Flash Loan: A Lot More Than Attacks
by Harper Li, Yahile Ning, Zhigang Liu, and Guoxin Nie
Background
The concept of Flash Loan was first introduced by Marble in mid-2018, but it was only a year later that flash loans slowly began to develop and catch the attention of blockchain users in 2020. Flash loan transactions are founded on atomic swaps of blockchain and are a special type of unsecured lending transaction. The atomization feature requires that all relevant operations of the user must be done in a single transaction hash, including repayment operations. If any of the requirements are not met, the entire transaction involving multiple operations must be reverted and the failed transaction cannot be packaged.
Under this setup, a flash loan transaction allows users to theoretically lend any tokens in the liquidity pool in an unsecured manner, but to return the borrowed assets and a fixed fee cost after a series of swap, staking and liquidation operations need to be done before the transaction ends. This can perfectly avoid the risk of default of on-chain lending. Compared with the over-collateralization of traditional on-chain lending, flash loans have brought a new possibility for blockchain users.
But before this possibility was recognized, flash loans broke into the public eyes for two famous attacks. In February 2020, bZx suffered two flash loan attacks on the 15th and 18th respectively, with losses amounting to $330,000 and $640,000 each. Meanwhile since liquidity mining caused the DeFi boom, DeFi has seen a frequency of flash loan attacks.
The chart below shows the 12 flash loan attacks identified to date, with a total loss of $99.65 million. Interestingly, two months after the attack on February 13, Cream.Finance proposed on April 8 to offer Cross-Protocol Flash Loans, and the cross-protocol flash lending will be done through Iron Bank.
Judging from “block time”, flash loan transactions have no duration on the blockchain. This means that the interest rate on flash loans should be zero, i.e. the interest rate multiplied by the maturity period is zero. But the truth is, only dYdX does not charge the so-called lending fees among all mainstream protocols that offer flash lending services. Aave requires 0.09% and Uniswap V2 requires a higher fee of 0.3%. Huobi DeFi Labs believes that the service fees for the flash loan protocols will converge to zero in the longer run, and from this perspective dYdX appears to be more friendly to users. It remains to be seen whether Aave and Uniswap V2 will be able to separate out the flash loan services in the future and offer service rates that are independent of the overall set. But in the current flash loan race, the three giants split the market with their own advantages and features.
Uniswap V2 is the latest of the three protocols to offer flash loan services, but as the DEX leader, Uniswap V2 stands out for its high liquidity in terms of transaction frequency and variety, sharing 60%-70% of the flash loan transaction market. dYdX, the first platform to discover flash loan transactions, is also not to be underestimated despite offering lending for only three mainstream assets, namely ETH (WETH), USDC and DAI. There are up to 21 DeFi protocols involved in flash loan transactions on dYdX. As the purest lending protocol among the three, Aave offers directly callable flash loan functions unlike the other two; also Aave is currently the primary gateway of flash loan for several DeFi protocols. DeFi Saver and Furucombo are both major customers of Aave flash loan transactions.
In addition to these three mainstream protocols, Huobi DeFi Labs also focuses on Uniswap V2’s contemporaneous protocol, flash loan service provider — Instadapp. This protocol offered COMP leveraged liquidity mining and debt position management at the beginning, and caused a small wave of flash loan transactions within a month of its launch. It was also the first protocol to introduce the concept of Batch Flash Loans, but then fell silent after Uniswap V2 went live and Aave burst with popularity.
This report focuses on the on-chain data of these four protocols, tracking a total of about 110,000 flash loan transactions, and seeks to present a full picture of flash loan transactions. The analysis covers the number of transactions, addresses, lending currencies and lending amounts for mainstream assets, while summarizing and comparing almost all protocols related to flash loans in the market.
About 110,000 Flash Loan Transactions from Four Protocols & Platforms
The on-chain data for flash loans in this report is as of March 16, 2021. Based on the fact that protocols offering flash loans on Ethereum are Uniswap V2, Aave, dYdX and InstaDapp, Huobi DeFi Labs tracked these four protocols and obtained a total of 108,000 historical transactions. Different protocols favor different approaches to provide basic flash loan services, and Huobi DeFi Labs chooses different methods to obtain on-chain data based on the features of different protocols.
