Introduction
Flash loans enable borrowing unlimited funds without collateral, as long as the loan is repaid within the same transaction. While useful for arbitrage and liquidations, they're also used to amplify attacks.
Common Attack Patterns
- Oracle manipulation - Inflate/deflate prices temporarily
- Governance attacks - Acquire voting power instantly
- Liquidation manipulation - Force unfair liquidations
- Reentrancy amplification - Multiply attack impact
FlashLoanAttack.sol
// Example: Price oracle manipulation attackcontract FlashLoanAttack { function attack() external { // 1. Borrow large amount via flash loan flashLoan.borrow(1_000_000 ether); // 2. Dump tokens on DEX to crash price dex.swap(borrowedTokens, targetToken); // 3. Exploit protocol using manipulated price vulnerableProtocol.liquidate(victim); // 4. Restore price and repay loan dex.swap(targetToken, borrowedTokens); flashLoan.repay(); }}Use TWAP oracles and add flash loan detection to prevent these attacks.
Price Manipulation
Most common flash loan attack vector
TWAP Protection
Use time-weighted average prices
Detection
Implement flash loan detection