ChainScore Labs
All Guides

Flash Loans Using NFTs

LABS

Flash Loans Using NFTs

Chainscore © 2025

Core Concepts

Foundational knowledge required to understand the mechanics and risks of NFT flash loans.

Flash Loan

A flash loan is an uncollateralized loan that must be borrowed and repaid within a single blockchain transaction. This atomicity is enforced by the protocol, which reverts the entire transaction if repayment fails.

  • Enables large-scale capital deployment without upfront collateral.
  • Transaction atomicity eliminates default risk for lenders.
  • Critical for complex arbitrage, collateral swapping, and liquidation strategies.

NFT Collateralization

NFT collateralization involves using a non-fungible token as loan collateral. Its unique, illiquid nature creates specific challenges for valuation and liquidation.

  • Requires price oracles or valuation mechanisms for the NFT.
  • Liquidation processes are more complex than with fungible assets.
  • Enables leveraging NFT holdings for liquidity without a permanent sale.

Flash Loan Initiator

The flash loan initiator is a smart contract that requests the loan, executes operations, and ensures repayment. It is the central logic hub of the transaction.

  • Must implement a specific callback function for the lender to invoke.
  • Contains the business logic for arbitrage, collateral swaps, or refinancing.
  • Bears the gas cost for the entire, potentially complex, transaction sequence.

Atomic Transaction

An atomic transaction is a sequence of operations that either all succeed or all fail, with no intermediate state persisted. This is the core security model for flash loans.

  • Guarantees the lender is always repaid or the loan never occurs.
  • Allows initiators to execute risky strategies without capital risk.
  • Implemented via Ethereum's revert mechanism or similar state rollbacks.

Arbitrage & Liquidation

Arbitrage and liquidation are primary use cases for NFT flash loans, exploiting price differences or undercollateralized positions across platforms.

  • Buy an undervalued NFT on one marketplace and sell it on another.
  • Repay a user's undercollateralized loan, claim their NFT collateral at a discount, and sell it.
  • Profits are captured within the same transaction after repaying the flash loan.

Price Oracle

A price oracle is a trusted external data source that provides real-time price feeds for NFTs, which are critical for determining loan-to-value ratios and triggering liquidations.

  • Can be decentralized (e.g., NFTX floor prices) or centralized.
  • Oracle manipulation is a key attack vector for flash loan exploits.
  • Essential for any lending protocol accepting volatile NFT collateral.

How NFT Flash Loans Work

Process overview

1

Initiate the Flash Loan

Borrower requests NFTs from a liquidity pool within a single transaction.

Detailed Instructions

The borrower initiates the flash loan by calling the executeOperation function on the lending protocol's smart contract, passing the desired NFT IDs and the contract address of their custom logic. The key is that the entire loan logic—borrow, use, repay—must be encoded within this single transaction. The protocol's flash loan provider contract will first verify the borrower's contract implements the required callback interface.

  • Sub-step 1: Construct the transaction data, specifying the target NFT collection and token IDs.
  • Sub-step 2: Define the onFlashLoan callback receiver address (your contract).
  • Sub-step 3: Submit the transaction, which the protocol will revert if the callback logic fails or repayment isn't fulfilled.
solidity
// Example function call to initiate a flash loan
IFlashLoanReceiver(receiver).onFlashLoan(
    msg.sender,
    nftAddress,
    tokenIds,
    fees,
    data
);

Tip: The initiating contract must approve the protocol to transfer the NFTs back at the end of the transaction, often handled within the callback.

2

Execute Arbitrage or Strategy

Use the borrowed NFTs to perform a profitable action before returning them.

Detailed Instructions

Upon receiving the NFTs, the borrower's contract executes its predefined strategy within the onFlashLoan callback. A common use case is NFT arbitrage, where the contract uses the borrowed NFT as collateral to mint a derivative or claim an airdrop on another platform. The contract must calculate all gas costs and protocol fees to ensure the operation remains profitable. The execution is atomic; any revert here causes the entire transaction to fail, protecting the lender.