The overall method is summarized in the figure. Aave directly provides users with encapsulated flash loan functions, and tracks the transaction hash through calling the flash loan function; with dYdX, users obtain transaction hashes based on four event logs; Uniswap V2’s on-chain flash loan transaction hashes are determined through Dune Analytics’ UNISWAPV2CALL; Instadapp’s transaction data is obtained in the same way as Aave, through its flash loan function tracking.
An overview of the flash loan transaction data obtained from the four protocols is shown below. Instadapp has no new flash loan transaction data after July 2020, but it is still one of the subjects of this report due to its considerable transaction numbers.
Flash Loan Transactions Witnessed Most Frequently on Uniswap V2
Flash loan market enters a stable phrase along with the bull season
The distribution of historical flash loan transactions on Ethereum is shown in the graph, with the first flash loan occurring on June 21, 2019, generated by dYdX. Flash loans can only be found on dYdX in 2019 and the number of transactions was only 148. Until January 18, 2020, the second protocol that generated flash loan transactions — Aave appeared. But by then flash loans were still not known to the public until the famous bZx attacks on February 15 and 18.
Flash loan services provided by InstaDapp and Uniswap V2 went live in April and May of 2020, and data exhibits that the number of flash loan transactions showed its first round of boom in June, 2020. This outbreak is related to the launch of liquidity mining by Compound in June. Liquidity mining marked the beginning of the DeFi fever, and Instadapp’s timely introduction of COMP leveraged liquidity mining, debt positions and collateral swap management features during the same period became the main driver of the boom.
The second outbreak occurred in October last year, driven by uniswap V2, and meanwhile flash loan attacks entered the peak period. And the rate of flash loan transactions on Uniswap V2 has maintained at around 60%, and has even peaked at close to 90%. However, after the launch of Aave V2, it began to share part of the flash loan transaction market. Today, in the overall flash loan market, Uniswap V2 accounts for 70%, AVE for 20%, and dYdX for 10%.
Flash Loan Failing Rate on Uniswap V2 is up to 9.1%
Flash loan transactions can be reverted due to its characteristics, but we only capture reverts for Uniswap V2 due to different ways of obtaining data. Uniswap V2 had about 6,000 reverts out of 66,000 transactions, representing a 9.1% failing rate for flash loan transactions.
Uniswap V2 had a large number of reverted transactions on July 22, 2020 and January 22, 2021, with specific values of 1,139 and 308, respectively. This phenomenon may be due to the frequent debugging of its strategy by a user on that day. All data analysis results in this report do not include the data from these reverted transactions unless otherwise noted.
Batch Flash Loan is in Seedling Stage
On December 3, 2020, Aave announced the launch of its V2 version of the main network, accompanied by updates with several functions. This includes batch flash loans, which allows users to borrow multiple different currencies in one transaction. But this is not a precedent for batch flash loans.
A total of 145 batch flash loans occurred on Ether before March 12, 2021, representing only 0.13% of the total number of historical transactions. The percentage distribution of the number of transactions is shown below. Although Aave was the latest to offer batch flash loans, about more than 60% of the batch flash loans transactions occurred through Aave. Uniswap V2 and Instadapp_batch both had about 15% batch flash loans, while dYdX did not have any batch flash loans transactions.
The chart below shows the historical distribution of batch flash loans transactions as shown by the on-chain data. The chart shows that the first batch flash loan in history occurred on Instadapp on June 17, 2020. The chart also shows that batch flash loans transactions offered by each DeFi protocol were clustered at different times, and there was a seemingly newcomer that has completely replaced batch flash loans of the former.
Since Aave went live with batch flash loans, it has included almost all batch flash loans transactions. However, the number of batch flash loans transactions is too small, and because of the low arbitrage of batch flash loans transactions compared to other protocol platforms on Aave, we believe that the true value of batch flash loans is still being undiscovered at this time.
1.5 Callers Equal 1 Unique Strategy Contract on Average
There are two types of accounts in Ethereum: externally owned accounts and smart contract accounts. Externally owned accounts do not contain codes, while smart contract accounts contain contract codes. Based on this understanding, the From Address is an externally owned account or a smart contract account, and the To Address is a smart contract account. In other words, the From Address is the caller of the smart contract account, which can be a normal user or a bot, while the To Address is the flash loan strategy itself¹.
1.In this report, one To Address represents one strategy. However, in practice, the scenario is more complicated, and the To Address should be a smart contract that executes a flash loan strategy, i.e. there is a possibility that one To Address contains multiple strategies.
