Skip to main content
DigitalFinances

Glossary · DeFi

What is Flash loan?

An uncollateralized loan that must be borrowed and repaid within a single transaction. If it isn't repaid, the entire transaction reverts as if it never happened — eliminating default risk.

Last updated April 30, 2026

How it works

A flash loan exploits a quirk of blockchain transactions: they execute atomically. Either every step succeeds or the whole thing reverts. So a contract can lend you millions of dollars with no collateral, knowing that if you don't pay it back by the end of the transaction, the loan never happened.

The flow:

  1. Your contract calls Aave's flashLoan(USDC, $10M)
  2. Aave transfers $10M USDC to your contract
  3. Your contract does whatever — arbitrage, liquidations, refinancing
  4. Your contract sends back $10M USDC + ~0.05% fee to Aave
  5. Transaction succeeds; Aave is whole; you keep any profit
  6. If step 4 fails (you can't repay), step 1 reverts — Aave never lost the money

Aave, dYdX, MakerDAO, and many other protocols offer flash loans. The fee is typically 0.05–0.09% — cheap, because there's no actual default risk.

Example

A profitable arbitrage flash loan:

  1. Notice ETH/USDC pricing differs by 0.5% between Uniswap and Sushiswap
  2. Borrow $5M USDC via Aave flash loan
  3. Buy ETH on the cheaper venue ($5M → ~1,470 ETH at $3,400)
  4. Sell that ETH on the more expensive venue (~1,470 ETH → ~$5,025,000)
  5. Repay Aave $5,002,500 ($5M + 0.05%)
  6. Pocket the remaining ~$22,500 minus gas fees

Total capital required upfront: gas only. The $5M existed only inside the transaction.

Why it matters

Flash loans enable two categories of activity:

Legitimate uses:

  • Arbitrage between DEXs, between L2s, across CEX-DEX
  • Collateral swaps — refinance a loan from one asset to another in one tx
  • Liquidations with protocols that pay liquidators a bonus
  • Self-liquidation to avoid keeper-fee penalties

Exploits:

  • Oracle manipulation. Borrow huge size, push a thin DEX price, exploit a downstream protocol that priced off that DEX, repay. The Mango Markets ($117M) and several others used this pattern.
  • Governance attacks. Borrow voting tokens, vote in a malicious proposal, repay. Most modern governance now requires lock-up periods that defeat this.
  • Liquidity cascade attacks. Force a series of liquidations by pushing prices, then profit from the discounted seized collateral.

Flash loans aren't inherently bad — they're a powerful primitive that makes DeFi more efficient. The exploits represent vulnerabilities in other protocols (bad oracles, instant-execution governance) that flash loans exposed. Patching the underlying protocols (better oracles, time-delayed governance, sane price impact limits) addresses the issue without removing flash loans.

For end users: you'll never use flash loans directly, but understanding them helps you read about exploits intelligently. "Protocol X was drained via flash-loan attack" doesn't mean flash loans are evil — it usually means Protocol X had an oracle or governance issue that flash loans amplified.

Related terms

Smart contractOracleDecentralized exchange (DEX)Automated market maker (AMM)