V-Cred: Flash-loans on Binance Smart Chain

TL;DR This project is the first to bring flash-loans to Binance Smart Chain (as of 31.01.2021). The first version of the prototype submitted for Encode club hackathon is available here: https://vijayengineer.github.io/V-Cred-EncodeHack/

My goal was to use the low gas fees in Binance smart chain and explore leveraged triangular arbitrage using “flash loans” .

Simple flash-loan description

Flash Loan, is an emerging service in the decentralised finance ecosystem which allows traders to request a non-collateral loan as long as the debt is repaid within a single transaction. If the transaction reverts fees are not paid, and just gas fees are incurred by borrower.

Binance Smart Chain:

Binance smart chain is an EVM compatible chain built as an independent layer 2 solution. It’s easy to configure dev tools i.e. Truffle, Solidity, Ganache and develop further on existing projects in Ethereum main-net. I was always interested in flash loans since the first collateral-swap use-cases. Two major issues which I faced in integrating flash-loans were gas fees and front running by bots/users.

First Flash-loans based on DAI/SAI swaps

This was one of the first collateral swap flash loans made in early 2020. As you can see the gas fees of 27$ implies that a strong inefficiency is necessary.

Binance Smart Chain currently has very low gas fees, and since it’s younger than main-net there will be greater set of arbitrage opportunities. In general there are several use cases for flash-loans such as:

• Arbitrage between decentralised exchanges: Looking at differences in pricing or inefficiencies between exchanges
• Liquidation of crypto loans on lending platforms like Compound, dYdX, etc.: The main purpose is to prevent any liquidation fees
• Refinancing Crypto Loans or Maker Vaults: interest rate swaps to exploit better interest rates for refinancing.

The simplest use case is arbitrage, and as explained earlier the early stage of BSC provides ample opportunities for triangular arbitrage so let’s explore it in detail.

Triangular arbitrage: Access problem?

Triangular arbitrage

In centralised finance Triangular arbitrage is the result of a discrepancy between three foreign currencies that occurs when the currency’s exchange rates do not exactly match up. A trader employing triangular arbitrage would exchange an amount at one rate (EUR/USD), convert it again (EUR/GBP) and then convert it finally back to the original (USD/GBP).

To execute a successful arbitrage 3 requirements are necessary:

1. Enormous capital to take advantage of these tiny spreads.

2. Automated trading strategy to constantly scout inefficiencies.

3. Low latency code to connect and deploy the strategy.

Hard barriers set by these three requirements put triangular arbitrage out-of-reach of ordinary investors thus monopolised by large funds.

DeFi democratises 2,3: It’s possible for anyone to spin up a node, and connect with sufficient capital. Since ERC20 tokens i.e. alts exhibit a lot of volatility there is ample scope for arbitrage opportunities. However the capital requirement i.e. requirement 1 keeps it out of reach of ordinary investors/hackers….

Enter Flashloans: By getting collateral free loan for 1 transaction flash-loan democratises access to small investors. For early networks like Binance Smart Chain this can increase user base and transaction volume. In August 2020 for example Aave protocol had atleast 300 Million $ worth of flash loan volume. Even with high gas fees significant flash loan transactions are taking place as shown in Aave watch. A detailed description is available here.

Flashloan implementation:

The basic logic of the Flash Loan smart contract is:

1. Call a Lending Pool requesting some amount of ERC20 compatible assets
2. The Lending Pool transfers the requested amount
3. The user adds their logic to the smart contract
4. The smart contract checks the final balance after execution. If the balance checks out the transaction are accepted and if not — reverted

This was mainly used as a template for flashloan implementations in other blockchains. However in 2021 there is an opportunity to implement potentially a safer design pattern. The main issues with the previous pattern are the following vulnerabilities:

1. Re-entrancy by borrower: The lender can deposit the money in Lending pool, then borrow a flash-loan and repay it tricking the contract.
2. Interest rate: A contract can pose as a trusted lending pool contract, and try to charge exorbitant fees i.e. just enough to drain out all the assets in the borrower contract which was meant for fees.
3. Multiple borrows or grief attacks: A malicious contract can simply perform several transactions draining the intermediate contract.