Address Duration is Usually Short
Before that, Huobi DeFi Labs first analyzed the From Address and To Address time series. The longest time interval between the first transaction and the latest transaction in 8365 From Address is 583 days; and 613 days for the first transaction and the latest transaction for 5591 To Address. In addition, in this report, the interval between the first transaction and the latest transaction is defined as the duration, but since there is a possibility that flash loan transactions may occur again in the future at these addresses, it should be noted that the latest transaction does not represent the last transaction.
The ratio of the number of From Address to To Address is 1.5, indicating that on average, about 1.5 users/bots invoke and execute one unique smart contract of the flash loan strategy.
The duration time distribution chart shows that about 60% of flash loan transactions occur only on the same day for both addresses, which indicates that there may be cases where a large number of flash loan strategy contracts fail; or the on-chain market conditions are not eligible for flash loan strategy transactions, and these addresses have to wait for the on-chain market conditions to reach the preset judgment conditions before they can be triggered/invoked again.
About 35% interval of the From/To Addresses are within six months and 20% are within 30 days, which reveals that flash loan strategies may last for a very short period of time as customized transactions; or most of them are customized transactions for a hot protocol, tokens, special purpose, etc., so most strategies may only last for a short period of time as the market changes due to on-chain market conditions. Therefore, most strategies may only last for a short period of time as the market changes due to on-chain market conditions.
Trends in Duration and Frequency
The following chart shows the historical data of all transactions of From/To Addresses, among which the number of transactions greater than 100 and 500 are also cited separately; the size of the circle indicates the size of the number of transactions, the horizontal axis is the time of the first transaction at a certain address, and the vertical axis is the time of the latest transaction at the corresponding address. Thus, both From/To addresses are distributed in the upper left corner of the figure.
Prior to March 2020, the number and size of scattered sites were small, indicating that flash loan was in an episodic state. The high number of scatters from March 2020 shows that the number of From Address and To Address has entered a surge phase, while the significant increase in scatter area over time also indicates that the number of From Address initiations and To Address calls are on the same white-hot trend.
The figure shows that most of the scatters are distributed around the 45-degree line, which indicates that the From Address/To Address represented by the scatters all have only short-term behavior, that is to say, the time interval between the first transaction and the latest transaction is short. The partial scatter distribution at the top of the horizontal axis indicates that some flash loan transactions have continued to take place at these addresses in the near term.
Flash Loans with Different Protocols Show Differential Address Distribution Patterns
The overall ratio of the From Address to To Address is 1.5. When focusing on each protocol, the ratio of From/To on AAVE_d119, Uniswap V2 and dYdX is all about 1.3, which is nearly 1.5. However, the From/To ratios of AAVE_c7a9 and Instadapp and its batch flash loans with Instadapp_batch are different. Instadapp has an equal number of From Address and To Address, while AAVE_c7a9 shows a completely different ratio, with only 33 To Address.
Four Popular Protocols Share the Market for Different Tokens
More than half of the borrowed tokens by flash loans are ETH, DAI and USDC
Flash loan on-chain transaction data shows a total of 1,015 tokens were lent out as flash loan, with over 53% of the transactions having ETH, DAI and USDC as the borrowed tokens, accounting for 28%, 15% and 11% respectively. The three tokens have different roles on Ether, with ETH as the native asset on Ether and DAI and USDC as the stable coins on Ether.
The top ten most frequently borrowed tokens account for 61% of the total number of transactions, and the frequency distribution in each protocol is shown below. In addition to the three major commonly borrowed tokens, the remaining tokens are: TUSD, a stablecoin; WBTC, a token asset; DeFi Pulse Index, a tradable index-based token with 14 DeFi assets as the underlying assets; Dynamic Set Dollar and Frax, algorithmic stablecoins; LINK, a token for the oracle Chainlink; and KP3R, a token for keep3r.network serving developers of dApps, which occurs only on Uniswap V2.
By looking at the distribution of the top 10 borrowed tokens on each protocol, we find that only 30% of the flash loan transactions on Uniswap V2 come from these top 10 borrowed tokens. Uniswap V2, as a leading DEX, ensures that all tokens on the platform are loanable, and the data shows that a total of 927 tokens have been borrowed by Uniswap V2 flash loan. This advantage indicates that Uniswap V2 dominates the market for flash loan transactions of long-tail assets.
