Flash Loan

What Is a Flash Loan?

A flash loan is a type of uncollateralized loan unique to decentralized finance (DeFi) that allows a borrower to receive any amount of assets from a lending pool, use those assets across multiple DeFi protocols, and repay the loan: all within a single atomic blockchain transaction. If the borrower fails to repay the principal plus the protocol fee before the transaction finalizes, the blockchain automatically reverts every state change, restoring all balances to their pre-transaction values.

The concept was first proposed by the Marble Protocol in 2018 as an open-source "flash lending" smart contract on Ethereum. However, flash loans gained mainstream adoption when Aave launched production flash loan support in January 2020 as part of Aave V1. By mid-2020, Aave was processing over $100 million in flash loans per day. As of early 2026, Aave alone has facilitated over $1 trillion in cumulative flash loan volume.

Traditional lending requires collateral to protect the lender against default. Flash loans eliminate this requirement entirely by exploiting a fundamental property of blockchain execution: atomicity. Because every step of the loan (borrow, use, repay) happens within a single transaction, there is no scenario where the lender loses funds. The loan either succeeds in full or never exists.

How It Works

Flash loans rely on two core blockchain properties: atomic transaction execution and smart contract composability. A single Ethereum transaction can invoke dozens of smart contracts in sequence, and if any step fails, the entire chain of operations reverts.

1. The borrower deploys (or calls) a smart contract that requests a flash loan from a lending protocol like Aave, dYdX, or Uniswap
2. The lending protocol transfers the requested tokens to the borrower's contract
3. The borrower's contract executes arbitrary logic: swaps on DEXs, deposits into lending protocols, liquidations, or any other on-chain operations
4. The borrower's contract returns the borrowed amount plus the protocol fee to the lender
5. The lending protocol verifies repayment. If the balance check fails, the entire transaction reverts

All five steps execute within a single transaction. From the blockchain's perspective, either every state change persists or none of them do. There is no intermediate state where the lender is exposed to default risk.

ERC-3156: The Flash Loan Standard

ERC-3156 is the Ethereum standard that defines a common interface for flash loan providers and borrowers. It specifies two contracts: the lender (which implements IERC3156FlashLender) and the receiver (which implements IERC3156FlashBorrower). The standard uses a callback pattern where the lender calls onFlashLoan on the receiver after transferring tokens:

// ERC-3156 Flash Loan Receiver Interface
interface IERC3156FlashBorrower {
    function onFlashLoan(
        address initiator,
        address token,
        uint256 amount,
        uint256 fee,
        bytes calldata data
    ) external returns (bytes32);
}

// ERC-3156 Flash Loan Lender Interface
interface IERC3156FlashLender {
    function maxFlashLoan(address token)
        external view returns (uint256);
    function flashFee(address token, uint256 amount)
        external view returns (uint256);
    function flashLoan(
        IERC3156FlashBorrower receiver,
        address token,
        uint256 amount,
        bytes calldata data
    ) external returns (bool);
}

The lender transfers tokens to the receiver, calls onFlashLoan, then verifies that the tokens (plus the fee) have been returned. If the receiver's balance check fails, the entire transaction reverts. This standardized interface allows any protocol to offer flash loans with a consistent API, and borrowers can write contracts that work across multiple lenders.

Protocol Fees

Flash loan providers charge small fees on each loan. Current fee structures across major protocols:

On a $10 million flash loan through Aave, the protocol fee is $5,000 plus Ethereum gas costs (typically $50 to $500 depending on network congestion and transaction complexity).

Use Cases

Arbitrage

The most common legitimate use of flash loans is DEX arbitrage. When the same token trades at different prices across exchanges, a flash loan borrower can profit from the spread without holding any capital:

1. Borrow 1,000 ETH from Aave via flash loan
2. Sell 1,000 ETH on DEX A where the price is higher
3. Buy 1,000 ETH on DEX B where the price is lower
4. Repay 1,000 ETH plus the 0.05% fee to Aave
5. Keep the profit from the price difference

This type of arbitrage actually benefits DeFi markets by aligning prices across venues. It is closely related to MEV (maximal extractable value), as arbitrage bots compete for profitable flash loan opportunities within block ordering.

Collateral Swaps

Users with active lending positions can use flash loans to swap their collateral without closing the position. For example, a user with ETH collateral on Aave who wants to switch to WBTC collateral can:

1. Flash-borrow enough DAI to repay the outstanding debt
2. Repay the Aave debt, freeing the ETH collateral
3. Swap the freed ETH for WBTC on a DEX
4. Deposit WBTC as new collateral on Aave
5. Borrow DAI against the new collateral and repay the flash loan

Without flash loans, this operation would require significant upfront capital or would force the user to temporarily close the position, risking liquidation during the process.

