If you are familiar with blockchain and cryptocurrency, odds are pretty good that you know of the platform, Aave. For those who don’t, it is a popular DeFi lending protocol. It allows users to lend and borrow cryptocurrencies at a mixture of interest rates that are both stable and volatile. It has the typical loan features that you are likely to see in other protocols. At the same time, Aave includes distinctive features such as “rate switching” and uncollateralized loans.
This protocol is open-source, as well as non-custodial. This basically means that there is no third party in control of user funds. LEND is the native token of the Aave platform and it provides holders with an array of advantages. These include deducted fees and rewards for staking.
There are two key reasons as to why many people flock to Aave. One is its flexible rates. Aave users are able to lend and borrow cryptocurrencies in a manner that is permissionless. Be that as it may, Aave’s interest rate structure is considerably different. Other lending platforms are prone to locking users into rigid or variable interest rates. Aave’s rate-switching function, however, permits users to alternate between two different types of rates. As a result, they get the best interest rate on their loans. All by simply changing between “stable” and “variable” interest rates.
The second – and probably the most important – reason for why people are gravitating towards Aave is because of a unique feature. This feature goes by the name of ‘flash loans’.
Breaking down ‘decentralized finance’
Generally speaking, cryptocurrencies as a whole share a single goal. They aspire to make money and payments a commodity that is universally accessible to anyone. Regardless of where they live, they will be able to use it. This is where the Decentralized Finance (DeFi) or Open Finance movement comes in. It takes that promise to the next level.
DeFi largely includes digital assets, protocols, and smart contracts. In addition, it includes decentralized apps (DApps) that are built on a blockchain. The best way to think of DeFi is as an open financial ecosystem. One where you can construct a variety of small financial tools and services in a decentralized fashion. Since these are applications whose constructions are on a specific blockchain, you can combine, modify, and integrate them according to your needs.
Take a moment to imagine a global alternative to every financial service that you are using today becoming accessible worldwide. Whether it be savings, loans, trading, or insurance, imagine everyone having the luxury of accessing them. To take it a step further, what if they could easily do so with a smartphone and Internet connection?
Well, such a prospect is now possible on smart contract blockchains, like Ethereum. ‘Smart contracts’ are a type of self-executing contract with the terms of agreement residing in the lines of code. They are programs running on the blockchain that undergo immediate execution when certain conditions are met. These smart contracts allow developers to build more complex functionality that goes beyond simply sending and receiving cryptocurrency. These programs are what we ultimately refer to as ‘DApps’.
Many refer to the wide variety of products that associate with DeFi collectively as open finance. The reason for this being that it is a unique ecosystem. It is where blockchains, digital assets, and open protocols are integrated with conventional financial structures.
- Open Lending Protocols – This is a digital money lending platform whose construction occurs on a blockchain. Similar to a bank, users deposit their money. Moreover, whenever someone else borrows the digital assets, they will, in turn, earn interests. However, the similarities end when it comes to intermediaries. Filling their position of who dictates the loan terms are the smart contracts. These contracts also connect lenders and borrowers and are in charge of interest distribution.
- Stablecoins – Contrary to other crypto coins that possess a volatile value, stablecoins are blockchain tokens that hold on to a specific value. Most of the time, they are put into one of three categories: 1) Fiat-Collateralized, 2) Crypto-collateralized, and 3) Non-Collateralized.
- Exchanges and Open Marketplaces – Decentralized exchanges have peer-to-peer transactions of digital assets between two parties on the blockchain. There is no third-party involvement in these exchanges. Peer-to-peer marketplaces run by Ethereum have an exceptional amount of long-term potential. In the future, they could end up covering markets specifically for native digital assets and tokenized real-world assets.
- Issuance Platforms and Invest Management – This sector is special in that it covers a broad range of platforms. A large portion of issuance platforms are actively concentrating on the security token market. Over time, more players – especially institutions – are entering open financial markets. As this happens, these issuance platforms and investment management frameworks will both undoubtedly gain more momentum.
An innovative tool
Flash loans are arguably the most unique feature to come out of the Aave protocol. Unlike the average over-collateralized loan, flash loans require zero collateral in order to use. From a technical standpoint, these loans are as innovative as they are easy to understand.
The flash loan is a function in the Aave smart contract. When you access it and you borrow from the protocol, there is a crucial condition. It says that if there is no return of the loan on the same transaction with the fee, then the transaction will revert. Rather than guaranteeing repayment with collateral, flash loans basically rely on the timing of the loan’s repayment. As long as there is a full payback of the loan within the same issued block, it will receive approval. On the other hand, let’s assume that there is no payback of the loan within the same block. In this particular case, the entire loan will be subject to cancellation.
