Flash Loan Exploit
Borrow uncollateralised capital atomically; use it to manipulate price oracles, drain liquidity, or vote on governance, repay in the same tx.
§ Where this technique fits
W3-FLASH-LOAN is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 3 approved dossiers in the registry, typically at step 1.7 on average.
§ Dossiers chaining this technique
- step 1 / 5
Flash-loan veCRV → capture Curve gauge → emission redirect
Snapshot voting on Curve gauges uses veCRV balance at a specific block. Borrow large CRV via flash-loan, lock for max veCRV, vote in attacker pool's favour, unlock (or accept the limit) — emissions redirected for the epoch.
- step 2 / 6
Flash loan + oracle manipulation → drain DEX
DeFi contract reads spot price from a single pool. Borrow a flash loan, distort the pool, exploit the dependent contract while price is wrong, repay the loan in the same transaction.
- step 2 / 6
Flash-loan governance attack → DAO admin
Voting power = token balance at snapshot. Borrow enormous quantity via flash loan inside the snapshot tx, vote yourself in as admin, repay loan.
§ What commonly comes next
- 01Account Manipulationseen 1×T1098 · Persistence
- 02Curve veCRV Vote Captureseen 1×DEFI-CURVE-GOV · Privilege Escalation
- 03DAO Governance Takeoverseen 1×W3-GOV-TAKEOVER · Privilege Escalation
- 04Exfiltration Over C2 Channelseen 1×T1041 · Exfiltration
- 05Price Oracle Manipulationseen 1×W3-ORACLE-MANIP · Impact