XRP Ledger’s design blocks flash-loan attacks but sacrifices some DeFi tools
A draft XRPL amendment states flash loan attacks are "structurally impossible" on the network because transactions are atomic without composable intra-transaction calls. That design means an XRPL transaction either fully succeeds or fully fails, but unlike Ethereum an XRPL transaction cannot call into another contract during its execution.
The borrow-manipulate-repay sequence that defines flash loan attacks needs nested operations inside a single transaction envelope, which XRPL disallows. Flash loans have been central to many recent DeFi exploits. Thorchain lost roughly $10.8 million on May 15 in a cross-chain attack.
Drift Protocol and KelpDAO together accounted for more than $600 million in losses through April, and cross-chain bridges have lost over $2.8 billion to attacks since 2021. The XRPL choice carries trade-offs. Flash loans also serve legitimate uses—arbitrage between exchanges, collateral swaps and liquidation bots—and are offered by platforms such as Aave and dYdX.
xrp ledger, flash loans, atomic transactions, defi exploits, thorchain, drift protocol, kelpdao, cross-chain bridges, aave, dydx