🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Flash Loan Attacks

Flash loan attacks exploit the ability to borrow large sums of funds without collateral within a single transaction. These attacks leverage the atomic nature of blockchain transactions, where all operations must succeed or fail together. By combining flash loans with other vulnerabilities like oracle manipulation, reentrancy, or faulty logic, attackers can manipulate contract behavior and drain funds.

Remediation

  • Avoid reliance on flash loans in critical logic: Restrict sensitive functions to operate only within validated and predictable conditions.
  • Robust Oracle Design: Use time-weighted average prices (TWAP) or decentralized oracles resistant to manipulation.
  • Comprehensive Testing: Include tests simulating flash loan scenarios and edge cases.
  • Access Control: Limit access to critical functions to prevent unauthorized or malicious transactions.

Metadata

  • Severity: high
  • Slug: flash-loan-attacks

CWEs

  • 345: Insufficient Verification of Data Authenticity
  • 20: Improper Input Validation

OWASP

  • SC07:2025: Flash Loan Attacks

Available Labs

Open Move labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.