39 lines
1.3 KiB
Markdown
39 lines
1.3 KiB
Markdown
---
|
||
title: "Flash Loan Attack"
|
||
type: concept
|
||
tags: [smart-contract, vulnerability, defi, security]
|
||
sources: [blockchain-security-auditor]
|
||
last_updated: 2026-04-20
|
||
---
|
||
|
||
## Definition
|
||
闪电贷攻击(Flash Loan Attack)是 DeFi 特有的攻击向量,利用闪电贷在单笔交易内借用大量资产、操纵市场状态并获取利润的攻击方式。
|
||
|
||
## Characteristics
|
||
- **无抵押**:利用区块内临时资金
|
||
- **原子性**:所有操作在单笔交易内完成
|
||
- **大规模**:可借用数百万甚至数亿资产
|
||
- **瞬时性**:交易结束后状态回滚(除非成功)
|
||
|
||
## Common Targets
|
||
- 借贷协议的抵押品 valuation
|
||
- AMM 流动性池价格
|
||
- 跨协议收益聚合器
|
||
- 治理系统(Flash Loan Voting)
|
||
|
||
## Attack Patterns
|
||
1. **预言机操纵**:借用资产操纵价格后套利
|
||
2. **重入攻击**:借用资产触发重入漏洞
|
||
3. **治理攻击**:借用代币操纵投票
|
||
|
||
## Notable Examples
|
||
- Euler Finance ($197M, 2023):donate-to-reserves 操纵
|
||
- Balancer ($2M, 2021):嵌套 Flash Loan
|
||
- Cream Finance ($130M, 2021):Flash Loan + 重入
|
||
|
||
## Connections
|
||
- [[DeFi Attack Vector]] ← is_type_of ← [[Flash Loan Attack]]
|
||
- [[Oracle Manipulation]] ← often_combines_with ← [[Flash Loan Attack]]
|
||
- [[Reentrancy]] ← can_combine_with ← [[Flash Loan Attack]]
|
||
|