What is a flash loan?

A flash loan is a loan that must be repaid inside the same transaction it was taken out in. If repayment does not happen, the entire transaction reverts and the loan never existed. Because Ethereum transactions are atomic — all of it commits or none of it does — this makes the loan genuinely risk-free for the lender, which in turn allows it to be uncollateralized. The whole arrangement is one of the strangest and most uniquely crypto primitives in existence.

The mechanics

A flash loan works in three steps inside a single transaction. First, the borrower calls a flash-loan function on a protocol like Aave or Balancer. The protocol transfers the requested amount (which can be enormous — hundreds of millions, limited only by the pool's liquidity) to the borrower's contract. Second, the borrower's contract does whatever it planned to do: arbitrage, liquidation, collateral swap, whatever. Third, before the transaction ends, the contract must call back to repay the loan plus a small fee (Aave charges 0.05 percent, Balancer is free). If the balance is not repaid, the EVM reverts the entire transaction.

The key insight is that lending without collateral is safe if the "borrower" cannot leave the building with the money. Inside a single transaction, there is no way to abscond. Either the repayment call succeeds or nothing happened at all.

Legitimate uses

Arbitrage is the canonical application. Suppose USDC is trading at 1.003 against DAI on Uniswap and at 0.998 on Curve. An arbitrageur can flash-borrow 10 million USDC, swap it for DAI on Curve, swap the DAI back for USDC on Uniswap, repay the flash loan, and pocket the difference. They needed no capital of their own — just the ability to execute the round trip profitably inside one transaction.

Collateral swaps are another. Suppose a user has 100 ETH of collateral on Aave backing a 50,000-dollar DAI loan and wants to switch the collateral to wstETH without closing the loan. A flash loan lets them borrow enough stablecoin to close the DAI loan, withdraw the ETH, swap to wstETH, redeposit, reopen the loan, and repay the flash loan — all in one transaction, with no intermediate state where they are undercollateralized.

Liquidations are a third. Liquidators can flash-borrow the repayment amount, trigger the liquidation to seize collateral at a discount, sell the collateral, and repay the flash loan — capturing the liquidation bonus without needing any of their own capital.

The exploit pattern

Flash loans themselves are not exploits. They are a tool. But they have been used as the funding mechanism for some of the most spectacular DeFi attacks, for a reason: they let an attacker temporarily wield absurd amounts of capital.

The standard pattern is oracle manipulation. A DeFi protocol uses a thin liquidity pool as a price oracle. The attacker flash-borrows a large amount, uses it to push the pool's price dramatically, triggers a dependent action (borrowing against inflated collateral, draining a rewards contract), reverses the price move, repays the flash loan, and keeps the profit. All inside one transaction.

bZx, Harvest Finance, PancakeBunny, Cream Finance, Euler, Mango Markets — many of the nine-figure DeFi exploits have used flash loans as the capital source. The root cause is usually the target protocol's reliance on a manipulable price feed, not the flash loan itself. A flash loan is how the attacker got the leverage; the bug is somewhere else.

Why the pattern keeps working

The defense against flash-loan-powered oracle attacks is well understood: do not use spot prices from shallow pools. Use time-weighted average prices (TWAPs) that require multiple blocks to manipulate, or use external oracles like Chainlink or Pyth that aggregate from many venues. Protocols that do this are robust to flash loans. Protocols that do not are exposed — and many newer, hastily deployed protocols still are.

This is why flash-loan attacks disproportionately hit new and unaudited protocols. The pattern is known. The fix is known. Teams that skip it ship exploitable code.

Who provides flash loans

Aave is the largest and most-used provider. Balancer, Uniswap v3 (via flash swaps), and dYdX all offer similar primitives. Each has different fee and gas characteristics; Balancer's zero-fee flash loans have been the vehicle for many attacks because of their cost advantage. Nothing about any of this is illegal or even discouraged — the protocols explicitly advertise these features for the legitimate use cases.

Why it matters

Flash loans are a primitive that has no analog in traditional finance. Unsecured, uncollateralized borrowing of arbitrary size, repayable in seconds, is simply not something a bank can offer. The only thing that makes it possible is the atomicity of the blockchain: a transaction either commits fully or does not happen at all, so a lender can extend arbitrary credit within the window of a single transaction with no risk.

For honest users, flash loans democratize access to arbitrage and capital-efficient strategies that were previously available only to firms with large balance sheets. For attackers, they lower the cost of probing protocols for vulnerabilities to effectively zero — you only pay gas if the attack succeeds. Both effects have pushed DeFi to become more robust over time, because any pricing weakness gets found and exploited quickly.