Why is Chainlink important in mitigating the risk of flash loan attacks?

Lendefi Protocol
Oct 20 · 4 min read

Decentralized finance is growing in popularity, and with increasing popularity comes increasing ways to cheat the system. Many incidents have happened over time and DeFi hacks are increasing rapidly, among those different hacks is an attack that causes DeFi protocols and DEXs to fidget — The Flash Loan Attack.

What is a flash loan, how does the attack happen and how does Chainlink help in drastically reducing the chances of a Flash Loan attack?

A flash loan is an undercollateralized loan in which you neither post a collateral nor need to go through any credit risk review. You simply ask the lender if they can loan you a particular amount, and they say, “Sure, here you go”.

But how is this possible? If we do not put up any collateral or have a risk check, how can the lender know that we will not run away with the money?

The explanation is that the flash loan must be returned in the same transaction in which it was requested. If this seems unintuitive to us, it is because we are used to typical transaction formats where funds are moved from one user to another. Like when we pay for goods and services or when we deposit tokens in an exchange.

But the Binance Smart Chain offers us a very flexible platform in which we can program a flash loan as a transaction that takes place in three stages:

1) Receive the loan.

2) Do something with the loan.

3) Repay the loan.

And all this happens in a flash.

Thanks to the magic of the blockchain, the transaction is sent to the network, the funds are temporarily loaned to you. You can do whatever you want with them as long as you return them on time.

If you don’t, the network will reject the transaction, which means that the lender gets your funds back. In fact, as far as the blockchain is concerned, the funds NEVER got out of the lender’s control. And this explains why the lender can loan you the money without you putting any assets as collateral. The repayment contract is executed by the code itself.

Flash loans are mostly used for arbitrage trading but they can also be used for collateral swapping.

How does Flash Loan attack happen?

DeFi is an industry in it’s pilot phase. When there is so much money at stake, it is a matter of time until vulnerabilities begin to be discovered.

Let’s take a look at bZx protocol’s flash loan attack to fully understand

The bZx margin trading protocol witnessed two massive flash loan attacks in 2020. Since these two attacks followed an almost identical pattern, let’s understand the first one to get the gist of how a flash loan attack is executed.

  • First, the attacker took a huge Ether Flash Loan of 10,000 ETH from dYdX.
  • Once the attacker had access to this huge amount of ETH, this entire amount of ETH was then split and sent to 2 other lending platforms namely Fulcrum & Compound.
  • The attacker used 5,500 ETH as collateral to take out a loan of 112 WBTC from Compound.
  • A small portion of this loan amount, namely, 1300 was sent to Bzx’s Fulcrum trading platform. This was specifically done for short ETH as opposed to WBTC.
  • The attacker was now ready to initiate his next move to cause a massive slide in the market. Therefore, 5637 ETH was borrowed using Kyber’s Uniswap for almost 51 WBTC.
  • Remember the attacker took WBTC from Compound at the start (Stage 3)? Well, it was finally time to make some profit using these WBTCs.
  • Therefore, the attacker simply traded the 112 WBTC on Uniswap. Although the 112 WBTC loan was taken out for 5,500 ETH ( Stage 3 ), after the massive slide, the attacker was able to exchange it for 6,871 ETH on Uniswap.
  • During this entire hack, the attacker grabbed a large amount of 1,193 ETH. In other words, the attacker was able to make an incredibly high profit of around $318,000.
  • Finally, dYdX’s 10,000 ETH flash loan was repaid.

Let’s be clear, the flash loan itself does not allow the attack. It provides attackers with sufficient funds to help them exploit vulnerabilities that already exist in protocols. Criminals often abuse the decentralization and privacy of crypto to run away with their loot because it is extremely complicated to track them down and recover the funds. The same goes for attackers of flash loans.

Enter Chainlink — The Master Mitigator

A number of flash loan attacks are caused by on-chain oracles due to the fact that they offer limited market coverage, making protocols more prone to price manipulation.

This is why LenDeFi has integrated Chainlink into it’s Protocol. Chainlink is a decentralized oracle network with a wide market coverage which ensures that LenDeFi is more resilient and secure.

With this robust decentralized oracle network in place, it is extremely difficult for attackers to manipulate the prices of tokens on LenDeFi during an attack.

The price feed works in a decentralized fashion, provides quality data, and uses a benchmark contract template, allowing LenDeFi’s system to receive a more accurate price for a digital asset at all times.

As a flash loan only occurs in a single block and can only affect on-chain trading, it is less likely to influence the price flow of Chainlink which operates on multiple blocks at the same time.

The Lendefi protocol will deliver leveraged trading and secured lending to cryptocurrency markets. Utilizing an undercollateralized loan model, Lendefi facilitates a trustless relationship between lender and borrower, managed by the protocol to remove counterparty risk.

For further information please join our global Telegram group, visit our website, join our Twitter feed or inspect our GitBook documentation.

Leveraged trading via secured undercollateralized loans.