Crypto Newbie / Simulators / Flash Loan Attack

Flash Loan Oracle-Manipulation Attack Simulator

Over $1B has been drained from DeFi protocols since 2020 via flash loan oracle attacks. The pattern: borrow a huge amount with no collateral (flash loan, repayable in same tx), dump it into a low-liquidity pool used as a price oracle, then exploit the manipulated price to over-borrow from a victim protocol. Repay the flash loan + fee, walk away with the difference as profit. Cream Finance ($130M), Mango Markets ($114M), Euler Finance ($200M) — all variations of this same exploit. This simulator runs the math step by step.

Attack setup

Flash loan amount (Y)Flash loan fee %

Target oracle pool

Honest spot price: 3000.00 Y / X

X reserve (oracle asset)Y reserve (USDC equivalent)Pool fee %

Victim protocol

Collateral X attacker hasVictim's max LTV (loan-to-value)Gas cost (Y)

Why flash loans enable this

Flash loans (Aave, dYdX, Balancer offer them) let you borrow ANY amount with NO collateral — but only if you repay in the same transaction. Atomically. If you can't repay, the entire transaction reverts and it's as if nothing happened. This sounds safe — and it IS safe for the lender. But it's catastrophic for OTHER protocols that don't expect anyone to suddenly have $100M of borrowed capital for 12 seconds. An attacker with $100M of capital can: manipulate any low-liquidity oracle, trigger thousands of liquidations to grab bonuses, sandwich huge swaps. Without flash loans, attacking would require ACTUAL capital.

The oracle bug that makes attacks possible

Old DeFi protocols (and many forks built after) use a SINGLE pool's spot price as their oracle. 'What's ETH worth? Look at the Uniswap V2 ETH/USDC pool's current ratio.' This is fast and trustless. It's also instantly manipulable: a $50M buy in a $10M pool moves the price by 30%+. Modern protocols use Chainlink (price aggregated across many sources), TWAP averages (smooths out spikes), and multiple-source consensus. The 2020-2024 hacks targeted protocols that hadn't yet adopted these standards.

Why the attack always involves a victim protocol

The flash loan + pool manipulation alone produces ZERO profit — you spent gas to manipulate a pool you'll immediately un-manipulate. The PROFIT comes from a SEPARATE protocol that reads the manipulated price and lets you do something based on it: borrow more than your collateral is worth, get liquidator bonuses for liquidating positions that weren't actually liquidatable, exchange synthetic assets at a wrong rate, etc. The attacker needs TWO bugs to compose: (1) manipulable oracle + (2) protocol using that oracle for value-judgment without sanity checks.

Why defending is mostly solved (for newer protocols)

Three defences in standard use post-2022: (1) Chainlink oracles — aggregates 30+ data sources, can't be moved by single-pool manipulation. (2) TWAP windows — averages prices over 30 minutes minimum, single-tx manipulation has near-zero impact. (3) Circuit breakers — protocol auto-pauses if oracle moves > X% in single block. Combine all three and flash-loan-oracle attacks become impossible. The remaining attack surface is OLD protocols that haven't migrated + FORKS built by amateurs who copy old patterns without understanding the safety implications.

Frequently asked questions

+Why don't flash loans get banned if they enable so much theft?

Because they enable many legitimate uses too: arbitrage, collateral swaps, refinancing loans, liquidations. The vast majority of flash loan volume (estimated 95%+) is benign. Banning would kill many DeFi UX improvements. The right defence is on the OTHER side — protocols that use price feeds without sanity checks. Aave (the largest flash-loan provider) is itself not vulnerable to flash-loan attacks because their oracle architecture is sound.

+Can a normal user accidentally cause an attack?

Not by accident — flash loan attacks require precisely-constructed transactions. But you can be a VICTIM (your protocol's TVL gets drained, killing your deposit). Before depositing into a lending/borrowing protocol, check: (1) which oracle they use (Chainlink = safer; single-pool spot = risky), (2) whether they've been audited by reputable firms, (3) whether they have TVL > $100M (smaller protocols are more often attack targets due to less attention from security researchers).

+Are flash loan attacks the same as MEV?

Related but distinct. MEV = profit from transaction ordering. Flash loan attacks = profit from oracle manipulation enabled by no-collateral capital. Both use blockchain primitives (atomic transactions, public mempool); both extract value from someone. But MEV is mostly about reordering existing transactions for profit; flash loan attacks construct new transactions that exploit protocol bugs. Different defences too: anti-MEV needs private mempools; anti-flash-loan-attack needs robust oracles.

+Is the simulator's attack actually executable on a real protocol?

The MATH is real; the EXECUTION requires more than just numbers. You'd need to write Solidity contracts that atomically perform the loan + manipulation + exploit + repay sequence. The Mango Markets attacker (Avraham Eisenberg) published his exploit code publicly after the attack — he was eventually charged criminally in the US despite arguing it was a 'highly profitable trading strategy'. The simulator is for understanding the pattern; replicating it on a live protocol is theft.

+Why does the simulator sometimes show the attack unprofitable?

If the flash loan fee + gas cost exceeds the over-borrow gain, the attacker would lose money executing the attack. The attack only works when: (1) the target pool is shallow enough to move 10%+ on the loan size, AND (2) the victim protocol's LTV is generous enough that the over-borrowed amount exceeds the loan fee. Both conditions must hold. Many would-be attack opportunities don't satisfy one or the other.