Flash Loans and the Importance of Tamper-Proof Oracles
Like the concept of yield farming, flash loans are exciting and powerful new liquidity mechanisms that have recently emerged in the decentralized finance (DeFi) ecosystem. Flash loans enable users to borrow assets from an on-chain liquidity pool with no upfront collateral as long as the borrowed amount of liquidity, plus a small fee, is returned to the pool within the same transaction. This innovative design increases access to capital for all users in a variety of use cases while ensuring the full, continuous solvency of the underlying liquidity pool.
For a short period of time—the span of a single transaction—a flash loan can make anyone a very well-capitalized actor, providing access to hundreds of millions of dollars in liquidity. This creates unique opportunities for arbitrage, collateral swapping, and the creation of leveraged positions, but it also creates certain risks, especially for a nascent ecosystem of protocols with varying degrees of decentralization and security. These risks should be understood by smart contract developers so more robust applications can be built for users.
Flash Loans and Price Oracle Attacks
As explained in our previous article on data quality for DeFi smart contracts, protocols that fetch prices from a single source are easily exploitable by malicious actors with a large amount of funds who can manipulate the market with one large trade. Because flash loans can provide instant and sizable liquidity to anyone in the world, at any point in time, they have increasingly been used to fund attacks on DeFi protocols. However, there is a key distinction to be made here: flash loans only provide funding to execute attacks—the real issue at hand is centralized price oracles that do not offer adequate market coverage.
While often differing in methodology and scope, the most common form of attack using flash loans is designed to manipulate protocols that use a blockchain-based decentralized exchange (DEX) as the protocol’s sole price oracle. An example of a flash loan funded attack on a DeFi lending and borrowing protocol using a DEX-based price feed follows this sequence:
- Borrow a large amount of token A from a protocol supporting flash loans
- Swap token A for token B on a DEX (lowering price of token A and increasing price of token B on the DEX)
- Deposit the purchased token B as collateral on a DeFi protocol that uses the above DEX as its sole price feed, and use the manipulated pricing to borrow a larger amount of token A than should normally be possible
- Use a portion of borrowed token A to fully pay back the original flash loan and keep the remaining tokens, generating a profit off of the protocol’s manipulated price feed
- As the prices of token A and B on the DEX get arbitraged back to the true market-wide price, the DeFi protocol is left with an undercollateralized position (debt worth more than collateral), directly harming innocent users
Because the attacker was able to open a flash loan and manipulate the on-chain exchange that a DeFi protocol used as its sole price oracle, they were able to raise the reported value of the token used as collateral and lower the reported value of the token used as debt. This allowed the attacker to borrow more funds than they should have been able to, creating a toxic position that cannot be fully liquidated, as the collateral became worth less than the debt. This attack is able to occur within a single transaction but can be repeated many times across multiple transactions, furthering the damages.
Using a single on-chain exchange as a price feed provides extremely limited market coverage, as it represents the trading activity of only one exchange. This leaves protocols relying on it vulnerable to manipulated price points if volume shifts to different exchanges or a well-capitalized actor temporarily manipulates that exchange. It’s especially concerning for lower liquidity cryptocurrency assets, which are increasingly being used as collateral within DeFi.
The good news is that this style of attack is entirely preventable with a decentralized oracle solution with proper market coverage.
How Chainlink Decentralized Oracles Prevent Attacks on Price Feeds
In order to generate full market coverage, Chainlink Price Feeds are powered by a decentralized network of oracles that aggregate price data not from a single source, but from multiple independent data providers, particularly professional data aggregators like CoinGecko, Amberdata, BraveNewCoin, and many more. These data aggregators track all trading environments while taking into account volume, liquidity, and time differences across exchanges using time-tested and highly refined algorithms.
Since flash loans only exist within a single transaction and can only manipulate on-chain DEXs, they have no effect over Chainlink Price Feeds as updates occur over multiple transactions in an asynchronous manner. Additionally, the issue of market manipulation on a single exchange is mitigated by fetching and aggregating data from both on-chain DEXs and traditional centralized exchanges.
To prevent flash loan related price oracle attacks, we strongly recommend that smart contract developers avoid manipulatable DEX price feeds and instead utilize Chainlink Price Feeds as their contract’s source of market data. This ensures your DeFi protocol always receives an aggregated price point that is reflective of market-wide trading activity and untouchable by flash loans, mitigating an entire category of price oracle attack vectors altogether.
Flash loans are a sophisticated new financial primitive in DeFi that has unlocked exotic applications and lowered barriers to entry for a new wave of market participants. While flash loans have been utilized to fund attacks on DeFi protocols, they are simply a financial tool available to developers and shouldn’t be wholly dismissed as the value they provide is very real. Flash loans do not create vulnerabilities, but instead reveal vulnerabilities that already existed, with the most common being faulty price oracle designs that rely on a single on-chain exchange.
The Chainlink Network and its decentralized oracle networks ensure DeFi protocols are orders of magnitude more tamper-resistant, particularly around the critical function of sourcing real-time market data that will trigger a cascade of other transactions. Only through a security-first approach can DeFi protocols adapt to new risks, maintain the trust of end users, and sustainably scale to move from billions locked in DeFi to trillions.
If you’re a developer and want to quickly get your application connected to Chainlink Price Reference Data, visit the developer documentation and join the technical discussion in Discord. If you want to schedule a call to discuss the integration more in-depth, reach out here.