Topic: DeFi - Flash Loan - simple explanation with bZx example (Read 177 times)

here is one more application for Flash Loans, to chain market outcomes, there is an example of using Flash Loan to push your proposal to pass in Decentralized Autonomous Organization

actual situation happened in MakerDAO protocol, voting for proposal to push their oracles acceptance in MakerDAO, more information on links below
https://www.theblockcrypto.com/post/82721/makerdao-issues-warning-after-a-flash-loan-is-used-to-pass-a-governance-vote
https://forum.makerdao.com/t/urgent-flash-loans-and-securing-the-maker-protocol/4901/2

not sure where are you headed with your questions, if you plan to use this mechanism, and do not understand the basics, it is better to skip the trying

regarding answers on the first question - you make a script that will serve the purpose, it is certainly possible, and not possible because I have said that to you, but because people already used it to exploit mechanism - but, it is a tool for developers, not easy to use, and not recommended for anyone

regarding second one, yeah, if you do not have funds for gas, then you can make a transaction, that is true (and to make few transactions in one block, you need to setup high gas fee)

one more thing, this exploits are not planned activities, and could be looked at as criminal activities, hope that you understand that, it is good to understand the matter, before investing any money in it

Sorry, I have still a lot of questions.

If one transaction block duration is 15 seconds, then it's kinda impossible to take flash loan and pay back in such short time frame, isn't it?

Regarding gas thing, you could take a flash loan, empty your wallet by transferring funds to your another address, then there is no funds in your account to fullfil the loan amount and neither the gas fees to make transaction. How does that work?

maybe I misunderstood your question, but here are the answers that I could provide

- yeah, you have to pay back until the transaction block ends - all transactions have to be included in the same transaction block

- regarding duration, for Ethereum, typical transaction block duration is 15 seconds

- yeah, each and every computation/writing on the Ethereum network, that is done on behalf of any address, requires a gas paid by that address, so you have to pay the gas, independently from that fact that transaction is done or not, so it will be paid even if the transaction is reverted

You have to pay by time block ends right? So how much time is it? And if you don't pay on time, transaction reverts itself, so does it require eth to pay for gas?

Ethereum, or most blockchains for the matter, is organized by transaction blocks, one after another, and all these blocks are consisted from several transactions that are stored in that particular block, while all these block consist an epoch, that is above block in blockchain organization

by transaction block, I mean that all transactions that are indicated for bZx, or associated with any flash loan, are executed within the same transaction block (so that all these activities of borrowing and pay backs are concluded in one block, and the situation on the beginning of following block is the same as on the beginning on this block)

on etherscan.io you can find transaction blocks, and all of these are consisted from several transactions, here is the link for one block example with 73 transactions
https://etherscan.io/txs?block=9484688&p=2

I don't understand, what you mean by one transaction block? And if it reverses transaction by itself, you still need eth to pay gas right?

what is a Flash loan in DeFi terminology? aim of this post is to provide simple explanation of Flash loan, for everyone who is using DeFi, since this is one of the main parameters for successful hacks in DeFi history, if they are hacks after all, since all these are just using underlying technology, that is not easy to understand to most users

DEFINITION
Flash Loan, as defined by AAVE, that introduced them to main crypto world, enable you to borrow funds instantly and easily, without any collateral needed, in case that you return the funds to the pool within one transaction block, if you are not able to return the funds to the pool within transaction block, the transaction is reversed, so that effectively there is no action at all. In well funded Liquidity pools, these would not create meltdown, but in a poorly staked Liquidity pools this can cause many troubles

for the purpose, liquidity pools are charging small interest, that is close to zero ( 0,001-0,1 % range)

what that mean, is that developers (who are the prime users of Flash Loans) can exploit liquidity with small interest for the liquidity provider, and have main advantage over other participants on the market - and that is why "Ethereum is a Dark Forest"

main use-cases include Arbitrage, Collateral swapping, Self-liquidation, and here is an explanation for each of these:
- Arbitrage - it is as simple as purchase an asset on one market, and sell it on another market, where the current price is better (if you do this within one transaction block, you can use Flash Loan), and there is a lot of arbitrage bots that are made to do just this, although it is not too easy to exploit the market in this way, and profit is not guaranteed
- Collateral swapping - it is a practical way to swap your collateral when the price of underlying asset is moving fast, and you can be liquidated, then you swap your collateral for stable coin to secure your position
- Self-liquidation - practically, this is an opportunity to generate cash for a profitable action, and self-liquidate it within the same transaction block, so one can make money without initial investment

EXAMPLES
First example
1. https://www.coindesk.com/exploit-during-ethdenver-reveals-experimental-nature-of-decentralized-finance - first exploit for bZx protocol, with 350k USD taken from the protocol
November 2020
2. https://www.coindesk.com/value-defi-suffers-6m-flash-loan-attack - Value DeFi exploited for 6 million USD
3. https://peckshield.medium.com/cheese-bank-incident-root-cause-analysis-d076bf87a1e7 - Cheese Bank exploited for 3.3 million USD
4. https://www.coindesk.com/defi-project-akropolis-token-pool-drained - Akropolis hacked for 2 million USD
5. https://www.coindesk.com/origin-protocol-loses-3-25m-in-latest-flash-loan-attack-reports - Origin protocol sustained attack for 7 million USD
6. https://www.coindesk.com/harvest-finance-24m-attack-triggers-570m-bank-run-in-latest-defi-exploit - Harvest Finance was exploit for 24 million USD

bZx EXAMPLE AND STEPS EXPLAINED
what actually happened in bZx exploit is following:
- Flash Loan attack (all actions within one transaction block):
1. borrowing ETH from dYdX and using parts of the loan for simultaneous actions 2,3,4
2.1. minting cETH on Compound, using borrowed ETH (with part of the sum borrowed)
2.2. borrowing cWBTC on Compound using minted cETH
3.1. Margin trade ETH against WBTC on bZx with leverage (with part of the sum borrowed)
3.2. Use of arbitrage opportunity to buy WBTC for ETH gain on bZx
2.3. Convert cWBTC on Uniswap for ETH, that is now cheaper
4. paying back the ETH to dYdX, with a profit
so, practically, attacker used part of funds to create leverage on bZx to influence ETH/BTC price on Uniswap, and used another part of funds to mint BTC on Compound and buy that "cheap" ETH on Uniswap

CONCLUSION
Most of these opportunities for Flash Loan exploits is ceased with good oracles, like ChainLink, and use of several oracles within same DeFi project, so this should be your first stop to prove, when starting with new DeFi project. Nevertheless, the opportunity is always there and one should be aware of risk when investing in DeFi Liquidity Pools.

for more interest, one can look on following links:
https://aave.com/flash-loans/
https://www.investopedia.com/terms/s/self-liquidating-loan.asp
https://hackingdistributed.com/2020/03/11/flash-loans/