We develop flash loan protocols for DeFi projects — uncollateralized atomic credits within a single transaction. A flash loan is an atomic loan: you borrow any amount, perform arbitrage, liquidation, or collateral swap, and repay in the same transaction. If repayment fails, the entire transaction reverts. This provides enormous leverage without capital but demands flawless implementation.
We integrate flash loans into your protocols on Solidity using the EIP-3156 standard and proven architectures like Aave V3. The goal is to borrow, execute actions, and repay with a premium in one transaction. The core is the executeOperation() callback on the receiver contract.
The main challenge: EVM atomicity guarantees a revert on non-repayment, but the callback opens doors for reentrancy attacks. We isolate contracts via ReentrancyGuard and caller checks, and eliminate fee rounding errors. Our track record: 5+ years in DeFi, 20+ implemented protocols, 3 successful audits. Our solutions handle 2x more volume than vanilla implementations due to gas optimizations.
Flash Loan Protocol Architecture
Execution Mechanics
Classic Aave V2 pattern: the pool calls executeOperation() on the receiver address, transfers assets, the receiver does its work, returns assets + premium. The entire scenario is a single flashLoan() call, one transaction, one block.
Aave V3 introduced flashLoanSimple() for a single asset (30% cheaper gas) and reworked the receiver interface to IFlashLoanSimpleReceiver. The EIP-3156 standard formalized a common interface: flashLoan(receiver, token, amount, data) and mandatory callback onFlashLoan(). If building a protocol for integrations — support both interfaces.
Implementation Types
| Type |
Number of Tokens |
Complexity |
Example |
| Single-asset (EIP-3156) |
1 |
Low |
Uniswap V3 flash swaps |
| Multi-asset batch |
Several |
Medium |
Aave V3 flashLoan() |
| Callback-less |
1 |
High |
Uniswap V2 |
Single-asset flash loans (EIP-3156 compliant): one token, one receiver, minimal gas (30% less than multi-asset). Suitable for protocols monetizing idle liquidity.
Multi-asset batch loans (Aave-style): multiple tokens in one transaction. More complex implementation but enables scenarios like "borrow ETH + USDC simultaneously for arbitrage on a pool."
Callback-less flash loans (Uniswap V2-style): the pool sends tokens first, receiver returns them at the end of the transaction via a separate call. Less secure — the receiver must protect against reentrant calls.
Key Security Issues
Reentrancy via Flash Loan Callback
Standard trap: the receiver contract calls another pool function inside executeOperation(). Without protection, an attacker can alter pool state before the original transaction completes.
// INCORRECT: reentrancy possible
function flashLoan(address receiver, uint256 amount) external {
uint256 balanceBefore = token.balanceOf(address(this));
token.transfer(receiver, amount);
IFlashLoanReceiver(receiver).executeOperation(amount, fee, msg.sender);
// receiver could have called deposit() and altered balanceBefore logic
require(token.balanceOf(address(this)) >= balanceBefore + fee);
}
Solution: apply nonReentrant modifier from OpenZeppelin on flashLoan() and all state-changing functions (deposit, withdraw, borrow).
Caller Verification in Receiver Contract
function executeOperation(
address asset,
uint256 amount,
uint256 premium,
address initiator,
bytes calldata params
) external override returns (bool) {
require(msg.sender == address(LENDING_POOL), "Invalid caller");
require(initiator == address(this), "Invalid initiator");
// logic
}
Without this check, an attacker can directly call executeOperation() on the receiver, impersonating a flash loan.
Fee Accounting and Precision Issues
Typical bug: fee = amount * FEE_BPS / 10000 where FEE_BPS = 9 (0.09%). For small amounts (e.g., 1 wei), the result rounds to 0. An attacker splits one large loan into thousands of tiny ones and pays no fee. Protection: enforce a minimum absolute fee (1 wei) and check amountOwed > amount rather than >= amount + fee_calculated.
How We Build a Flash Loan Protocol
Stack: Solidity 0.8.x, OpenZeppelin 5.x, Foundry for testing.
The pool contract stores liquidity via a mapping token => PoolState which includes totalLiquidity, totalBorrowed, and a feeAccumulator for LP rewards. Fees increase the LP token exchange rate — yield without separate claim.
Access control: OpenZeppelin AccessControl with roles PAUSER_ROLE, FEE_SETTER_ROLE (under timelock governance), ASSET_MANAGER_ROLE.
Circuit breaker: if more than 10% of liquidity leaves in a block — automatic pause. Implemented via a _blockLoanVolume mapping and check at the start of flashLoan(). Threshold set by governance.
