Solana Sunday: Are Flash Loans Ruining Solana Summer?
As the year shifts to August, the Solana network has continued to be beaten down by various exploits and hacks that are harming the network. While there has been plenty of good news such as their smartphone announcement and the continuing efforts by Magic Eden to be the best NFT marketplace available, a lot of concerns still exist on a network which has been notably less reliable than its competitor Ethereum.
Nirvana Flash Loan on Solana
In late July, a flash loan was executed on the Nirvana DeFi protocol which allowed the user to make off with roughly $3.5 million in crypto assets on the Solana network, marking another DeFi exploit in a summer crypto crash that has gained massive notoriety.
What is a flash loan?
While rare, flash loans are a type of exploit that can be used against DeFi lending protocols using key smart contract manipulation within a single transaction. This causes the user to profit from minor price differences between coins using collateral that belongs to the protocol.
First, the user calls for a loan from a lending protocol. So, the user will ask a DeFi protocol for 50 Sol. Then, that Sol is taken to a DEX (Decentralized Exchange) where it is swapped for a different cryptocurrency on the same network.
Once the first exchange has been made, the newly acquired crypto assets are then converted back to Sol on a separate DEX where the exchange rate for that same pairing is slightly different; ideally creating an excess in liquidity for the user to keep in their wallet.
After that second exchange converts the liquidity back to the original crypto asset (Sol in this case), the collateral is then returned to the original lending DeFi protocol; thus repaying the loan back in full within a single transaction.
Why do DeFi Protocols accept flash loans?
Essentially, from the protocol’s perspective, the user asked for a token and returned that same token back within the same transaction; leaving little to no risk to the user.
Due to the nature of these flash loans, users are able to request large amounts of collateral because they will be paid back in full immediately as part of the transaction. So, the scale of the profits during the exchange can be immense.
Exploit vs Hack
There is a lot of debate about the nature of this type of loan and whether it is appropriate to call it a hack or an exploit. It’s important to note, that when a flash loan occurs, nothing is being breached.
The user is simply creating a smart contract which capitalizes on small price inconsistencies in the market to create and exploit, unlike hacks which happen when someone breaks past a security barrier.
Code is Law
Although the DeFi protocol is getting drained of funds through this flash loan, it is a valid transaction which adheres to the Code is Law philosophy. The blockchain is immutable and working through the smart contracts that are provided by a protocol can’t be considered a true hack.
The best way to prevent this exploit is for DeFi companies to hire external security auditing teams to look through the protocol’s code in order to find any vulnerabilities which need to be patched.