lollychain
Lending & Borrowing·July 15, 2026·17 min read

Flash loans: how they work and why DeFi uses them

If you've spent any time watching the dashboards of a major lending protocol, you've probably noticed something that looks, on the surface, almost like a glitch: a single wallet borrows tens of…

Flash loans: how they work and why DeFi uses them

If you've spent any time watching the dashboards of a major lending protocol, you've probably noticed something that looks, on the surface, almost like a glitch: a single wallet borrows tens of millions of dollars, executes a flurry of operations, and repays the principal — all within the same minute, often within the same block, without posting a dollar of collateral. To anyone who has spent years thinking about overcollateralized debt positions, secured credit lines, and carefully modeled liquidation thresholds, this is a strange thing to witness. It looks as if the rules of prudent lending have been quietly suspended.

They haven't been. What you're seeing is a different credit primitive — one that doesn't depend on trust, reputation, or even collateral, but on a property of the underlying blockchain called transaction atomicity. Flash loans are the most efficient expression of that property, and once you understand the mechanics, the rest of the conversation — the arbitrage, the exploits, the fee structures, the standards — falls into place. I want to walk you through that mechanics layer carefully, because for a passive income allocator, understanding how flash loans actually work isn't academic. It's the difference between reading a protocol's risk profile with confidence and reading it through a fog.

The mechanics of transaction atomicity: borrowing without collateral

The phrase "flash loan" sounds like an oxymoron, and historically, in traditional finance, it would be. A loan is a credit relationship that extends through time; collateral is what makes that extension safe. Remove the time and the collateral, and you're left with a gift. The trick is that a flash loan doesn't actually extend through time — at least not in any meaningful sense — and the discipline that a legal contract would normally enforce is enforced by the blockchain itself.

Here's how it works in practice. A smart contract initiates a transaction that calls a lending pool, borrows a quantity of tokens, and then executes a series of additional operations within that same transaction: a swap on a decentralized exchange, a deposit into another protocol, a liquidation, a vote. At the end of the operation sequence, the same contract must return the borrowed principal plus an agreed fee. If the balance is correct, the transaction is committed to the blockchain and the ledger reflects the entire sequence as a single, settled event. If the balance is wrong — if the borrower runs out of capital mid-sequence, if any of the intermediate steps fail, or if the fee isn't paid — the entire transaction reverts. It's as if nothing ever happened. No one is left holding a partial debt. No protocol is left holding an undercollateralized position.

A flash loan is less a loan than a self-clearing IOU. The blockchain refuses to settle the transaction until the balance is zero, and that refusal is the credit.

This is what people mean when they say flash loans rely on transaction atomicity. Atomicity, in the database sense borrowed by blockchain engineers, means all-or-nothing: a transaction either completes in full or has no effect at all. Ethereum's average block time of roughly 12 to 13 seconds gives a flash loan a window to work in, but the window is almost a distraction. The real guarantee is the revert. As long as the lender's contract checks the final balance before allowing the transaction to settle, no counterparty risk emerges. Capital preservation is built into the consensus layer, not added on top through legal recourse.

One practical footnote is worth keeping in mind. A failed flash loan attempt is not free, even though the loan itself never settles. Ethereum charges gas for the computation regardless of whether the transaction completes or reverts, so a poorly constructed sequence still costs the deployer the price of execution. That detail matters more than it sounds: it means flash loans are cheap when you know what you're doing and expensive when you don't, which is a useful filter for the kinds of activity the primitive attracts.

For a passive income allocator, the consequence is interesting. It means that a flash loan pool is, in effect, a self-clearing order book for short-duration credit. The lender doesn't need to evaluate the borrower, doesn't need to monitor a health factor, doesn't need a liquidation bot. The protocol simply makes capital available to anyone who can route a smart contract, and the math of the transaction does the underwriting.

Protocol fee structures: from Aave V3 to Uniswap tiers

The economics of a flash loan are not complicated, but they vary meaningfully across protocols, and that variation matters when you're thinking about where to park idle capital. A lending pool that exposes its liquidity to flash loans is taking on a different risk profile than one that doesn't, and the fee structure is the protocol's way of compensating liquidity providers for that exposure.

