Flash Loans enables loans and repayment without collateral in a single deal, but there is a security risk when implementing incorrectly. This article examines how Flash Loan’s vulnerabilities can lead to side entrance attacks and why appropriate implementation is essential.
To learn practice, copy and execute this repository. wake test tests/test_4_flash_loan.py.
Expected use
when flashLoan Users can access and use many tokens in one deal.
If the borrower cannot repay it for the purpose of transaction, the entire transaction will return. This enables loans without requiring collateral.
- Vault sends tokens
msg.sender. - External call
msg.senderIn the safe. - The safe checks the token balance of the safe.
Attack example
The contract is vulnerable because it only checks the token balance of the safe. This allows the replacement transfer How to satisfy the repayment conditions a Side entrance attack.
Users can call deposit A function that increases the token balance of the safe. Attackers can call These are steps of attack.
This is an attacker contract.
Abuse
This has shown that the contract has successfully drained the token balance.
prevention
In order to prevent the attack on the side entrance, the loan agency must move the token from the borrower at the end of the flash loan. The re -creation guard will work here.
Developers must always follow the ERC-3156 specifications and best practices to prevent all possible attacks..
conclusion
To use some features in ERC, you need to follow the specifications of that feature.
ReEntrancy Example GitHub Repository. There are other types of re -creation attacks and re -creation by protocol.
In addition, we have created a re -creation attack by type.
