DeFi

Flash Loan Attack Vectors and Defences

The exploit mechanisms by which attackers use uncollateralised flash loans to temporarily amplify capital far beyond their own funds — enabling price oracle manipulation, governance attacks, and collateral liquidation exploits against DeFi protocols — and the defensive design patterns that secure protocols against these attacks.

What Flash Loans Enable

Flash loans — uncollateralised loans that must be borrowed and repaid within a single Ethereum transaction — are a uniquely DeFi primitive with legitimate uses (arbitrage, collateral swaps, self-liquidation) and attack uses. The key insight for understanding flash loan exploits: in a single transaction, an attacker with a flash loan can temporarily command $100M+ of capital regardless of their actual net worth. This capital access, for the duration of one transaction, allows them to overwhelm DeFi protocol assumptions designed for normal-sized participants — price oracle manipulation being the most common vector.

Vector 1: Spot Price Oracle Manipulation

The most common flash loan exploit pattern targets DeFi protocols that use spot AMM prices as oracles for collateral valuation or other critical calculations. The attack sequence:

  1. Flash loan a large amount of USDC from Aave or Uniswap's flash loan facility.
  2. Swap the USDC for Token X in an illiquid Uniswap pool — the large buy dramatically inflates the spot price of Token X in that pool (e.g., 10× increase).
  3. Use the inflated Token X price, as read by a vulnerable protocol's oracle, to borrow against Token X as if it were worth 10× its actual value — borrowing $50M of stablecoins against $5M worth of collateral at manipulated valuation.
  4. Repay the flash loan from the borrowed stablecoins, keeping the difference as profit.
  5. All steps execute atomically in one transaction — the price manipulation is invisible to block explorers until the transaction confirms.

Real examples: Harvest Finance ($34M, October 2020), Cheese Bank ($3.3M, November 2020), and dozens of others all followed this basic pattern against protocols using Uniswap V2 spot prices as oracles. The concentrated losses from this vector led to widespread adoption of TWAP (Time-Weighted Average Price) oracles.

TWAP Oracles: The Primary Defence

Time-Weighted Average Price (TWAP) oracles calculate a token's price as the average over a time window (typically 30 minutes to 2 hours) rather than the current spot price. This defence is effective against flash loan manipulation because:

  • Flash loans execute in a single block (~12 seconds on Ethereum) — a 30-minute TWAP cannot be meaningfully manipulated by a single block's price movement.
  • Manipulating a TWAP oracle requires sustaining artificial price levels for the full TWAP window — an extremely expensive multi-block manipulation that makes attacks economically unattractive for most protocol TVLs.

Uniswap V3's built-in TWAP oracle and Chainlink's decentralised price feeds (which aggregate from multiple sources with deviation threshold updates, not AMM spot prices) have become the standards for production DeFi oracle usage. Any protocol still using raw Uniswap V2 spot prices as oracles as of 2025 has a significant known vulnerability.

Vector 2: Governance Attacks via Flash Loans

As covered in the governance entries, Beanstalk Protocol was drained of $182M in April 2022 via a flash loan governance attack. The mechanism: flash loan sufficient governance tokens to pass an "emergency proposal" in a single transaction, execute the proposal to transfer treasury funds, repay the flash loan. The specific vulnerability: no timelock between proposal passage and execution — governance and execution happened atomically.

Defence: Mandatory timelocks (24–72 hours between proposal passage and execution) prevent flash loan governance attacks definitively — flash loans cannot be held across blocks, let alone across a 24-hour timelock window. Compound, Aave, and all major protocols with on-chain governance implement timelocks; missing timelocks are a critical security vulnerability.

Vector 3: Reentrancy via Flash Loans

Flash loans can amplify reentrancy vulnerabilities — if a vulnerable protocol allows a callback during a flash loan transaction, an attacker can exploit the reentrancy within the single flash loan transaction window. The combination of reentrancy (a classic smart contract vulnerability) with flash loan capital amplification was the vector for several major exploits including the Euler Finance hack ($197M, March 2023), where a novel donation-based reentrancy attack was combined with large borrowed capital to drain the protocol.

Defence: OpenZeppelin's ReentrancyGuard modifier prevents reentrancy at the function level. Checks-Effects-Interactions pattern (CEI) in function logic prevents state manipulation through callbacks. Flash loan callbacks should be treated as untrusted external calls — state changes must complete before external calls are made.

Vector 4: Collateral Ratio Manipulation for Liquidations

Attackers can use flash loans to temporarily depress a collateral token's price, triggering liquidations of other users' positions, and profit from the liquidation bounty. If an attacker can short-sell a collateral token using flash loan capital to drive its price below liquidation thresholds, they can then liquidate the resulting undercollateralised positions and claim the liquidation bonus before the price recovers. This attack is more expensive than oracle manipulation (requires sustained price movement, not just a single block's price) but has been observed against protocols with concentrated collateral type exposure.

Monitoring and Circuit Breakers

Beyond oracle and governance fixes, protocol-level circuit breakers provide additional defence layers:

  • Supply/borrow caps per collateral type: Limiting maximum single-asset exposure reduces the economic impact of any single collateral manipulation.
  • Large transaction alerts: Protocols like Aave and Compound integrate with OpenZeppelin Defender and Forta network monitors that detect anomalous transaction patterns (sudden large flash loans, rapid oracle price changes) and can trigger automatic protocol pausing.
  • Invariant checking: Post-transaction invariant assertions (total protocol assets must exceed total protocol liabilities after every operation) catch manipulation attempts that would violate protocol accounting.

Conclusion

Flash loan attacks remain the most common and highest-impact DeFi exploit vector — over $2B in losses attributed to flash loan-enabled exploits from 2020 to 2025. The defensive toolkit is well-established: TWAP/Chainlink oracles (not spot AMM prices), governance timelocks (mandatory for any on-chain executable governance), CEI pattern + ReentrancyGuard for smart contract implementation, and circuit breakers for anomaly detection. New DeFi protocols that ignore these established defensive patterns are not "novel design choices" but known-vulnerable implementations — assessing oracle design and governance architecture should be part of any DeFi protocol due diligence process.