All in all, flash loans effectively open the doors to new avenues for safe and secure arbitrage opportunities. Ones that exist across the vast Ethereum DeFi ecosystem. The best part of it all is that it will cost the user virtually nothing.
Aave CEO, Stani Kulechov, says in an interview that he envisions flash loans as a special tool for developers. Something that will aid them in building amazing new tools for the end-user. Moreover, he hopes these loans will enable entrepreneurs to keep on building new DeFi projects. All without requiring as much capital upfront. He is of the belief that the DeFi narrative will change from value locked to the exact usage of this value. For that matter, flash loans will be one way to use this locked capital at a more efficient rate.
A word from the CEO
In the same interview as above, Kulechov digs deeper into how flash loans work and what their general purpose is:
“The service that we are doing is ensuring that you can borrow and return and in between these, what we call circuits, you can do all different kinds of stuff. So for example, you can open a trade with that same liquidity in Uniswap, close another trade in Kyber or one of the most interesting use cases for me is, for example, you take a Dai flash loan, close a CDP — for example, if you have a high-interest rate CDP but you see a lower rate somewhere else, you take the Dai, close the CDP, take the ETH, send it to the other lending protocol and draw the Dai from there and basically return the flash loan, everything on the same transaction, which basically means that you have just refinanced your client or yourself if you’re doing it for yourself.”
He explains that, typically, each block in Ethereum receives confirmation every 13 seconds. However, the seconds are not that important in the grand scheme of things; the block is what’s important. No matter what it is you do, you will have to do it in one block. Each Ethereum block settles the transactions in a specific way. Therefore, you can do all kinds of things, but there has to be a sense of definitiveness within the block.
Easy for developers
From a broader perspective, flash loans are very useful as a developer tool. Because, for example, a developer is able to create a refinancing tool or an arbitrage tool. Alternatively, they can just use it as a way to liquidate Customer Data Platforms (CDPs). However, at the end of the day, the main figure benefitting from this is ultimately the end-user.
Kulechov provides further explanation of this by painting a hypothetical scenario:
“Let’s, let’s say I’m a developer, I create a service and I’m using flash loans. Say the service is called liquidation service, and say you have a CDP open and it gets into collateral call. So when this collateral margin call happens in the Maker system, you’re losing 13% as a liquidation fee. Say you took the CDP because you are long on ether, but you needed the Dai to spend in paying bills. So you already spent that Dai, and now there’s a liquidation coming and you’re losing 13% of the value that you have locked into Maker. Now what you can do as a developer, is build a product and says subscribe to this service and if your CDP is getting liquidated, a flash loan is taken and the loan is repaid before the liquidation happens. So then you save 13%, or maybe the app will get up 1%, and you keeps 12%. So the developer is building this product, but you could be the end user.”
Overall, the idea of flash loans came from an unorthodox concept: zero-risk loans via a smart contract. Why is this unorthodox in the eyes of many? Well, there is a question surrounding the very idea that a loan could be free of risk.
Traditional lenders usually take on two specific forms of risk. The first form is ‘default risk’. If the borrower ends up taking off with the money, that would obviously be unfortunate. However, the second risk pertaining to a lender is ‘illiquidity risk’. Suppose that a lender lends out too many of its assets at the wrong times. Alternatively, suppose they do not receive timely repayments. Whatever the case, the lender may be suddenly illiquid and not be capable of meeting obligations of its own.
The design of flash loans could very well help mitigate both of these risks. The way in which a flash loan works is as follows:
- Person A will lend Person B as much money as Person B wants for this single transaction.
- By the end of this transaction, Person B needs to pay Person A at least as much as Person A lent them.
- If Person B is unable to do that, Person A will automatically roll back Person B’s transaction. Smart contracts are what allow this to happen.
Put simply, your flash loan is automatic. Failing to pay back the loan means that the whole thing will revert back to the way it was. In essence, it will go as if there wasn’t a loan at all.
A point of contention
Indeed, DeFi flash loans are a hot topic right now. It is important to note, though, that this popularity doesn’t stem just from their potential or the platform that is creating them. Truth be told, its rise in prominence comes from what happened with the lending platform, bZx. During the month of February, the platform would experience two ‘attacks’ concerning flash loans. In total, roughly $954,000 were siphoned from the loans. The first one would occur on Valentine’s Day and the second one was four days later on February 18.
