Attack Vectors

Flash Loan Attacks Explained: How $100M Was Stolen in Minutes

9 min readAdvancedUpdated 2025

Flash loans are one of DeFi's most powerful primitives — and its most dangerous attack vector. They allow anyone to borrow any amount of capital with zero collateral, use it within a single transaction, and return it — all in one atomic operation.

When used correctly, they enable arbitrage, liquidations, and collateral swaps. When weaponized, they've been used to drain over $100 million from DeFi protocols in single transactions.

How Flash Loans Work

A flash loan is a loan that must be borrowed and repaid within a single Ethereum transaction. If the loan isn't repaid by the end of the transaction, the entire thing reverts — as if it never happened. This makes them risk-free for the lender.

Borrow

Attacker borrows $100M USDC from Aave with no collateral in one transaction.

Manipulate

Uses the $100M to manipulate a price oracle, token price, or liquidity pool.

Exploit

Calls the vulnerable protocol while the price is manipulated to drain funds.

Repay

Repays the $100M flash loan + fee, keeps the stolen funds. All in one transaction.

The Most Common Attack: Price Oracle Manipulation

The most common flash loan attack targets protocols that use spot prices from DEX pools as oracles. Since a flash loan can temporarily move pool prices significantly, an attacker can trick the protocol into thinking an asset is worth far more or less than it is.

❌ Vulnerable: Using spot DEX price as oracle

function getPrice(address token) public view returns (uint256) {
    // DANGEROUS: spot price can be manipulated with flash loans
    (uint112 reserve0, uint112 reserve1,) = uniswapPair.getReserves();
    return (reserve1 * 1e18) / reserve0;
}

function borrow(address token, uint256 amount) public {
    uint256 price = getPrice(token); // Manipulated price!
    uint256 collateralRequired = amount * price / 1e18;
    require(collateral[msg.sender] >= collateralRequired);
    // Attacker can borrow way more than they should
}

✅ Safe: Use Chainlink or TWAP oracle

import "@chainlink/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol";

AggregatorV3Interface priceFeed;

function getPrice() public view returns (uint256) {
    (, int256 price,,,) = priceFeed.latestRoundData();
    return uint256(price); // Chainlink: manipulation-resistant
}

// Or use Uniswap V3 TWAP (time-weighted average price)
// TWAP is averaged over time, making flash loan manipulation too expensive

How to Protect Your Protocol

1. Never use spot prices as oracles — Use Chainlink price feeds or TWAP oracles that average prices over time. Flash loans can't manipulate time-averaged prices economically.

2. Use internal accounting — Don't rely on address(this).balance or token.balanceOf(address(this)) for security logic. These can be manipulated. Use internal tracked balances instead.

3. Add reentrancy guards — Flash loan attacks often involve multiple contract calls. ReentrancyGuard can break the attack chain.

4. Limit single-block actions — Require multiple blocks between borrow and liquidation for lending protocols, making flash loan attacks impossible.

Real examples: Beanstalk ($182M), Euler Finance ($197M), Cream Finance ($130M) — all flash loan attacks exploiting price oracle manipulation or reentrancy in DeFi protocols.

Check your protocol for flash loan vulnerabilities

AuditAI scans for oracle dependencies, reentrancy, and other flash loan attack surfaces. Free for any Solidity contract.

⬡ Run Free Audit