title, type, tags, sources, last_updated
| title |
type |
tags |
sources |
last_updated |
| Flash Loan Attack |
concept |
| smart-contract |
| vulnerability |
| defi |
| security |
|
| blockchain-security-auditor |
|
2026-04-20 |
Definition
闪电贷攻击(Flash Loan Attack)是 DeFi 特有的攻击向量,利用闪电贷在单笔交易内借用大量资产、操纵市场状态并获取利润的攻击方式。
Characteristics
- 无抵押:利用区块内临时资金
- 原子性:所有操作在单笔交易内完成
- 大规模:可借用数百万甚至数亿资产
- 瞬时性:交易结束后状态回滚(除非成功)
Common Targets
- 借贷协议的抵押品 valuation
- AMM 流动性池价格
- 跨协议收益聚合器
- 治理系统(Flash Loan Voting)
Attack Patterns
- 预言机操纵:借用资产操纵价格后套利
- 重入攻击:借用资产触发重入漏洞
- 治理攻击:借用代币操纵投票
Notable Examples
- Euler Finance ($197M, 2023):donate-to-reserves 操纵
- Balancer ($2M, 2021):嵌套 Flash Loan
- Cream Finance ($130M, 2021):Flash Loan + 重入
Connections
