TLDR:
- The first systematic study of flash loans. A system called “ThunderStorm” that can identify flash loans using transaction patterns is proposed and created. Using ThunderStorm, the authors find 22,244 flash loan transactions on Ethereum, and analyze their usage distribution.
Citation
- Wang, Dabao, et al. “Towards understanding flash loan and its applications in DeFi ecosystem.” arXiv preprint arXiv:2010.12252 (2020).
Link
Core Research Question
- Can we identify and decode existing flash loan transactions by defining their behaviors, and understand how they are being used?
Background
- Functions in smart contracts are identified by the function signature, the first 4 bytes of hash (function name, parameters type).
- Events in smart contracts are also identified by the first 4 bytes of hash (event name, parameter type). Events may be triggered in functions to record critical information.
- Flash loan is a type of loan that is only valid within one transaction. It can be implemented via smart contracts.
- Flash loan platforms (data from DefiPulse until Oct 2020)
- Aave
- Flash loan service: The first platform to officially provide the ‘flashLoan’ function.
- Flash loan fee: 0.09% of the flash loan
- Total value locked: $1.12B
- dYdX
- Flash loan service: no official function, can be performed by calling the function ’withdraw’ before ’deposit.’
- Flash loan fee: 0
- Total value locked: $24M
- bZx
- Flash loan service: no official function.
- Flash loan fee: 0
- Total value locked: $250K
- UniswapV2
- Flash loan service: they provide a feature called ‘flash swap.’
- Flash loan fee: 0.3% of the borrowed asset
- Total value locked: $2.7B
- Aave
- Collateral is an asset kept aside during margin trading to cover potential losses. If the price of a borrowed asset drops beyond a specific ratio, the collateral will be sold to cover the loss and pay back the lender.
- Liquidation occurs when the deposited collateral is sold for cash. It usually happens when a trader is unable to fulfill the margin requirements for a leveraged position.
Summary
- The authors provide background information on Ethereum and decentralized finance (DeFi)
- They propose the “ThunderStorm” system, which has three components
- The FlashLoan Identifier
- Which identifies flash loan transactions
- The primitive classifier
- Classifies the semantics of a transaction into four patterns
- Exchange
- lending and borrowing
- margin trading
- liquidation
- Classifies the semantics of a transaction into four patterns
- Advanced Classifier
- Understands the intention of a transaction by its semantics
- Arbitrage
- Anti-Liquidation
- Swapping
- Understands the intention of a transaction by its semantics
- The FlashLoan Identifier
- They use ThunderStorm to understand how flash loans are used in the real world
- They show the limitations of the ThunderStorm system:
- Function patterns coverage can be limited
- New patterns may emerge quickly and need to be added to the system
- Identification of the type of asset
- To identify a trading asset, an asset’s contract address needs to be in the database, so it is difficult to scale to identify all assets
- Variety of Arbitrage
- Currently the system only recognizes arbitrage performed by the same trader, it cannot recognize“group” arbitrage involving multiple traders.
- Profit calculation
- The system cannot calculate the profits based on the real time price during the attack (other research work is able to do this)
- Function patterns coverage can be limited
Method
- Implementing ThunderStorm
- FlashLoan Identifier
- Decodes function and event names using the function signature and hash
- ThunderStorm maps events and functions to their hashes, and matches hashes to decode their original value.
- Defines a flash loan’s set of functions on popular DeFi platforms (from DefiPrime). Unlike ERC20, DeFi platforms use different function names, so the authors had to manually define each of them.
- Aave
- Function: flashloan
- Smart contract: AAVELendingPool
- Event: FlashLoan
- Rule to identify: Check that the function name and transactions from the address are from the smart contract in question.
- bZx
- Function: flashBorrowToken
- Rule to identify: Check if iToken is borrowed and the function name.
- UniswapV2
- Function
- swap, uniswapV2Call: borrow asset
- transfer / transferFrom: payback borrowed asset
- Smart contract: UniswapV2Pair, created by UniswapV2Factory
- Event: PairCreated
- Rule to identify: Check the function name and whether the payback asset transaction is sent to the contract that triggered the asset borrow function.
