Flash Loan Attacks Explained in Detail
A flash loan lets a borrower use assets inside one transaction without upfront collateral, as long as the loan is repaid before the transaction ends. If repayment fails, the transaction reverts.
In attacks, the flash loan usually supplies temporary capital for another bug: price manipulation, bad collateral valuation, weak governance snapshots, or unsafe accounting.
Smart contract example
function executeOperation(uint256 amount) external {
dex.swapLargeAmount();
lendingMarket.borrowAgainstInflatedPrice();
dex.swapBack();
repayFlashLoan(amount);
}
The attack works only if the protocol trusts a value that the attacker can move and consume in the same transaction.
Flash Loan Attacks in Auditing
Flash loans remove capital assumptions. Auditors should assume an attacker can borrow large temporary capital, move prices, trigger callbacks, and unwind the position before the transaction ends.
Red flags in code
-
Protocol logic trusts same-block AMM reserves or spot prices.
-
Borrowing power changes immediately after a manipulable swap.
-
Governance power is measured without delay or checkpoints.
-
Rewards, shares, or collateral values can be inflated and consumed in one transaction.
-
Liquidation logic depends on a price that can be moved before the liquidation call.
-
Callback entry points can chain into sensitive protocol actions.
How to test or review it
-
Simulate large temporary capital on a fork.
-
Move the dependency first, then call borrow, mint, redeem, liquidate, or claim.
-
Check whether the attacker can unwind and repay in the same transaction.
-
Test low-liquidity pools and edge collateral assets.
-
Review every oracle, share price, voting, and reward dependency for same-block manipulation.
-
Add invariants for bad debt, collateralization, total supply, and protocol reserves.