Aave — the protocol that popularized flash loans in 2020 — charges a default fee of 0.05% on V3, down from 0.09% on V2. That fee is paid into the protocol's liquidity pool, which means it accrues back to the depositors who supplied the underlying assets. Aave governance can update the fee through on-chain vote, and the rate you see today is the result of a slow, deliberate renegotiation between the protocol and its capital providers. The 0.05% level is, in practice, very close to the swap fees charged by most major decentralized exchanges, which keeps flash loans competitive for arbitrage strategies.

Uniswap handles flash loans a little differently. The protocol doesn't have a separate "flash loan fee" category; instead, it offers Flash Swaps, which are structured as a special case of a regular swap. The fee you pay on a Uniswap Flash Swap is the same fee you would pay for an ordinary swap on the relevant pool. On Uniswap V2, that meant a flat 0.3% across the board. On Uniswap V3 — which added a 0.01% fee tier in November 2021, primarily to serve stablecoin pairs — Flash Swap fees match the tier: 0.01% for the tightest stablecoin pools, 0.05% for the next tier, 0.3% for the broader market, and 1% for the most exotic pairs. If you're routing a flash loan through a 0.01% stablecoin pool, your effective borrowing cost is extraordinarily low, which is one of the reasons stablecoin arbitrage is among the most active flash loan strategies.

dYdX takes a third approach. The protocol charges no fee at all on its flash loans. Borrowers repay the principal plus a nominal 2 Wei — a number so small that, for any practical purpose, the loan is free at the protocol level. dYdX monetizes its lending activity elsewhere (through trading fees and interest rate spreads on its perpetuals and margin products), so it can afford to treat flash loans as a loss-leader utility. The trade-off for depositors is that they don't earn a flash loan fee on the dYdX side, even when their capital is being borrowed in a single block.

ProtocolFlash loan feeNotes
Aave V30.05% (default)Down from 0.09% on V2; adjustable by governance
Aave V20.09%Legacy deployment; gradually being deprecated
Uniswap V2 Flash Swaps0.3%Flat rate across all pools
Uniswap V3 Flash Swaps0.01% / 0.05% / 0.3% / 1%Matches the pool's fee tier
dYdX2 Wei (effectively zero)No protocol fee; monetized through other products

The practical question for a passive income allocator is whether to lend to a pool that exposes capital to flash loans at all. My own take, after watching these markets mature, is that the answer depends on the depth of the pool. A deep, liquid pool that supports flash loans earns a small but steady additional yield on top of its baseline utilization rate, and the credit risk of a properly implemented flash loan is essentially zero — the transaction either settles cleanly or it reverts. A thin pool, on the other hand, can be temporarily drained by a single large flash loan, which affects price impact and slippage for ordinary swappers. That's a capital efficiency question, not a credit question, but it is a real one.

Standardization and integration: the role of EIP-3156

If you've ever tried to integrate with multiple DeFi protocols as a developer, you know that the lack of a common interface is one of the most persistent sources of friction in the space. Every lending market, every DEX, every liquidator has historically rolled its own function signatures, its own event formats, its own conventions for repaying a loan. This isn't a curiosity; it's a security risk. Every bespoke interface is a place where a contract can subtly misunderstand what another contract is offering.

EIP-3156 is the Ethereum community's attempt to fix that problem for flash loans specifically. Proposed in November 2020, the standard defines two interfaces: IERC3156FlashLender, which any protocol offering flash loans should implement, and IERC3156FlashBorrower, which any contract wanting to take out a flash loan should implement. The standard specifies the function signatures, the callback structure, and the way the fee should be reported and paid. The point is not to dictate implementation; it's to make it possible for one well-written contract to call multiple flash-loan-capable protocols without rewriting itself for each one.

There's a related point that's easy to miss: only smart contracts can execute flash loans directly. An ordinary externally owned account — the kind of wallet you use to send a simple transfer — cannot perform the borrow-and-repay sequence in a single transaction. The atomicity guarantee is enforced at the contract level, and the EVM has to see the entire sequence wrapped in a single function call. If you're a non-technical user wanting to participate in a flash loan strategy, you do so by interacting with a contract someone else has built and audited, not by calling a protocol directly from your wallet. That's an important guardrail, and it's part of why flash loan exploits tend to be sophisticated: the attacker has to be able to read, write, and reason about Solidity at a working level.

