โก Flash Loan Attacks: Borrow, Vote, Profit
Understand how attackers borrow tokens to manipulate votes
Defend against hostile takeovers and manipulation
Your Progress
0 / 5 completedโก Flash Loan Governance Hijacking
Flash loans let you borrow millions with zero collateralโrepay in the same transaction or it reverts. Perfect for governance attacks. Borrow tokens โ vote โ execute โ repay. Total time: 13 seconds. Total cost: $10K. Potential profit: $182M (Beanstalk). Here's exactly how it works.
๐ฎ Interactive: Attack Anatomy
Walk through each step of a flash loan governance attack. Click through the 7-step process attackers use to hijack DAOs.
Borrow Tokens
Attacker borrows massive amount of governance tokens from Aave/Compound in single transaction
Borrow 10M tokens (30% of supply)
$0 (repay in same transaction)
None yet - just borrowed
๐ฏ Beanstalk Case Study (April 2022)
๐ก Key Insight
Flash loan attacks work because governance tokens = voting power, and flash loans let you rent voting power for free (repay in same block). If your quorum is 20% and attacker can borrow 25% of supply, your DAO is exploitable. The solution isn't banning flash loans (impossible)โit's making attacks economically unviable through timelocks, snapshot voting, and higher quorums. Defense must assume attackers have infinite borrowing capacity.