Self-Liquidation

When a lending position approaches its liquidation threshold, the borrower normally faces a liquidation penalty (typically 5% to 15%). Flash loans allow borrowers to liquidate themselves at lower cost:

1. Flash-borrow the token owed to the lending protocol
2. Repay the entire debt, unlocking the collateral
3. Sell enough collateral to cover the flash loan plus fee
4. Repay the flash loan and keep the remaining collateral

The flash loan fee (0.05% on Aave) is far less than the liquidation penalty, saving the borrower significant capital.

Flash Loan Attacks

Flash loans have enabled a category of DeFi exploits that would otherwise require millions in upfront capital. In 2024, flash loan attacks accounted for 83.3% of eligible DeFi exploits, with price oracle manipulation alone causing over $52 million in losses across 37 incidents.

Oracle Manipulation

Many DeFi protocols rely on AMM pool prices as oracles for collateral valuation, lending rates, or liquidation thresholds. Flash loans give attackers the capital to distort these prices within a single transaction:

1. Flash-borrow a large amount of tokens
2. Execute a massive swap on a DEX pool, distorting the spot price
3. Interact with a vulnerable protocol that reads price from the manipulated pool
4. Profit from the distorted valuation (borrow at inflated collateral value, trigger unfair liquidations, etc.)
5. Repay the flash loan

Notable examples include the Polter Finance attack, where an attacker used flash loans to inflate the BOO token price on SpookySwap, enabling borrowing far beyond actual collateral value. In April 2025, KiloEx lost $7.5 million when an attacker manipulated oracle prices in both directions to open and close leveraged positions at artificial values.

Governance Attacks

Some governance systems weight votes by token holdings at the time of a snapshot. An attacker can flash-borrow governance tokens, vote on a proposal or trigger a snapshot, then return the tokens. This gives them outsized influence without any long-term capital commitment.

Attack Mitigations

The DeFi ecosystem has developed several defenses against flash loan attacks:

• Time-weighted average price (TWAP) oracles: protocols like Uniswap V3 provide price feeds averaged over multiple blocks, making single-transaction manipulation ineffective
• External oracle networks: Chainlink and similar services provide price data from off-chain sources that cannot be manipulated within a single transaction
• Multi-block delays: requiring that borrowed assets be used across multiple blocks (not just one) breaks the atomicity that flash loans rely on
• Governance timelocks: adding a delay between token acquisition and voting eligibility prevents flash-borrowed governance attacks

Why Flash Loans Cannot Exist on Bitcoin

Flash loans are fundamentally incompatible with Bitcoin's architecture. The reason is structural, not a limitation of network capacity or scripting power.

Ethereum uses an account-based model where a single transaction can call multiple smart contracts in sequence, with the ability to revert all state changes if any step fails. This composable execution with atomic rollback semantics is what makes flash loans possible.

Bitcoin uses a UTXO model where each transaction consumes specific inputs and produces specific outputs. There is no concept of mid-execution callbacks, arbitrary contract calls, or transaction-wide rollback. A Bitcoin Script can validate spending conditions for a single UTXO, but it cannot orchestrate multi-step operations across multiple contracts within one transaction.

This same architectural difference means that Bitcoin Layer 2 protocols like Lightning and Spark use fundamentally different mechanisms for trustless lending and asset movement. Instead of relying on atomic intra-transaction rollbacks, Bitcoin-native protocols use cryptographic primitives like HTLCs, timelocks, and multi-party signature schemes to enforce conditionality across separate transactions.

Risks and Considerations

Systemic Risk to DeFi

Flash loans lower the capital barrier for exploiting vulnerable protocols to effectively zero. Before flash loans, an attacker needed millions in capital to execute oracle manipulation or governance attacks. Now, anyone with the technical knowledge to write a smart contract can attempt these exploits for the cost of a transaction fee.

Transaction Complexity and Gas Costs

Flash loan transactions are complex multi-step operations. Gas costs scale with the number of contract calls, and failed transactions (where repayment conditions are not met) still consume gas. During network congestion, flash loan profitability can be wiped out entirely by gas fees.

MEV and Front-Running

Profitable flash loan transactions are visible in the mempool before confirmation. Block producers and MEV searchers can front-run flash loan arbitrage by copying the transaction logic and submitting it with a higher gas price. This creates an arms race where flash loan profits increasingly accrue to validators and MEV extractors rather than the original strategist.

Smart Contract Risk

Writing a flash loan contract requires careful handling of token approvals, callback logic, and repayment calculations. Bugs in flash loan receiver contracts can result in failed transactions (wasting gas), stuck approvals, or unintended token transfers. The BTC DeFi landscape is evolving different security models that avoid these composability risks by design.

Flash Loans vs. Traditional DeFi Lending

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.