In addition, dYdX only offers transactions in ETH, USDC and DAI, and mainly occupies the flash loan transaction market for these three major tokens. dYdX has 1% of the other tokens in the chart as borrowed assets with empty resolution results.
dYdX Top 3 Tokens’ Lending Amount is Several Times the Volume on Other Protocols
Flash loan historical transaction data shows that the three most frequent borrowed tokens are DAI, USDC and ETH. Based on these three tokens, we further study the distribution of borrowing amounts on different protocols by the three major borrowed tokens. Since the prices of the three tokens fluctuated in time, the amounts are indicated here by the quantity; and WETH and ETH are considered the same in this report.
The results are shown in the chart below, which shows that dYdX’s top three flash loan tokens amounts came out on top by an overwhelming margin across multiple agreements. This situation reflects the absolute attractiveness of the low or even zero transaction fees for flash loans on dYdX. However, Uniswap, Aave and Instadapp all present an irregular distribution in token amount.
Flash Loan Transactions Involve a Wide Coverage of Protocols
The DeFi protocol involved in flash loan transactions is one that reflects the complexity and breadth of use of flash loan’s current strategy, as borrowed tokens are often used for transactions on other platforms, and transaction fees and liquidity pools vary in number and size from one protocol platform to another. Both Etherscan and Bloxy parse on-chain transaction data at the protocol field level, but the degree of parsing varies between the two, leading to differences in statistical results. For this reason, the final statistic for this part of the data is the highest value of the two.
The chart below shows the DeFi protocols involved in flash loan transactions. On the left are the four major protocol platforms Uniswap V2, Aave, dYdX and Instadapp that provide flash loan functionality, and on the right are the protocol platforms involved in each flash loan transaction for a total of 22 (including dYdX).
The statistics show that flash loan transactions occurring on the dYdX protocol involve up to 21 DeFi protocol platforms, which means that the strategies used on this protocol are more complex and diverse, resulting in flash loan transactions generated by it that can involve a wider range of protocol platforms. On the contrary Instadapp protocol for flash loan transactions involves the least number of protocol platforms, only 8, namely Curve, Kyber V3, Oasis DEX, Uniswap and its V2, Sushiswap, Aave V1 and dYdX.
The protocols that were called more than ten thousand times in the called DeFi protocol platform were Sushiswap (~24,000), Uniswap V2 (~21,000), Balancer (~12,000) and Compound (~10,000), and those that were called less than a hundred times were dYdX (79), Bancor (37) , Lendf.ME (3) and EtherDelta (1).
Flash Loan ECO is Growing
More than 10 platforms directly or indirectly provide flash loan services now
Huobi DeFi Labs sees flash loan as a functional technology for the blockchain, around which a lush ecosystem can be developed. At present, there are at least 10 protocol platforms with flash loans. Besides Uniswap V2, Aave, dYdX and Instadapp, which are analyzed in the previous part of this report, there are also projects such as DeFi Saver, Furucombo, Kollateral, Deerfi, Collateralswap, NFT20, etc. These projects provide flash loan services directly or by calling flash loan functions of other protocols to provide related services.
1: Additional 0.25% service fee for collateral and debt shifts under Loan Shifter in DeFi Saver
2: dYdX for small-balance flash loans, like USDC, ETH, USDC. For other tokens or large-amount DAI or USDC: borrowing from dYdX first and then stake into MakerDAO, Compound and Aave before lending. Source: https://twitter.com/smykjain/status/1361325922591277058
3: Source: https://docs.collateralswap.com/for-devs/integrating-collateral-swap/assets
4:Source https://twitter.com/daveytea/status/1224760425272745991
Uniswap V2 Flash Loan Service Enjoys the Highest Flexibility
The flash loan is often used as one of the types of arbitrage, so the flexibility greatly limits the possibility of flash loans being invoked. The degree of flexibility of flash loans can be measured in two basic dimensions:
- Code and the front-end UI. Flash loan protocols can be invoked directly by coding is more flexible than those front-end flash loan protocols, because coding can realize a wide variety of flash loan strategies implemented through smart contracts. Smart contracts consist of complex operational instructions, so the code-layer flash loan protocols are easier to integrate with smart contracts. For example, Furucombo, despite building a flash loan tool for users with no coding experience that allows users to customize DeFi strategies with a simple drag-and-drop, is weaker in flexibility compared to the flash swap function by Uniswap V2.
- The variety and size of tokens available under the Flash Loan Protocols. For example, dYdX and Aave can provide a much smaller variety of flash loan tokens compared to Uniswap V2, so these two types of protocols are less flexible than Uniswap V2.