Key Architecture Points
- Modularity: separation into pool, receiver, fee distributor.
- Gas optimization: use assembly for balance checks, packed structs (saves 15% gas).
- Security: ReentrancyGuard, check-effects-interactions, minimum fee.
- Testability: Foundry fork tests, Echidna fuzzing.
Testing
Fork tests on Ethereum mainnet are critical. We run with Foundry:
- Standard loan and repayment with fee (verify premium is 0.09% of amount)
- Attempt to not repay — transaction must revert
- Reentrancy attack on
flashLoan() via malicious receiver
- Zero fee at minimal amount (check anti-dust logic ensures fee > 0)
- Stress: 100 consecutive loans at maximum volume (tested up to 1000 ETH)
Fuzzing with Echidna with invariant: totalLiquidity after any sequence of operations is not less than sum of deposits minus withdrawals.
How to Avoid Reentrancy in Flash Loan Implementation
Use ReentrancyGuard on all state functions, verify caller in receiver, and implement a circuit breaker on loan volume per block. This closes the main attack vectors.
Legitimate Use Cases — Why Build It
Flash loans are not just for attacks. The protocol enables:
- Capital-free arbitrage (price equalization across DEXes)
- Self-liquidation (avoid penalties in liquidation)
- Collateral swap (replace collateral without closing position)
- Leverage unwinding (exit a leveraged position in one transaction)
Estimated Timelines and Costs
| Stage |
Duration |
Cost Estimate |
| Basic EIP-3156 protocol |
3-5 days |
$5,000 |
| Multi-asset pool + LP tokens |
1-1.5 weeks |
$12,000 |
| Integration with existing protocol |
1-2 weeks |
$15,000-$20,000 |
Cost is determined individually after requirements analysis.
What's Included
- Requirements analysis and architecture design
- Development of pool and receiver interface tailored to your scenarios
- Writing tests (unit, fork, fuzzing)
- Contract documentation and deployment guide
- Code review and basic security audit
- Support during integration phase
Get a consultation for your project. We'll assess the task within 1-2 days. Order turnkey development.
DeFi Protocol Development
We design modular DeFi protocols where the math of stablecoins, liquidity, and oracles works flawlessly. Mango Markets is a stress test: the attacker manipulated the spot price through a single account, took a loan against inflated collateral, and withdrew $114 million. The oracle took the price from a single source without TWAP. Not a code bug—it was an architectural decision that became a vulnerability. Our experience shows: any DeFi protocol is a system of bets that all components, from calculations to economic incentives, are correctly aligned simultaneously.
We don't write code under the 'if it works, don't touch it' mindset. We model stress scenarios: cascading liquidations, depegs, flash loans. Only then do we build events that won't break the protocol.
Why are oracles a critical component of DeFi?
Most major DeFi hacks started with oracle manipulation. Let's break down the three layers we use in every project.
Spot price as oracle—not an option. Uniswap v2 spot price can be shifted by a flash loan in one transaction. The price at the end of the block is the only one that enters the state, and the oracle reads it. Attack scheme: borrow via flash loan → buy asset into the pool → price rises → take a loan against inflated collateral → sell asset → repay flash loan. One transaction.
TWAP as protection. Uniswap v3 observe() averages the price over a period (30 minutes). Manipulation requires maintaining the price for several blocks—this is expensive. But TWAP reacts slowly to legitimate changes, opening a window for arbitrage on liquidation during sharp movements.
Chainlink Price Feeds are an aggregation from multiple data providers with a median. Standard for lending. Problem: heartbeat 1–24 hours and deviation threshold 0.5%. If the price doesn't move, the feed may not update for a day. In volatile markets—lag.
| Oracle |
Mechanism |
Manipulation Protection |
Latency |
| Chainlink |
Median from independent providers |
High (decentralization) |
Up to 24h at 0% movement |
| Uniswap v3 TWAP |
Average price over N blocks |
High (hard to maintain) |
30 min – 1 h |
| Pyth Network |
Cross-chain low-latency |
Medium (dependent on publisher) |
Seconds |
In production, we use a two-tier check: Chainlink aggregator + Uniswap v3 TWAP as a verifier. If the discrepancy exceeds N%, the transaction is rejected and the system is paused.
How to protect a DeFi protocol from flash loan attacks?
Flash loans turn any user into an owner of unlimited capital for one transaction. Therefore, when designing contracts, we assume: everyone has access to unlimited capital. This completely changes the threat model.
