Auto-sync: 2026-04-21 00:02

wiki/concepts/Flash-Loan-Attack.md

@@ -0,0 +1,38 @@
+---
+title: "Flash Loan Attack"
+type: concept
+tags: [smart-contract, vulnerability, defi, security]
+sources: [blockchain-security-auditor]
+last_updated: 2026-04-20
+---
+
+## Definition
+闪电贷攻击（Flash Loan Attack）是 DeFi 特有的攻击向量，利用闪电贷在单笔交易内借用大量资产、操纵市场状态并获取利润的攻击方式。
+
+## Characteristics
+- **无抵押**：利用区块内临时资金
+- **原子性**：所有操作在单笔交易内完成
+- **大规模**：可借用数百万甚至数亿资产
+- **瞬时性**：交易结束后状态回滚（除非成功）
+
+## Common Targets
+- 借贷协议的抵押品 valuation
+- AMM 流动性池价格
+- 跨协议收益聚合器
+- 治理系统（Flash Loan Voting）
+
+## Attack Patterns
+1. **预言机操纵**：借用资产操纵价格后套利
+2. **重入攻击**：借用资产触发重入漏洞
+3. **治理攻击**：借用代币操纵投票
+
+## Notable Examples
+- Euler Finance ($197M, 2023)：donate-to-reserves 操纵
+- Balancer ($2M, 2021)：嵌套 Flash Loan
+- Cream Finance ($130M, 2021)：Flash Loan + 重入
+
+## Connections
+- [[DeFi Attack Vector]] ← is_type_of ← [[Flash Loan Attack]]
+- [[Oracle Manipulation]] ← often_combines_with ← [[Flash Loan Attack]]
+- [[Reentrancy]] ← can_combine_with ← [[Flash Loan Attack]]
+