What are Flash Loans and How Do Their Smart Contracts Work?

Definition and Core Mechanics

1. Flash loans are uncollateralized loans that must be borrowed and repaid within a single blockchain transaction.

2. They rely entirely on the atomicity of smart contracts—meaning the entire operation either succeeds completely or reverts entirely if any condition fails.

3. No credit checks, identity verification, or external approvals are involved; execution depends solely on on-chain logic.

4. The borrower must return the principal plus a small fee—typically 0.09% on Aave or 0.3% on dYdX—before the transaction concludes.

5. If repayment does not occur, the smart contract automatically triggers a revert, canceling all intermediate state changes as if the transaction never happened.

Smart Contract Architecture

1. A flash loan contract inherits from a base lending protocol’s interface, such as Aave’s LendingPool or Balancer’s FlashLoanReceiver.

2. The borrower deploys a custom receiver contract implementing a required callback function—executeOperation in Aave or flashLoan in Uniswap V3.

3. This function contains the arbitrage logic, liquidation sequence, or collateral swap instructions triggered immediately after fund disbursement.

4. Within that function, the contract must call the protocol’s transfer or approve method to route repayment back to the lender before the function exits.

5. Any deviation—such as insufficient balance, incorrect token routing, or missing approval—causes immediate transaction failure without partial execution.

Common Use Cases in Practice

1. Arbitrage across decentralized exchanges: A bot borrows 1000 ETH, buys DAI cheaply on SushiSwap, sells it at a higher price on Curve, repays the loan, and keeps the spread.

2. Collateral swapping: A user replaces volatile collateral with stable assets mid-position to avoid liquidation, using borrowed funds to execute the swap before returning them.

3. Debt refinancing: Borrowers extract liquidity from one protocol, repay a higher-interest position elsewhere, and lock in better terms—all inside one block.

4. Protocol governance attacks: Attackers use flash loans to temporarily acquire enough voting tokens, pass malicious proposals, then unwind holdings—highlighting governance design flaws.

5. NFT flipping: Funds are borrowed to purchase undervalued NFTs at auction, list them on secondary markets, and repay the loan once sales settle, all before block confirmation.

Risk Vectors and Exploitation History

1. Reentrancy vulnerabilities have led to losses exceeding $30 million, notably in the Harvest Finance hack where recursive calls drained reserves during flash loan–driven minting.

2. Oracle manipulation remains a critical threat—flash loans enable rapid accumulation of tokens needed to skew price feeds feeding into lending protocols.

3. Imperfect slippage handling in AMM-based swaps can cause unexpected shortfall during repayment, forcing automatic reversion even for legitimate strategies.

4. Front-running bots monitor pending flash loan transactions and sandwich trades to capture profits before the borrower’s operations finalize.

5. Protocol-level rate limits and circuit breakers—like Aave’s max flash loan size per asset—are frequently bypassed via multi-hop routing across pools.

Frequently Asked Questions

Q: Can flash loans be executed on Bitcoin?A: No. Bitcoin lacks Turing-complete smart contracts and stateful transaction logic required for flash loan mechanics.

Q: Do flash loans require KYC or wallet whitelisting?A: No. Any externally owned account or contract capable of calling the protocol’s flash loan function may initiate one, provided gas limits and balance constraints are satisfied.

Q: Is it possible to borrow multiple assets in one flash loan?A: Yes. Protocols like Aave v3 support multi-asset flash loans, allowing simultaneous borrowing of ETH, USDC, and WBTC within a single transaction.

Q: What happens if network congestion delays transaction inclusion?A: Flash loans do not time out. They execute only when included in a block—and fail instantly if repayment conditions are unmet at that exact moment.