- Function
- dYdX
- Function: a meta transaction with four functions
- operate, Withdraw, callFunction, Deposit
- Event (two possible chains of events):
- LogOperate → LogCall → LogWithdraw → LogDeposit
- LogOperate → LogWithdraw → LogDeposit
- Rule to identify: Check if the ordered events exist
- Function: a meta transaction with four functions
- Aave
- Decodes function and event names using the function signature and hash
- Primitive Classifier
- Patterns found for each primitive
- Flash loan
- Exchange
- Lending and Borrowing
- Margin Trade
- Liquidation
- Flash loan
- Patterns found for each primitive
- Advanced Classifier
- Arbitrage
- Price
- trade the same asset across different platforms at different prices.
- Interest rate
- deposit capital in platforms providing a higher interest rate
- Rule to identify: at least two trades swapping assets launched from the same trader on different DeFi platforms
- Price
- Anti-Liquidation
- Three ways to prevent liquidation when price drops
- Pay back debt to receive deposited collateral
- loss: fixed when paying back debt
- Deposit more assets to raise the collateralization ratio
- loss: may not be a loss if the price goes up afterwards and doesn’t touch the liquidation price. If the price drops below the new collateralization ratio, however, the loss would be more severe.
- Pay back a portion of the debt with the collateral
- loss: no immediate loss
- Pay back debt to receive deposited collateral
- Existing platform: DefiSaver
- Integrated Aave’s flash loan service
- Charge a small fee compared to the loss of liquidation
- Three ways to prevent liquidation when price drops
- Swapping
- Collateral Swapping
- Collateral asset: changed from A to B
- Borrowed asset: same
- Platforms checked: MakerDAO
- Action: redeem original collateral and deposit new collateral in a different form.
- Loan Swapping
- Collateral asset: same
- Borrowed asset: changed from A to B
- Platforms checked: Compound and Aave
- Action: repay the loan and borrow a new loan
- Platform Swapping
- Collateral asset: same
- Borrowed asset: same
- Platforms checked: all
- Action: pay back the loan and retrieve the asset from platform A and borrow the same amount from platform B
- Collateral Swapping
- Arbitrage
- FlashLoan Identifier
Results
- ThunderStorm can analyze internal transactions and functions of existing flash loan attacks
- Analysis result
- 22,244 out of 863,504,142 transactions are identified from the start of the Ethereum network to October 2020 were identified as flash loans
- Usage distribution
- Note: since one transaction may use multiple flash loan providers, the sum of all transactions on each platform is larger than the total number of transactions.
-
Insights
- Flash Loan providers usage: dYdX > Aave > UniswapV2 > bZx
- In Aave, top 10 borrowers run 70% of the Flash Loan transactions
- Over 60% of Flash Loan transactions were from 3.5% of borrowers
- Main user ranking of the Aave Flash Loan: DeFi Saver > Furucombo
-
Behavior distribution
- Insights
- Usage: exchange > lending & borrowing > anti-liquidation (may because liquidation often happens as price fluctuates)
- Insights
Discussion & Key Takeaways
- Flash loan transactions can be identified and decoded by matching known function and event patterns.
- Flash loan transactions may contain the following behaviors (ranked by usage frequency)
- exchange > lending & borrowing > anti-liquidation > arbitrage > liquidation > swapping > margin trade
- Usage of flash loan platforms: dYdX > Aave > UniswapV2 > bZx
- Main players of flash loans: DeFi Saver > Furucombo > individual users
- From the start of the Ethereum network to 2020 October, 22,244 out of 863,504,142 Ethereum transactions used flash loans.
Implications & Follow-ups
- The “margin trade” category defined by the ThunderStorm system is weird. There was only one such transaction found.
- Can we use this system to automatically generate new flash loan attacks by combining all the known patterns? (theoretically yes)
Applicability
- This system can be used for security analysis to decode the underlying action of existing flash loan attacks.
- This system can be combined with another work that optimizes parameters of known flash loan attacks to maximize the attack’s profit.
- If the system can permutate all known patterns of flash loans, it will be able to find new flash loan attack opportunities.