DeFi Saver is designed to be a one-stop management solution for the DeFi protocol, and with unique features such as one-step (de)leveraging (Boost and Repay), CDP automation (CDP Automation) and one-step CDP closing, it now offers flash loan functions with rich product experience based on Aave. Users are able to manage debt positions in MakerDAO, Aave and Compound.
Deerfi basically follows the Uniswap model, but its pools are far less and it will take a long time for asset liquidity deposits; in addition, it provides a front-end page where users can invoke Deerfi Flash Loan after providing a deployment contract address containing a strategy.
Kollateral aims to aggregate liquidity from large pools such as dYdX and Aave and make it available to developers with a user-friendly interface. The disadvantage is that the flash loan funding comes from three-party platforms, which is not as good for developers as coding directly on their own.
Collateralswap helps users to quickly swap collateral assets without paying off debts. Its function is similar to DeFi Saver’s Loan Shifter, except that the current ALPHA version of Collateralswap only supports MakerDAO.
NFT20 is a decentralized exchange and swap protocol for NFT. The team officially announced the launch of NFT flash loans on March 26th, supporting unsecured NFT loans from various NFT pools, and the total number of pools with liquidity greater than 0 is currently 61, and no fees required so far. The NFT20 team says its flash loan feature is implemented in a very similar way to Aave, with scenarios including arbitrage, reward claims, etc. NFT20, the most unique type of flash loans, is equipped with a higher degree of flexibility than front-end protocols.
Cream.Finance, who recently launched cross-protocol flash loan, supports 64 tokens and charges only 0.03% fee.
Conclusion
The total number of transactions in the flash loan market is only 110,000, which is not a very impressive figure on Ethereum. Flash loan, a native feature of Ethereum, can be used to help users with collateral swap, position closing, debt position management and other operations. At the same time, flash loans as a special lending method with its unsecured features become a special means of attack, arbitrage and then a source of risks in DeFi. It can be seen that flash loans provide a solution to credit risk for Ethereum, but also bring the risk of attacks.DeFi projects need to consider how to effectively prevent flash loan attacks, but the three flash loan attacks in February this year show that they seem to have no effective solutions.
dYdX, Aave and Uniswap V2 analyzed in this report provide different flash loan services in their own unique ways. dYdX offers only three major assets, USDC, DAI and ETH, and dominates the flash lending market for these assets. Uniswap V2 provides a special flash loan service where the repayment tokens are not necessarily the borrowed tokens. From an arbitrage perspective, this can reduce transaction steps the user has to swap for the borrowed tokens, thus saving some Gas costs. While Aave provides encapsulated flash loan function, the user can directly get the calculated loan amount and flash fee by calling the Flash Smart Contract when repaying the loan, while in the other two protocols, users need calculate externally and return manually. At the same time, the flash loan function of Aave is also the main interface of other service providers (such as Defi Saver and Frucombo).
The three mainstream flash loan protocols to provide flash loan services differ from each other in the technical level (calling methods), and ecological conditions (the number and size of the liquidity pool, etc.). But some people hope to achieve integration in the technical level. Yield Protocol developers submitted a standardized version of the flash loan proposal EIP-3156 in November 2020, and a standardized version of the Batch flash loans proposal EIP-3234 in late January 2021. The technology integration can bring certain benefits to reduce the difficulty of the development for flash loan function, but perhaps for users, the size and type of liquidity that the flash loan protocol can provide is more important.
The future of flash loans is still worth thinking about, including the possibility of cross-chain flash loan transactions. In September 2020, FlashEx published an article on Medium about cross-chain stablecoin flash loans; the project planned to realize cross-chain flash loans between Bitcoin, Ethereum and Polkdot, but there were no further updates on its official website or official community. Nonetheless, we still expect a breakthrough in cross-chain flash loans when cross-chain lending matures.
In addition, based on the concept of “flash”, “flash mint” has also become a topic of concern to a few researchers and users. Compared with the flash loan amount limited by the size of the liquidity pool, flash minting breaks the limit. However, due to the lack of mature flash loan protocols or market data observed at the time of writing, this report does not analyze flash minting. This does not mean that Huobi Defi Labs is not interested in this feature. On the contrary, we have noticed the flash minting features of Yield Protocol and WETH10. We look forward to more innovative features and protocols to enrich the overall blockchain market.