  • Sub-step 1: Use the NFT to mint a related token on a separate platform (e.g., staking into a yield vault).
  • Sub-step 2: Sell the newly minted token on a DEX or marketplace.
  • Sub-step 3: Calculate the net profit, ensuring it exceeds the flash loan fee plus transaction costs.
solidity
// Snippet showing strategy execution inside the callback
function onFlashLoan(
    address initiator,
    address nft,
    uint256[] calldata tokenIds,
    uint256[] calldata premiums,
    bytes calldata params
) external override returns (bytes32) {
    // 1. Perform action with borrowed NFT
    IOtherProtocol(other).mintWithNFT(nft, tokenIds[0]);
    // 2. Sell the minted asset
    ISwapRouter(router).exactInputSingle(...);
    // 3. Logic continues to repayment...
}

Tip: Always simulate the transaction with tools like Tenderly or Foundry's forge test to verify profitability under current market conditions.

3

Repay the Loan with Fee

Return the borrowed NFTs and pay the protocol's flash loan fee.

Detailed Instructions

Before the transaction concludes, the borrower's contract must repay the principal plus a flash loan fee. For NFTs, this means safely transferring the exact same token IDs back to the lending pool contract. The fee is typically a small percentage of the NFT's value or a fixed amount, and must be paid in the network's native currency or a specified ERC-20. The protocol will verify the repayment in its post-condition check before finalizing the transaction. Failure to transfer the correct NFTs or pay the fee results in a full revert.

  • Sub-step 1: Calculate the total fee owed based on the protocol's parameters and the duration (one block).
  • Sub-step 2: Transfer the borrowed NFTs from your contract back to the lending pool using safeTransferFrom.
  • Sub-step 3: Transfer the calculated fee amount in the required currency to the protocol's fee recipient.
solidity
// Core repayment logic within the callback
// Transfer NFTs back
IERC721(nftAddress).safeTransferFrom(address(this), address(pool), tokenId);
// Pay fee in ETH
(bool success, ) = feeRecipient.call{value: feeAmount}("");
require(success, "Fee transfer failed");
// Approve the protocol to conclude the operation
return keccak256("ERC3156FlashBorrower.onFlashLoan");

Tip: Ensure your contract has sufficient ETH or token balance to cover the fee before initiating the loan; it cannot pull funds from your EOA mid-transaction.

4

Transaction Validation and Settlement

The protocol verifies repayment and atomically settles or reverts the entire operation.

Detailed Instructions

After the callback executes, control returns to the lender's protocol contract for final validation. The contract performs a state comparison, checking that the NFTs are back in its custody and the fee has been received. This is often done by verifying the contract's NFT balance for the specific token IDs and its native token balance. If all conditions are met, the transaction is committed. If not, the entire transaction—including any external swaps or mints—is reverted, leaving the blockchain state as if it never happened. This atomicity is the core security guarantee for the lender.

  • Sub-step 1: The protocol checks its balanceOf for the NFT collection matches or exceeds the pre-loan balance.
  • Sub-step 2: It verifies the fee payment by comparing its ETH or ERC-20 balance.
  • Sub-step 3: If checks pass, the transaction succeeds; otherwise, it reverts, consuming gas but protecting capital.
solidity
// Example of a simplified validation check in a lender contract
function _finalizeFlashLoan(address nft, uint256[] memory tokenIds) internal {
    require(
        IERC721(nft).balanceOf(address(this)) >= preLoanBalance,
        "NFTs not returned"
    );
    require(
        address(this).balance >= preLoanEthBalance + fee,
        "Fee not paid"
    );
    emit FlashLoanRepaid(nft, tokenIds, fee);
}

Tip: The gas cost of a reverted flash loan can be high. Use gas estimation in your front-end to warn users of potential failure conditions before submission.

Primary Use Cases

Capitalizing on Price Discrepancies

Arbitrage is the most common use case for NFT flash loans. A trader borrows a high-value NFT without upfront capital, uses it to exploit a pricing inefficiency across markets, and repays the loan in a single transaction. This is only profitable if the profit from the trade exceeds the flash loan fee.