Legitimate uses of flash loans are arbitrage, liquidation, and self-liquidation. But the protocol must verify that the loan is not used for manipulation: the oracle must not read the price from a pool that can be shifted in one transaction. We add checks on block.timestamp and minimum liquidity depth.
Key Components of DeFi Architecture
| Protocol Type |
Core Mechanism |
Main Risk |
| DEX (AMM) |
x*y=k or concentrated liquidity |
impermanent loss, oracle manipulation |
| Lending |
collateral ratio, liquidation |
bad debt during cascading liquidations |
| Yield aggregator |
auto-compounding strategies |
rug via strategy upgrade |
| Derivatives / Perps |
funding rate, mark price |
liquidation cascades, socialized losses |
| Liquid staking |
stETH-style rebasing |
depegging on mass unstake |
AMM: From x*y=k to Concentrated Liquidity
Uniswap v2 uses x * y = k. LP tokens are ERC-20—each pool issues its own token proportional to the share. Problem: liquidity is spread across the entire curve, most of it unused.
Uniswap v3 and ERC-721 positions: concentrated liquidity—LPs provide liquidity in a range [priceLow, priceHigh]. Capital efficiency up to 4000x for stable pairs. But ERC-721 breaks vault strategies built for ERC-20. Range management is a separate engineering challenge: a position falls out of range when the price moves, stops earning fees, and becomes single-asset. Protocols like Arrakis Finance automatically rebalance. If you build a vault on top of v3, you need your own range manager or integration with an existing one.
Slippage in v3 is calculated via sqrtPriceX96—96-bit fixed-point math. Errors on the frontend lead to discrepancies between visible and actual slippage.
Curve for pairs with close prices (stablecoin/stablecoin, stETH/ETH) uses an invariant combining constant product and constant sum. Lower slippage within the peg range. Contracts are in Vyper, code is mathematically dense, auditing is difficult.
Lending Protocols: Collateral, Liquidation, Bad Debt
LTV defines the maximum loan against collateral. Liquidation threshold is the level for liquidation. The difference is the buffer for the liquidator. Typical example: LTV 75%, liquidation threshold 80%, bonus 5%. If the price drops 20%+, the position is open for liquidation.
Cascading liquidations: many positions are liquidated simultaneously → liquidators sell collateral → price drops → next wave. LUNA/UST 2022 is a classic cascade.
If collateral devalues faster than liquidation, the protocol incurs bad debt. Aave uses a Safety Module (staked AAVE), Compound uses reserves. Without a backstop, bad debt is socialized via dilution of the supply token or netting.
Designing a liquidation system requires modeling stress scenarios: a single liquidation bot failure, high gas, collateral delisting.
Yield Farming and Incentive Mechanics
Liquidity mining distributes governance tokens to LP providers. Problem: mercenary capital—farmers come, sell tokens, leave. TVL is illusory.
Sustainable mechanics: protocol-owned liquidity (Olympus bonding), veToken (CRV locked → boost + governance), locked staking with penalty. The ve-model, if implemented incorrectly, creates governance concentration. A timelock on gauge weight changes and limits on voting power are needed.
What Our DeFi Protocol Development Includes
- Architectural documentation: contract interaction diagrams, liquidation stress tests, oracle calculations.
- Implementation in Solidity 0.8.x with OpenZeppelin 5.x (AccessControl, ReentrancyGuard, Pausable, TimelockController) and Solmate for gas-optimized base contracts.
- Foundry fork tests on real mainnet (Uniswap, Chainlink, Aave) — pre-deployment tests cover all scenarios.
- Audit: at least two independent auditors for TVL over $1M. Code4rena or Sherlock for bug bounty.
- Deployment with Gnosis Safe 3/5 multisig + timelock 48–72 hours.
- Monitoring via Tenderly (alerts, simulations), OpenZeppelin Defender (automation), Forta (on-chain threat detection).
- Post-launch support: updates, patches, upgrades via proxy.
Our Expertise and Experience
We have been developing DeFi protocols since 2020, delivering 30+ projects with a combined TVL of over $150 million. Our clients include protocols in the top 20 by TVL on Ethereum, Arbitrum, and Base. The team consists of certified Solidity developers who have completed ConsenSys Diligence audit tracks.
DeFi basic principles that we apply in practice.
Timelines
- DEX with AMM (Uniswap v2 fork): 6–10 weeks
- Lending protocol (Aave-style, single collateral): 3–5 months
- Yield aggregator with multiple strategies: 2–4 months
- Full-fledged DeFi protocol with governance: 5–8 months including audit
Cost is calculated individually—contact us for a project estimate.
Get a consultation on DeFi protocol architecture—we will analyze the risks and propose an optimal solution.