oracles, flash loans can manipulate prices, interfere with price-feeding oracles and interfere with the protocol’s judgment on token prices, thereby creating arbitrage opportunities “maliciously”.

In a well-known case, hackers traded sUSD arbitrage on three trading platforms,Uniswap,Kyber and Synthetix through flash loan, as follows:

1. BZX lends out 7,500 ETH.
2. A total of 4,417 ETH were exchanged for 943,837 sUSD at an average price of 213 sUSD (including transactions directly on third-party platforms, and failures in markets such as Kyber) .
3. ETH continues to be sold in the SUSD markets of Kyber and Uniswap to drive down prices.
4. As BZX uses Kyber as its price-predicting machine, the price of ETH for bZx falls by about 58% . Users can exchange the equivalent sUSD for more ETH.

The hackers exchanged a total of 1,099,841 sUSD for 6,799 ETH (average price: 162 sUSD) . The net proceeds from the hack were the remaining 3082eth and 6,799 ETH from the prophet attack arbitrage. After paying off 7,500 ETH flash loans, he earned a profit of 2,381 ETH.

In this case, we can find that there is nothing wrong with the Flash loan itself, bZx was attacked because of its own product design flaws, price-predicting is completely dependent on a third party. There is no mechanism to consider the access party, and there is no ultimate stress test.

Similar attacks can be traced back to real causes, such as the recent loss of PancakeBunny mentioned above, as well as to the malfunctioning of the seer.

As a result, the existence of flash loans is a constant reminder to the architects of the agreement, in the design of products to be carefully considered in connection with the other protocols may be the impact of its own protocoland risk. Oracle Access can refer to the Alpha processing methods, time-delay access, while strict wind control.

A great product is just like a great era. We Can’t stop it. All we can do is embrace it.

There are two sides to every story. For flash loan, it is an innovative financial instrument that efficiently provides large amounts of capital and promotes the value cycle.But it would be wrong to focus on the DeFi attack and ignore its positive impact on the Oracle and the evolution of Defi.You know, even if there is no “flash loan”, an already rich Ethereum account can make the same attack.

Only by understanding flash loan and its positive effects can we make better use of it, and these positive uses are what Vava has been working towards.

Vava is an innovative Lending protocol, featuring flash loans, stable interest rate loans, LP loan, credit delegation and cross-chain bridge,which will listing on Polygon soon.

Based on the Layer 2 protocol layout of zkSync, VAVA’s goal is to become a safer, more efficient and higher-yield choice for large funds.

By using VAVA’s flash loan, users can more quickly replace collateral, complete self-liquidation or help others to liquidate and so on, so as to quickly make profits or avoid losses, and help users really take to the DEFI world.

Maybe all you need to become a professional DeFi player is a Vava Flash loan!