For a passive income allocator, the practical significance of EIP-3156 is not in the code itself but in what its adoption signals. A protocol that implements EIP-3156 is signaling that it has thought carefully about its flash loan interface, that it has been reviewed against a known standard, and that it is participating in the broader effort to make DeFi composable in a safe way. A protocol that has rolled its own bespoke implementation may still be excellent — Aave, for instance, had a working flash loan product long before EIP-3156 existed — but the absence of standardization is, at minimum, a yellow flag for the careful reader. It's also worth noting that EIP-3156 is not universally adopted. Older deployments, custom variants, and protocols on non-EVM chains may not implement the standard. As an allocator, that doesn't mean those protocols are unsafe; it means you should read their documentation carefully, understand their callback flow, and not assume that a flash loan interface that works on one protocol will port cleanly to another.

Legitimate use cases: arbitrage, swapping, and self-liquidation

Flash loans have a reputation problem, and a lot of it is earned. The most famous flash loan stories in the press are exploits — major protocols drained, governance attacks, nine-figure losses. It would be easy to walk away with the impression that the primitive exists primarily as an attacker's tool. That impression is wrong, and it's worth sitting with the legitimate use cases for a moment, because they are the reason the primitive has survived and matured.

The first and most common legitimate use case is arbitrage. The same asset can trade at slightly different prices on different venues — a centralized exchange, a Curve pool, a Balancer pool, an order book DEX. A trader who notices a discrepancy can borrow a large quantity of the underpriced asset with a flash loan, sell it on the expensive venue, buy it back on the cheap venue, repay the loan plus the fee, and pocket the difference. The beauty of the flash loan is that the trader doesn't need to deploy the capital up front. The entire arbitrage is a single transaction, and the profit is whatever's left after the principal, the fee, and the gas costs.

The second use case is collateral swapping. Imagine you've deposited ETH into a lending protocol and borrowed a stablecoin against it. You want to rotate into a different collateral asset — say, you want to back your loan with stETH instead. In a pre-flash-loan world, you would have to repay the stablecoin debt, withdraw the ETH collateral, deposit the new collateral, and re-borrow — a multi-step process with several transactions, each one exposing you to market movement and gas costs. With a flash loan, you can borrow the stablecoin, repay the debt on your existing position, withdraw the ETH, deposit the stETH, re-borrow the stablecoin, repay the flash loan, and walk away with the new collateral structure intact. The whole rotation happens atomically, in a single transaction, with no intermediate state where your position is undercollateralized.

The third legitimate use case is self-liquidation. If a borrower is approaching a liquidation threshold and the liquidation bonus on their collateral is generous, they can use a flash loan to liquidate themselves: borrow enough to repay their own debt, claim the discounted collateral via the protocol's liquidation mechanism, sell the collateral, repay the flash loan, and keep the spread. From the protocol's perspective, this looks like an ordinary liquidation; from the borrower's perspective, they've captured a discount that would otherwise have gone to an external liquidator.

For a passive income strategist, the real value of flash loans isn't the leverage — it's the frictionless rebalancing they make possible. Capital stays deployed continuously, and that continuity is what compounds.

These three patterns — arbitrage, collateral swap, self-liquidation — are the reason flash loans are not just an attacker's tool. They are infrastructure. They make DeFi more capital-efficient, more responsive, and easier to navigate without constantly monitoring your positions. For someone whose mandate is long-term capital preservation, that's a meaningful thing.

The dark side: oracle manipulation and governance exploits

The same properties that make flash loans useful make them dangerous. Atomicity means the loan either settles or reverts. It does not protect you against a borrower who can manipulate the inputs the protocol uses to evaluate a position.

The most common attack pattern is oracle price manipulation. Many DeFi protocols rely on on-chain price feeds — often a Uniswap pool, a Curve pool, or a Chainlink aggregator — to determine the value of collateral and the size of a borrow position. A flash loan gives an attacker a temporary, large quantity of capital to distort those price feeds. The attacker borrows a flash loan, dumps it into the price oracle to push the implied price of an asset up or down, exploits the temporarily distorted view in another protocol (minting cheap assets, claiming inflated collateral, taking out an undercollateralized loan), and repays the flash loan — all in one transaction. The protocol wakes up the next block with a hole in its balance sheet and a real-world loss.

The second pattern is governance manipulation. Several DeFi protocols allow token holders to vote on proposals, and a proposal that passes can move a meaningful amount of treasury capital. A flash loan of the governance token gives an attacker temporary voting power large enough to swing a vote. The attacker takes out a flash loan of the governance token, votes in favor of a proposal that drains the treasury, repays the loan, and walks away. Various protocol-level vote-locking mechanisms and snapshot-based voting have made this harder over time, but the pattern is still possible on protocols that count voting power by token balance at a single block.