For V-Cred prototype not all vulnerabilities can be addressed, however a simpler design pattern was adopted which is safer:

1. Re-entrancy guard by having a separate lending pool i.e. deposit pool contract and borrower contract.
2. Lender deposits on the deposit pool contract, and can only withdraw from lending pool contract
3. Borrower checks borrow fee or rate, and then performs the flash borrow eliminating interest rate threat.
4. Loan repayment is performed i.e. request is recorded before the transaction is sent out.

(This is however an MVP so please do not use this in production. )

V-Cred implementation:

As explained in the previous section based on the safer flash loan design pattern the following architecture was designed:

Triangular arbitrage flash-loan

Liquidity providers are interested in getting risk free interest. Flash-loans paradoxically provide the best risk free opportunities for liquidity providers. The loan has to be repaid otherwise the transaction will fail, so the safety is just limited by contract software risk.

To incentivise the product a very low interest rate of 0.01% fee for the borrower was considered. Since liquidity providers are essential they take 70% of the overall fee i.e. 0.007% fee to the liquidity provider and rest for maintaining the network. On the other side the trader/hacker can deposit a small amount of capital and exploit the arbitrage opportunity paying fees lower than main-net implementations. Thus V_Cred aims to provide a strong business model which exploits the arbitrage opportunities whilst benefiting all the ecosystem participants.

MVP:

The prototype comprised of 3 working parts:

1. Front end i.e. a website hosted on Github which will demonstrate an easy way to on-board lenders and borrowers, including an oracle showing triangular arbitrage opportunities. This was hosted on Github pages and will work only on Metamask at Binance smart chain test net. https://vijayengineer.github.io/V-Cred-EncodeHack/
2. React app: One for the price oracle to simulate the triangular arbitrage, and another for the front end for the contracts. Since this is testnet, a simulation was performed with an oracle providing the correct exchange rates. Dashboard of current arbitrage opportunities was created with Band Oracle to provide decentralised unfalsifiable to user about whether it makes sense to execute a flash loan. It’s available for viewing at https://vijayengineer.github.io/V-Cred-BSCOracle/
3. The smart contracts: Flash loan contract, lending pool or deposit pool contracts which inherit the lending and borrowing contracts following the safer flash-loan design pattern outlined above. All the code for the solidity contracts is hosted at: https://github.com/vijayengineer/V-Cred-EncodeHackathon

I have deployed the infrastructure smart contracts in BSC testnet:

1. Deposit pool: 0xCCcd586C777BA2817F75e04c4e7305cc77C710F9
2. Flash loan contract: 0xf54869C182C68641beD678EBad3A913D78f13018

Testing the MVP:

Have a look at the demo of the MVP:

https://www.youtube.com/watch?v=GSuM9SB4NYs

The steps performed are as follows:

1. Lender deposits 1 Bitcoin(Bitcoin BEP-20 token) into the lending pool contract. Lender expects a return of about 0.001 BTC for a successful flash loan.
2. Hacker deposits the fee of 0.001 BTC to the flash-loan contract.
3. Arbitrage opportunity is monitored using the band oracle. An arbitrage opportunity with BTC/ETH/DAI was observed. The hacker executes an arbitrage (simulated by the oracle) by borrowing 1 BTC.

Screenshot of calculated values from Band oracle

Let us examine an arbitrage opportunity. For BTC/ETH/DAI its about 0.015%. So the hacker can make a profit of about 17$!!! The best part is that this was made by investing as low as 32$. Hidden cost is the gas fees which is very low in Binance smart chain making no impact on profit!

The transaction which was explained in the video is shown here.

The next steps for V-Cred would be to deploy it on main-net to open up for cross decentralised exchange arbitrage. With low capital requirements flash loans can disrupt the trading market and reduce inefficiencies helping all market participants.