# Protecting Against Flash Loan Attacks Flash loans have long been a source of contention for DeFi projects. [Flash loans](https://docs.aave.com/faq/flash-loans) are uncollateralized loans that are borrowed and paid back within the same block. Flash loan exploits rely on the constant product [automated market maker (AMM)](https://www.cryptoeq.io/dictionary/automatedmarketmaker) features of DEX liquidity pools, along with naive smart contract engineering on the part of the victims. There are a number of tried-and-true methods to disrupt or prevent flash loan attacks, including making sure smart contracts are not [reentrancy](https://consensys.github.io/smart-contract-best-practices/attacks/reentrancy/)-prone, adding time-locks or delays to token conversions, and, most importantly, not using DEX LPs as price oracles. Attacks using flash loans typically focus on influencing the DEX LPs that on-chain spot price oracles use to determine prices. Additionally, the use of a single price oracle, more specifically a DEX LP, makes protocols especially vulnerable to flash loan attacks. The exploiter obtains a sizable loan and uses it to influence the value of the assets in the LP before capitalizing on the price impact and quickly liquidating their position. Issues with flash loans are [nothing new.](https://www.coindesk.com/tech/2020/02/27/the-defi-flash-loan-attack-that-changed-everything/) Elephant.Money has implemented three strategies to defend against the threat of flash loan attacks. * Implemented a TWAP Oracle * Implemented a 3-block delay in the minting process * implemented a queued redemption system with limits on how much can be redeemed daily --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.elephant.money/security/protecting-against-flash-loan-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.