The defense, from a passive income allocator's perspective, is not to avoid protocols that support flash loans. Flash loans are too deeply embedded in the DeFi stack to avoid, and the legitimate use cases are too valuable. The defense is to evaluate how each protocol defends against the failure modes flash loans enable. Does it use a robust price oracle with time-weighted averages and multiple sources? Does it separate voting power from liquid balance? Does it require multiple blocks of token lockup before a vote counts? These are the questions that determine whether a flash loan is a low-cost utility for the protocol's users or an open door for an attacker.

The honest answer is that not every protocol gets these defenses right. The history of DeFi is, in significant part, a history of flash loan exploits, and the protocols that have survived and grown are the ones that learned from them. When you allocate capital to a lending market, you are implicitly betting that its defenses are adequate. That bet is not free, and it is not a one-time decision. The market changes, the attack surface changes, and the protocols that earned your trust last year may need to earn it again this year.

So where does all of this leave a passive income allocator who is looking at a lending market and trying to figure out how flash loans fit into the picture?

The first thing I'd say is that flash loans themselves are not the risk. They are a credit primitive with a clean, well-defined failure mode: the transaction either reverts or it doesn't. The risk lives in the protocols that interact with flash loans — in the price oracles, in the governance mechanisms, in the liquidation logic, in the assumptions about how much liquidity is available at any given moment. If you're allocating to a money market, you should understand whether the protocol exposes its liquidity to flash loans, what fee it charges, and how it monitors for manipulation. You should also understand that a low flash loan fee is not, by itself, a sign of weakness; it is a sign of competition, and competitive markets tend to drive fees toward the cost of capital.

The second thing is that the legitimate use cases for flash loans — arbitrage, collateral swap, self-liquidation — are good for capital efficiency. They keep markets tight, they keep prices aligned, and they make it easier for you to rotate your positions without leaving a window of undercollateralization. A protocol with active flash loan usage is, in many ways, a healthier protocol than one without. The capital is moving, the spreads are tightening, and the depositors are earning a small additional yield on top of their baseline rate.

The third thing is that the exploits are real, and they are the cost of doing business in a permissionless environment. They are also, in a strange way, the proof that the system is working. The same atomicity that lets a flash loan settle in one block also lets an exploit revert in one block. The protocols that have built up meaningful track records — Aave, Compound, MakerDAO — have done so because they have been attacked, examined, patched, and re-attacked over and over. The defenses are stronger today than they were three years ago, and they will be stronger three years from now.

If you take one thing away, let it be this: flash loans are a tool, and like any tool, they expand what careful capital can do. They don't replace the work of evaluating a protocol, and they don't substitute for the discipline of monitoring your positions. They make DeFi more capital-efficient, and they make the failure modes more visible. The trade-off is real, but it is navigable, and the long-term baseline of yield you can earn by lending into well-defended money markets remains one of the most sustainable ways I know to put capital to work in this space.

FAQ

How can a flash loan be repaid without collateral?
Flash loans rely on transaction atomicity, which requires the borrower to repay the principal plus fees within the same transaction block. If the borrower fails to return the funds, the entire transaction reverts, ensuring the lender suffers no loss.
Do I need to be a developer to use a flash loan?
Yes, flash loans must be executed via smart contracts because the atomicity guarantee is enforced at the contract level. An ordinary wallet cannot perform the borrow-and-repay sequence in a single transaction.
Are flash loans free to use?
No, most protocols charge a fee, such as Aave's 0.05% or Uniswap's variable tier-based fees. Additionally, even if a transaction fails and reverts, the user must still pay the Ethereum gas costs for the computation.
What is the purpose of EIP-3156?
EIP-3156 is a standard that defines a common interface for flash loan lenders and borrowers. It aims to reduce security risks and technical friction by allowing contracts to interact with multiple protocols using consistent function signatures and callback structures.
How do flash loans contribute to DeFi exploits?
Attackers use flash loans to temporarily acquire large amounts of capital to manipulate price oracles or gain excessive voting power. This allows them to exploit protocol vulnerabilities, such as minting cheap assets or draining treasuries, within a single transaction.

By Loretta Cummings