Flash Loans and Alephium

Flash loans have become one of the most debated mechanisms in the DeFi space. While they enable advanced trading strategies such as arbitrage and liquidation, they also create opportunities for exploits and market manipulation. In this article, we will explore what flash loans are, how they work, two examples of incidents involving them, and how Alephium's unique architecture naturally prevents their execution.

🔹What’s a Flash Loan?

Flash loans are one of the most powerful yet controversial innovations in decentralized finance (DeFi). They allow users to borrow assets instantly without collateral, provided the loan is repaid within the same blockchain transaction.

Unlike traditional lending, which requires collateral to manage risk, flash loans rely on the atomic nature of blockchain transactions. If the borrower fails to repay before the transaction is finalized, the entire operation is automatically reversed, and no funds ever leave the protocol.

Originally introduced by Aave, flash loans have since become a core feature of various DeFi platforms, including dYdX, Uniswap, and Cream Finance.

🔹How Do Flash Loans Work?

Flash loans provide instant, uncollateralized borrowing, but with one strict condition: the loan must be repaid within the same transaction, or it is automatically canceled.

Here’s how it works, step by step:

1️⃣ A user requests a flash loan from a DeFi protocol like Aave or dYdX.
2️⃣ The protocol grants the funds immediately, allowing the user to engage in arbitrage, liquidations, or collateral swaps.
3️⃣ The user executes their intended strategy with the borrowed funds.
4️⃣ Before the transaction is confirmed, the loan (plus a small fee) must be fully repaid.
5️⃣ If repayment fails, the blockchain invalidates the entire transaction, ensuring the lender never loses money.

Since everything happens within a single transaction, flash loans present zero risk for lenders—they either get repaid in full, or the transaction never occurs.

🔹 What Are Flash Loans Used For?

Flash loans are a powerful financial tool that enables DeFi users to execute complex financial operations without requiring initial capital. Here are a few examples of use cases :

1) Arbitrage Trading

Arbitrage is the practice of taking advantage of price discrepancies across different markets. Since prices can differ between DeFi exchanges, traders can use flash loans to:

Borrow assets instantly.
Buy an asset at a lower price on one exchange.
Sell it for a higher price on another exchange.
Repay the loan and keep the profit.

Exemple :
Bob notices that ETH is trading at $1,500 on Uniswap but at $1,520 on Sushiswap. He takes a flash loan, buys ETH from Uniswap, sells it on Sushiswap, and pockets the $20 per ETH profit, all in one transaction.

2) Liquidating DeFi Loans

In DeFi, users often take out loans by locking up collateral (e.g., depositing ETH to borrow DAI). If the value of their collateral drops too much, their loan becomes undercollateralized and is eligible for liquidation.

Flash loans allow liquidators to:

Borrow funds instantly to repay the failing loan.
Claim the liquidated collateral at a discount.
Sell the collateral for a profit and repay the loan.

Example:
Bob took out a loan on Aave backed by ETH, but the price of ETH drops, making his loan undercollateralized. A liquidator can use a flash loan to repay Bob’s debt, seize his ETH collateral, sell it for a profit, and repay the loan—all in one transaction.

3) Collateral Swaps ("Debt Refinancing")

If a user has collateral locked in a DeFi protocol but wants to swap it for another asset, they can use a flash loan to perform a collateral swap in a single transaction.

Exemple :
Bob has WBTC as collateral for a loan but prefers ETH. Instead of repaying the loan manually and redepositing ETH, he can:

Take a flash loan in ETH.
Use it to repay his WBTC-backed loan.
Redeem his WBTC and swap it for ETH.
Use the ETH as new collateral and repay the flash loan.

This allows him to swap his collateral without closing his position or triggering taxable events.

🔹 Flash Loans and DeFi Exploits

While flash loans are a valuable financial tool, they are also commonly used in DeFi attacks due to the ability to borrow massive amounts of capital with no upfront investment.

