Flash Swap Explained in Detail
A flash swap lets a user receive tokens from an AMM pool before paying for them. The user must repay the pool, or provide equivalent value, before the transaction ends.
The flow usually depends on a callback into the borrower's contract.
Smart contract example
pool sends tokens -> borrower callback runs -> borrower repays pool
If repayment fails, the whole transaction reverts.
Flash Swap in Auditing
Flash swaps provide same-transaction liquidity and external callback control. They can be used for arbitrage, but also for oracle manipulation, reentrancy, and price-dependent exploits.
Auditors review both protocols that offer flash swaps and protocols that can be attacked using them.
Red flags in code
-
Callback does not verify the real pool sender.
-
Protocol reads AMM spot prices after a flash swap changes reserves.
-
Repayment logic ignores fees or token behavior.
-
Callback can reenter sensitive functions.
-
Pool address or token pair assumptions are weak.
How to test or review it
-
Implement a malicious callback contract.
-
Manipulate a dependent pool or oracle during the callback.
-
Test repayment success, underpayment, and revert paths.
-
Verify callback sender and token pair.
-
Combine with flash loan attack scenarios.