Key Mechanics

  • Cross-Market Arbitrage: Borrow a Bored Ape, sell it on OpenSea for 100 ETH, buy an identical one on Blur for 95 ETH, repay the loan with the purchased NFT, and keep the 5 ETH profit minus fees.
  • Bundle Arbitrage: Borrow multiple NFTs from a collection, use them to fulfill a higher-priced bundle listing, sell the bundle, and repay the individual loans.
  • Platform Fee Arbitrage: Exploit differences in platform fees between marketplaces like LooksRare (2%) and X2Y2 (0.5%) when the same NFT is listed on both.

Example

A trader uses a flash loan from NFTfi to borrow a CryptoPunk. They immediately list it for sale on Sudoswap's pool at a slightly higher price than the loan's value plus fees. If the pool executes the swap, the trader receives the proceeds, repays the loan, and pockets the difference. The entire sequence is atomic; if the arbitrage fails, the transaction reverts.

Protocol Comparison

Comparison of key technical specifications for NFT flash loan protocols.

FeatureAave (v3)NFTfiArcade.xyz

Loan Currency

ETH, USDC, DAI

ETH, DAI, USDC

WETH

Max LTV Ratio

40%

30-50% (varies)

50%

Platform Fee

0.09% (flash fee)

5-10% (origination)

5% (origination)

Repayment Window

1 Ethereum block

30 days (standard)

30-90 days (flexible)

Supported Collections

ERC-721, ERC-1155

ERC-721

ERC-721, ERC-1155

Liquidation Mechanism

Automatic in same tx

Manual via lender

Manual via lender

Oracle Integration

Chainlink Price Feeds

Internal pricing model

Chainlink + internal

Implementation for Developers

Process overview for building a flash loan system using NFTs as collateral.

1

Design the Smart Contract Architecture

Define the core contracts and their interactions for the NFT-backed flash loan protocol.

Detailed Instructions

Start by outlining the contract architecture. You will need a main Pool Contract to hold the liquidity and manage loans, a separate Logic Contract to execute the flash loan logic (often using a delegatecall pattern for upgradeability), and an NFT Vault to temporarily custody the collateral. The Pool Contract should implement the IERC3156FlashLender interface for standardization. Define the data structures: a mapping to track active loans by their unique ID, including the borrower address, NFT collateral details, loan amount, and a timestamp. The fee structure must be calculated within the loan transaction, typically as a percentage of the borrowed amount (e.g., 0.09%).

  • Sub-step 1: Create the IFlashLoanReceiver interface that borrowers must implement.
  • Sub-step 2: Design the flashLoan function signature, accepting the receiver address, token address, amount, and calldata.
  • Sub-step 3: Plan the collateral verification logic, which will check the NFT's contract address and token ID.
solidity
// Example struct for loan data
struct Loan {
    address borrower;
    address nftContract;
    uint256 nftId;
    uint256 amount;
    uint256 timestamp;
}

Tip: Use a factory pattern for the NFT Vault to deploy a new vault for each unique NFT contract to isolate risk.

2

Implement Core Flash Loan Logic

Code the flashLoan function with collateral locking and callback execution.

Detailed Instructions

Implement the flashLoan function in your main pool contract. The function must follow the checks-effects-interactions pattern. First, perform pre-flight checks: verify the requested asset is whitelisted, the amount is available, and the caller has approved the NFT transfer. Then, calculate the fee (e.g., amount * 9 / 10000 for 0.09%). The critical action is transferring the NFT collateral from the borrower to the protocol's NFT Vault using safeTransferFrom. After securing collateral, transfer the loan amount to the borrower using IERC20(token).transfer(receiver, amount). Immediately call the borrower's onFlashLoan function, passing the initiator, token, amount, fee, and any calldata.