The general method of flash loans is gradually becoming quite an antagonistic subject. This is mostly due to plenty of people not agreeing with the belief that flash loans are an “attack.” Nor do they think that they are “hacks” or “exploits.” The scheme simply abides by the rules of the contract and loan system and that’s it. There are a number of Ethereum advocates who see flash loans as useful and open new doors for DeFi.
You can thank the two aforementioned flash loans on bZx for the start of the fierce debate. Because of this, there is now a huge divide when it comes to the subject of using loans without collateral. Especially when using them during a quick trade.
A post on the bZx blog spoke of the Valentine’s Day attack a few days after the event:
“We returned home and analyzed the transactions. The series of transactions were extremely complex and did not yield to a straightforward chain analysis.
We made the determination that the attack could continue, that lender funds were at risk, and that we needed to take steps to disable the attack.”
During the first big flash loan on February 14, the alleged hacker got a loan of 10,000 ETH from dYdX. This is a platform that self-proclaims as being the “most powerful open trading platform for crypto assets.” Furthermore, the hacker got their hands on 112 wrapped bitcoin (WBTC) from the DeFi protocol, Compound. The individual would proceed to send roughly 1,300 ETH to bZx’s Fulcrum trading platform. Afterward, they would borrow up to 5,637 ETH by way of Kyber’s Uniswap for around 51 WBTC.
At this point, that particular move led to significant slippage within the market. It was the difference between the anticipated price of certain trades and the trade execution price.
After all of this, the hacker would later generate a profit from the 112 WBTC loan. From that loan that they got from Compound, they would bring in up to $318,000 in profit. From this single transaction, the individual could easily pay back the 10,000 ETH from dYdX.
A flash loan gives you the ability to leverage DeFi capital without collateral. Doing so will allow you to profit off of successful decentralized exchange trade. The process is a quick and efficient one in order to restrain the risk of losing funds during execution.
The person responsible for carrying out a flash loan can utilize its assets to decrease the price across various markets. From this, they can provoke DeFi apps with oracles to sell at a desirable spot price. DeFi apps such as the aforementioned bZx, dYdX, and Compound use price oracles to determine the prices. This process extends across a wide variety of decentralized exchanges like Uniswap.
Oftentimes, the pricing information consists of exceptionally large discrepancies across various exchanges. These allow for market irregularities, like slippage and arbitrage, to emerge. The general speed of the execution of a flash loan fast. In fact, its incredible speed derives from the loan, trade, settlement, and profits all happening simultaneously in a single transaction.
The individual responsible for the first massive flash loan against bZx was borrowing funds from the DeFi platform’s smart contract. And they did so without any collateral, so they were able to pay the loan back within a single transaction.
Following those two massive flash loans on the bZx trading platform, there came the eruption of a debate. One that persists and shows no signs of slowing down. The crypto community continues to be at odds with what to think of these loans, especially on social media. Already, there are several deep analyses and studies about the subject of flash loans. What’s more, people get into arguments about whether or not these acts are in any way malicious. For that matter, some individuals are presenting to the public the simplicity of executing a flash loan. Not just with a DeFi platform, but also with decentralized exchange.
Fiona Kobayashi was once showing crypto enthusiasts on Twitter how she goes about conducting a small flash loan. In a single transaction, Kobayashi would obtain a loan of ETH from Aave with no collateral at all. She would later exchange it for BAT tokens on Uniswap. Then, she moved the BAT to the MakerDAO platform as collateral and made an ETH collateral withdrawal from Maker.
After that, Kobayashi made a repayment of her loan on Aave. With Rosco Kalis’ revoke cash platform, her aim was to “revoke the original vault’s ERC allowances.” In a tweet, Kobayashi says:
“Not sure why I ended up with an extra $4.70 worth of DAI, it was supposed to be a net neutral flash loan.”
Inflation & Deflation
A few people are of the belief that flash loans can result in a case of inflation. Primarily in a way that’s similar to how central banks diminish circulating supply and then simply adjust rates. One person made a remark concerning the bZx flash loan, saying that:
“Inflation happens, but so does deflation too, [the] Fed can lower circulating supply at any time and raise interest rates.”
On February 17, another person would tweet, “Flash loan exploit inflation is crazy.”
There’s a reason why people believe that flash loans may lead to erratic inflation and deflation. It stems from the execution of a flash loan. When this happens, the profits are being taken from somewhere else. Specifically, somewhere within the chain of events in the transaction. The implementation of oracles is growing and developers are coming up with new ideas for gathering valid price data.