Flash loans have been used in several high-profile hacks, allowing attackers to:

🔹 Manipulate price oracles

Attackers use flash loans to manipulate the price of assets used by oracles, which some DeFi protocols rely on for pricing.

🔹 Drain liquidity pools

Some pools use incorrect pricing mechanisms, allowing attackers to borrow at artificially low prices and dump assets at inflated values.

🔹 Exploit smart contract vulnerabilities

If a protocol has flaws in how it calculates rewards or asset valuations, flash loans can be used to trigger unexpected payouts or system failures.

🔹Examples of Flash Loans Attacks

To understand how attackers exploit flash loans, we will take a detailed look at two well-known cases: the bZx attack and the PancakeBunny exploit.

1. bZx (2020)

In February 2020, bZx (aka Fulcrum) became one of the first victims of a flash loan attack, highlighting the risks of DeFi composability—the interconnected nature of decentralized finance protocols. The attacker manipulated the price of wBTC across multiple platforms, ultimately generating a significant profit in a single transaction.

Here’s a step-by-step breakdown of how the exploit unfolded:

1️⃣ Flash Loan Borrowing (Step 1 → dYdX)

The attacker borrowed $10M in ETH from dYdX via a flash loan, requiring no collateral. This initial capital was used to execute a complex sequence of trades designed to manipulate the price of wBTC.

2️⃣ Collateral Deposit on Compound (Step 2 → Compound)

Half of the borrowed ETH ($5M) was deposited on Compound as collateral.
This deposit would later be used to borrow wBTC, taking advantage of an inflated price.

The remaining $5M ETH was reserved for the next phase—the price manipulation.

3️⃣ Price Manipulation via bZx & Kyber (Step 3 → Margin Pump)

The attacker executed a leveraged short position on ETH-wBTC via bZx, creating a cascading price effect:

Step 3.1: The attacker opened a 5x margin trade on ETH-wBTC via bZx.
Step 3.2: bZx routed the trade to Kyber Network, which executed it on Uniswap (Step 3.3).
The large volume of the trade caused high slippage, tripling the price of wBTC on Uniswap.

This artificial price pump was crucial, as it misled Compound’s price feed, allowing the attacker to borrow more wBTC than usual.

4️⃣ Overcollateralized Borrowing from Compound (Step 4 → Compound)

With the manipulated high wBTC price, the attacker borrowed wBTC from Compound using their ETH deposit as collateral.

Since wBTC was now artificially overvalued, the attacker was able to withdraw more wBTC than they normally could have.

5️⃣ Dumping wBTC at Inflated Prices (Step 4 → Uniswap Dump)

The attacker then sold the borrowed wBTC on Uniswap, capitalizing on the artificially inflated price. This trade secured a massive profit, as they were effectively selling wBTC at a price that they themselves had manipulated.

6️⃣ Flash Loan Repayment (Step 5 → dYdX)

Using the profits from the Uniswap dump, the attacker repaid the flash loan on dYdX within the same transaction, closing the loop.

Since everything was executed atomically, there was no risk to the attacker—either all steps succeeded, or the entire transaction was reverted. In the end, the attacker walked away with a substantial net profit, while leaving bZx with significant losses.

2. PancakeBunny (2021)

PancakeBunny is a DeFi platform that allows users to maximize their yields by providing liquidity and earning rewards in BUNNY tokens. The attack exploited a vulnerability in the way PancakeBunny measured the value of LP tokens using an AMM-based oracle.

The attacker used 8 flash loans, totaling over $700 million, to manipulate prices and obtain an enormous reward in BUNNY, which was then immediately sold.

1️⃣ Flash Loan Borrowing (Step 1 → Flash Loans)

The attacker borrowed hundreds of millions of dollars in crypto through 8 different flash loans, sourced from PancakeSwap pools and Fortube Bank.

This gave them access to a massive amount of WBNB and USDT, without needing collateral.

2️⃣ Liquidity Deposit & LP Token Acquisition (Step 2 → PancakeSwap LP)

Using the borrowed funds, the attacker deposited millions of USDT and WBNB into the WBNB-BUSDT liquidity pool on PancakeSwap.

