---
title: "Flash Loan Attack"
type: concept
tags: [smart-contract, vulnerability, defi, security]
sources: [blockchain-security-auditor]
last_updated: 2026-04-20
---

## Definition
闪电贷攻击（Flash Loan Attack）是 DeFi 特有的攻击向量，利用闪电贷在单笔交易内借用大量资产、操纵市场状态并获取利润的攻击方式。

## Characteristics
- **无抵押**：利用区块内临时资金
- **原子性**：所有操作在单笔交易内完成
- **大规模**：可借用数百万甚至数亿资产
- **瞬时性**：交易结束后状态回滚（除非成功）

## Common Targets
- 借贷协议的抵押品 valuation
- AMM 流动性池价格
- 跨协议收益聚合器
- 治理系统（Flash Loan Voting）

## Attack Patterns
1. **预言机操纵**：借用资产操纵价格后套利
2. **重入攻击**：借用资产触发重入漏洞
3. **治理攻击**：借用代币操纵投票

## Notable Examples
- Euler Finance ($197M, 2023)：donate-to-reserves 操纵
- Balancer ($2M, 2021)：嵌套 Flash Loan
- Cream Finance ($130M, 2021)：Flash Loan + 重入

## Connections
- [[DeFi Attack Vector]] ← is_type_of ← [[Flash Loan Attack]]
- [[Oracle Manipulation]] ← often_combines_with ← [[Flash Loan Attack]]
- [[Reentrancy]] ← can_combine_with ← [[Flash Loan Attack]]