A blog post from Emilio Frangella from the Aave protocol talks about the subject. He says that flash loans are an innovative concept, writing the following about their impact:
“Flash Loans have especially captured the attention of the defi crowd and we expect other defi protocols to follow our lead and implement their flavors of flash loans as well. Like any other building block of Ethereum composability, flash loans quickly allowed new creative ideas to become reality.”
In the same post, Frangella further adds:
“Prime examples of this are Arbitragedao (a DAO with the goal to market make arbitrage opportunities by leveraging the flash loans) and the Maker Vault collateral swapper (which allows you to swap your collateral from ETH to BAT in one transaction).”
Even with all the potential evident with flash loans, these supposed ‘attacks’ are enough to leave some people skeptical. They predict a series of capital-intensive attacks that receive funds from flash loans. The recent bZx hacks are a hint of what could occur and what be the beginning.
Overall, there are two primary reasons as to why flash loans have an exceptional appeal to attackers:
- A majority of attacks require an abundance of up-front capital (ex. oracle manipulation attacks). If you are garnering a positive ROI on $10 million of ETH, then it is in all likelihood not arbitrage. If anything, it indicates that you are up to nonsense.
- Flash loans downplay the level of taint for attackers. Let’s assume that you know of a way to manipulate an oracle with $10 million worth of ETH. Be that as it may not, you will likely not want to risk it with your own capital. Your ETH will be tainted and exchanges could ultimately reject my deposits. This will make it hard to launder. However, if you take out a flash loan for $10 million, then it doesn’t matter. It is not as if the collateral pool of dYdX will be tainted. This is because that is the origin of your loan; the taint on dYdX essentially evaporates.
Implications regarding security
It is not uncommon for someone to view exchange blacklisting as being part of the blockchain security model unfavorably. Generally speaking, it is quite centralized. However, it is a crucial reality that informs the primary mechanics behind these attacks.
In the Bitcoin whitepaper, Satoshi makes the famous claim that Bitcoin (BTC) is secure from attacks. He provides the following as his reason:
“[The attacker] ought to find it more profitable to play by the rules […] than to undermine the system and validity of his own wealth.”
In regards to flash loans, they substantially modify the risks for an attacker
Potential long-term effects
It’s no surprise that the bZx attacks will potentially change things. For that matter, it is unlikely they will be the last attacks. With the second bZx attack being the first copycat, it could trigger a wave of attacks in the near future. Now, thousands of tech-savvy individuals worldwide are closely examining the flaws under a microscope. They intend on discovering if there is any way that they can conduct another flash attack. If they successfully exploit a vulnerability, they could make an astonishing amount of money themselves.
In the case of protocols, flash attacks equate to the threat model gradually changing. Being on the receiving end of a flash attack following the bZx hacks will be as embarrassing. It would be akin to getting hit by re-entrance after the DAO hack.
These episodes are resulting in the remembrance of an old crypto concept: miner-extractable value (MEV). MEV is the total value that miners are able to extract from a blockchain system. This includes block rewards and fees, as well as mischievous forms of value extraction. Examples of these are transaction reordering or rogue transactions injection into a block.
In the end, one should take all of these flash attacks into account as single transactions. Specifically, in the mempool that generates a lot of money. The second bZx attack, for example, would result in up to $645,000 profit in ETH within a single transaction. Imagine you are a miner about to start mining a new block. Now, imagine looking at the transactions of the previous block and thinking, “What? Why am I about to mine a new block for $500 when that last block contains $645K worth of profit?”
Role of miners
The extraction of flash attacks should be the job of the miners. This will, in an ironic sense, serve as a hindrance against flash attacks. This is due to it inevitably making it impossible for attackers to monetize their discoveries of these flaws. Maybe in time, miners will solicit attack code by way of private channels and pay the attacker a finder’s fee. When you think about it, this could be done using zero-knowledge proofs.
It sounds outlandish, so miners obviously are not doing this. But why exactly aren’t they?
There are plenty of reasons, one of which being it is extremely difficult and it is a lot of work. Another is that it is a risky process and there would be a ton of bugs that result in lost funds or abandoned blocks. For now, miners would in all probability lose more in business and orphaned blocks than they would gain by attempting this.
For all the skepticism, flash loans are nonetheless an innovative idea. They could expand DeFi use cases because there is no requirement for much capital. It will also help in making things comparatively cheaper due to it lowering the overall cost of transactions. Of course, this is something that will take time and a lot of experimentation to achieve. We will need to wait and see what comes of it.