In return, they received 144,450 LP tokens, representing a significant share of the liquidity pool.

3️⃣ Price Manipulation of LP Tokens (Step 3 → PancakeSwap LP)

The attacker manipulated the LP token value by executing a targeted trading strategy:

They swapped a large portion of their WBNB for BUSDT, artificially increasing the price of WBNB in the pool.
Since PancakeBunny’s reward system relied on AMM-based pricing, this manipulation led the protocol to misprice the attacker’s LP tokens, significantly inflating their perceived value.

This tricked the system into believing the attacker provided much more liquidity than they actually had.

4️⃣ Exploiting the Reward Calculation Bug (Step 4 → VaultFlipToFlip)

PancakeBunny distributed BUNNY rewards based on the LP token valuation, meaning that the manipulated token value greatly increased the reward payout.

The attacker called the getReward() function, triggering the protocol to mint 6.97 million BUNNY tokens, worth over $1 billion.
Meanwhile, the PancakeBunny development team also received 1.05 million BUNNY as protocol fees.

5️⃣ Selling BUNNY and Market Collapse (Step 6 → Uniswap & Market Dump)

After securing millions of BUNNY tokens, the attacker dumped them on the market, swapping them for BNB and USDT at their artificially high value.

This massive sell-off crashed the price of BUNNY, severely impacting other investors and causing major losses across the protocol.

6️⃣ Flash Loan Repayment (Step 6 → Repay Loan with Profits)

Using the profits gained from dumping BUNNY, the attacker fully repaid the flash loans within the same transaction.

Since all operations happened atomically, the attacker never needed initial capital and walked away with massive net profits, while leaving the PancakeBunny ecosystem in turmoil.

🔹Why Alephium is Resistant to Flash Loans

Alephium’s unique architecture makes flash loans inherently impossible by design.

Alephium’s unique architecture makes flash loans fundamentally impossible by design. Two key mechanisms prevent their execution: its UTXO model and its sequential transaction processing.

1. UTXO Model Preventing Instant Repayment

Unlike account-based blockchains like Ethereum, Alephium operates on a UTXO (Unspent Transaction Output) model, where each transaction output can be used only once and only after being broadcast and confirmed on the network.

In the context of a flash loan, this means that the borrowed funds cannot be instantly repaid within the same transaction. Since the loan output is not immediately available for reuse, the repayment step would fail. This simple yet effective mechanism inherently makes flash loans unfeasible on Alephium.

2. Sequential Execution Preventing Exploits

Alephium enforces strict sequential execution of transactions, ensuring that:

A transaction must be fully validated and confirmed before its outputs can be used in another operation.

A smart contract function cannot be executed until the previous transaction is finalized.

This prevents reentrancy attacks, a critical component of flash loan exploits on Ethereum. Without the ability to "re-enter" or repeatedly trigger functions within the same transaction, it becomes impossible to borrow and immediately reuse funds in a single block.

By combining UTXO constraints and sequential execution, Alephium naturally eliminates the conditions required for flash loan attacks, offering a more secure DeFi environment.

📖 Ressources :

https://www.coinbase.com/fr/learn/market-updates/around-the-block-issue-3

https://peckshield.medium.com/pancakebunny-incident-root-cause-analysis-7099f413cc9b

https://www.merklescience.com/blog/hack-track-pancake-bunny-hack

About No Trust Verify

We are deeply experimentation-oriented, with a particular focus on technologies related to privacy, self-sovereignty and trustless organizational structures. Our proactive commitment is reflected in a number of projects. In particular, we are contributors to Nym, supporting the existing infrastructure, developing applications and spreading essential knowledge related to privacy issues. In addition, we are active contributors to the Alephium community, offering decisive components such as full nodes, useful and exploratory services, Bridge guardian while participating in the development of dApps.

We are the developers of TipALPH & Yodh & TokenFurnace & Alephium.world