  • Sub-step 1: Use require(IERC20(token).balanceOf(address(this)) >= amount, "Insufficient liquidity");
  • Sub-step 2: Store the loan details in your mapping with a unique ID before any external calls.
  • Sub-step 3: Execute IFlashLoanReceiver(receiver).onFlashLoan(msg.sender, token, amount, fee, data);
solidity
function flashLoan(
    IERC3156FlashBorrower receiver,
    address token,
    uint256 amount,
    bytes calldata data
) external override returns (bool) {
    uint256 fee = _calculateFee(amount);
    _lockCollateral(msg.sender); // Transfers NFT to vault
    // ... rest of logic
}

Tip: The callback must return the keccak256 hash of "ERC3156FlashBorrower.onFlashLoan" for verification.

3

Handle the Borrower's Callback and Repayment

Process the callback execution and enforce repayment with the fee.

Detailed Instructions

The borrower's contract executes its arbitrage or liquidation strategy in the onFlashLoan callback. Your pool contract must verify the callback was successful and then enforce repayment. After the callback returns, your code must check that the contract's balance of the loaned token has increased by at least amount + fee. Use uint256 balanceBefore and uint256 balanceAfter for this comparison. If repayment is insufficient, the transaction must revert. Upon successful repayment, the protocol must release the locked NFT collateral back to the borrower. This is done by calling a function on the NFT Vault. Finally, emit a FlashLoan event for off-chain tracking. It's crucial that the repayment check and collateral release are atomic within the same transaction.

  • Sub-step 1: Capture balanceBefore = IERC20(token).balanceOf(address(this)) before the loan.
  • Sub-step 2: After the callback, calculate balanceAfter and require(balanceAfter >= balanceBefore + fee).
  • Sub-step 3: Call nftVault.releaseCollateral(loanId) to send the NFT back to the borrower.
solidity
// Repayment check
uint256 balanceAfter = IERC20(token).balanceOf(address(this));
require(
    balanceAfter >= balanceBefore + fee,
    "Flash loan not repaid"
);

Tip: For extra security, consider adding a deadline parameter to the loan data to prevent stale transactions.

4

Integrate NFT Valuation and Risk Parameters

Add logic to determine loan-to-value ratios and manage liquidation risks.

Detailed Instructions

Since NFTs are non-fungible, you need a reliable valuation mechanism to determine the maximum loan amount. Integrate with an oracle like Chainlink or a decentralized NFT pricing index (e.g., NFTBank). Your contract should call IOracle(nftOracle).getFloorPrice(nftContract) to get a conservative value. Define a maximum LTV (Loan-to-Value) ratio, such as 40%, for the asset class. The loan function must validate amount <= (floorPrice * maxLTV) / 100. You must also implement a liquidation engine as a fallback. If a loan is not repaid, the protocol should have permission to sell the NFT via a marketplace aggregator like Seaport. Store a liquidationThreshold timestamp (e.g., loan timestamp + 24 hours) in the loan struct.

  • Sub-step 1: Create an onlyKeeper function checkLiquidation that can be called after the threshold.
  • Sub-step 2: The liquidation function should approve and list the NFT for sale on a pre-defined marketplace.
  • Sub-step 3: Use the proceeds to cover the loan + fee + penalty, returning any surplus to the original borrower.
solidity
// Valuation and LTV check
uint256 nftValue = oracle.getFloorPrice(nftContract);
uint256 maxLoan = (nftValue * MAX_LTV) / 100; // MAX_LTV = 40
require(amount <= maxLoan, "Loan exceeds LTV limit");

Tip: Use TWAP (Time-Weighted Average Price) oracles for NFTs to mitigate price manipulation during the flash loan window.

5

Test and Deploy with Security Best Practices

Rigorously test the system and deploy with necessary security measures.

Detailed Instructions

Write comprehensive tests using Foundry or Hardhat. Simulate the entire flash loan lifecycle: successful repayment, failed repayment (revert), and liquidation scenarios. Use forked mainnet tests to interact with real NFT contracts (e.g., Bored Ape Yacht Club) and price oracles. Test edge cases like reentrancy on the NFT transfer callback (onERC721Received). After testing, subject the contracts to a professional audit. For deployment, use a proxy pattern (e.g., TransparentUpgradeableProxy) for your logic contract to allow for future fixes. Initialize the pool with whitelisted ERC-20 tokens (like WETH, USDC) and set their respective fee rates. Finally, verify all contracts on Etherscan and create a multisig or DAO for protocol parameter management (e.g., adjusting fees, LTV).

  • Sub-step 1: Write a Foundry test that calls flashLoan from a malicious contract attempting reentrancy.
  • Sub-step 2: Deploy the NFT Vault factory, Logic contract, and Pool proxy in a script.
  • Sub-step 3: Initialize the pool via the proxy, calling initialize(address owner, address wethAddress).
solidity
// Foundry test example
function testFlashLoanRepayment() public {
    vm.startPrank(borrower);
    nft.approve(address(pool), tokenId);
    pool.flashLoan(address(borrowerContract), WETH, 1 ether, "");
    vm.stopPrank();
    assertEq(nft.ownerOf(tokenId), borrower); // NFT returned
}

Tip: Use OpenZeppelin's ReentrancyGuard and SafeERC20 libraries as foundational security layers.

Risks and Considerations

Understanding the technical and financial risks is critical when engaging with flash loans, especially when NFTs are used as collateral or targets. This section details the primary vulnerabilities and operational challenges.

Smart Contract Risk

Exploit vectors are inherent in the underlying protocols. A single bug in the lending pool, price oracle, or NFT contract can lead to total loss. Attackers constantly probe for reentrancy, integer overflow, or logic errors. Users must audit the code of every contract they interact with, as there is no recourse for funds lost to a hack.

Liquidation and Slippage

Price volatility for the collateral asset during the loan's single transaction block can cause immediate failure. If an NFT's floor price drops or the DEX swap experiences high slippage, the arbitrage profit may vanish, leaving the loan undercollateralized. This results in a reverted transaction but still costs gas fees for the failed execution.

Oracle Manipulation

Price feed attacks target the oracles that determine NFT or token values. A manipulator could artificially inflate an NFT's price to borrow more than its true worth, or depress a token's price to enable a profitable arbitrage. Using decentralized oracles with multiple data sources and time-weighted averages is essential to mitigate this risk.

Front-Running and MEV

Maximal Extractable Value (MEV) bots can observe profitable flash loan transactions in the mempool and execute them first. They may also engage in sandwich attacks, worsening swap prices for the original transaction. Using private transaction relays or submitting bundles directly to validators can help, but adds complexity and cost.

Protocol Dependency

Integration risk arises from relying on multiple external protocols. A flash loan strategy may depend on a specific DEX's liquidity, an NFT marketplace's listing logic, and a lending pool's health. If any one protocol pauses withdrawals, changes fees, or suffers an outage mid-transaction, the entire atomic operation will fail, incurring gas costs.

Regulatory Uncertainty

Compliance exposure is a growing concern as regulators scrutinize DeFi. Using flash loans for complex strategies, especially those involving NFT collateralization or arbitrage, may attract regulatory attention depending on jurisdiction. The legal classification of these activities—whether as loans, derivatives, or something else—remains unclear and subject to change.

SECTION-FAQ

Frequently Asked Questions

Further Resources

Aave Flash Loans Developer Guide

Implementation details for executing flash loans on Aave, including callback flow, fee mechanics, and atomic execution constraints relevant when integrating NFTs in complex transactions

Visit resource

EIP-3156: Flash Loans Standard

Specification of the ERC-3156 flash loan interface used by multiple protocols, useful for designing composable flash loan logic that interacts with NFT-based lending systems

Visit resource

OpenZeppelin ERC721 Contracts

Reference implementation and extension points for ERC721 NFTs, relevant for understanding safe transfers, approvals, and custom hooks used in flash loan powered NFT strategies

Visit resource

BendDAO Documentation

Protocol documentation for NFT-backed lending and liquidation mechanics, helpful for studying how flash loans can be combined with NFT collateral positions

Visit resource

Ready to Start Building?

Let's bring your Web3 vision to life.

From concept to deployment, ChainScore helps you architect, build, and scale secure blockchain solutions.

Start Your ProjectView Our Work
Chat on Telegram
Chat on WhatsApp