Building a Flash Loan Arbitrage Bot
Complete guide to building flash loan arbitrage bots on Ethereum. Learn Aave integration, DEX price monitoring, smart contract development, and automated profit extraction strategies.
Gönderim Güncelleme 
Flash Loan Arbitrage Bot Architecture Diagram
Yazan Furkan Köykıran
28 dakikada okunabilir
Building a Flash Loan Arbitrage Bot
Introduction
Flash loans represent one of the most innovative and powerful features in decentralized finance (DeFi). Unlike traditional loans that require collateral and take days to process, flash loans allow you to borrow millions of dollars worth of cryptocurrency with zero collateral—as long as you return it within the same blockchain transaction. This unique mechanism has opened up unprecedented opportunities for arbitrage trading in the DeFi ecosystem.
In this comprehensive guide, we’ll build a fully functional flash loan arbitrage bot using Aave protocol, one of the leading DeFi lending platforms. You’ll learn how to identify profitable arbitrage opportunities across different decentralized exchanges (DEXs), execute flash loans programmatically, handle slippage and fees, and deploy your bot to capture risk-free profits.
By the end of this tutorial, you’ll understand:
- The mechanics of flash loans and how they work at the smart contract level
- How to identify and calculate arbitrage opportunities in real-time
- Building a complete flash loan arbitrage bot from scratch
- Deploying and testing your bot on Ethereum mainnet
- Risk management and security best practices
What Are Flash Loans?
Flash loans are uncollateralized loans that must be borrowed and repaid within a single atomic transaction. If the loan cannot be repaid by the end of the transaction, the entire transaction is reverted, as if it never happened. This eliminates the risk of default for the lender.
Key Characteristics
No Collateral Required: Traditional loans require you to lock up collateral (often 150% or more of the loan value). Flash loans require zero collateral, making them accessible to anyone with the technical knowledge to use them.
Instant Execution: The entire process—borrowing, executing your strategy, and repaying—happens within a single Ethereum transaction, typically in 10-15 seconds.
Atomic Transactions: Either the entire transaction succeeds (loan borrowed, strategy executed, loan repaid), or it completely fails with no consequences. This “all or nothing” approach provides built-in safety.
Cost-Effective: Flash loan fees are typically very low (0.09% on Aave), making them economically viable even for small arbitrage opportunities.
How Flash Loans Enable Arbitrage
Arbitrage is the practice of exploiting price differences of the same asset across different markets. In traditional finance, arbitrage requires significant capital. Flash loans democratize this by allowing anyone to:
- Borrow large amounts of cryptocurrency instantly
- Execute trades across multiple DEXs to profit from price differences
- Repay the loan plus a small fee
- Keep the profit
Figure 1: Complete flash loan transaction workflow showing borrow, execute, and repay cycle
Understanding Aave Flash Loans
Aave is one of the most popular DeFi protocols offering flash loan functionality. It provides a robust, battle-tested infrastructure for flash loan operations.
Aave Flash Loan Architecture
Aave’s flash loan system consists of several key components:
Lending Pool: The core contract that holds deposited assets and handles flash loan requests. When you request a flash loan, funds are transferred from the pool to your contract.
Flash Loan Receiver: Your custom smart contract must inherit from IFlashLoanReceiver and implement the executeOperation function where your arbitrage logic resides.
Flash Loan Premium: Aave charges a 0.09% fee on flash loan amounts. This fee is deducted automatically when you repay the loan.
The Flash Loan Flow
// Step 1: Your contract requests a flash loan
lendingPool.flashLoan(
receiverAddress, // Your contract that receives the loan
assets, // Array of token addresses to borrow
amounts, // Array of amounts to borrow
modes, // Interest rate modes (0 for no debt)
onBehalfOf, // Address receiving the debt (unused for flash loans)
params, // Custom parameters for your strategy
referralCode // Referral code (usually 0)
);
// Step 2: Aave transfers tokens to your contract
// Step 3: Aave calls executeOperation on your contract
function executeOperation(
address[] calldata assets,
uint256[] calldata amounts,
uint256[] calldata premiums,
address initiator,
bytes calldata params
) external override returns (bool) {
// YOUR ARBITRAGE LOGIC GOES HERE
// Step 4: Approve Aave to take back loan + premium
// Step 5: Return true to confirm success
}
// Step 6: Aave automatically takes repayment from your contract
Figure 2: Technical architecture showing flash loan execution flow and security considerations
Setting Up the Development Environment
Before we start coding, let’s set up our development environment with all necessary tools and dependencies.
Prerequisites
Use Node.js version 16 or higher for best compatibility with Hardhat and ethers.js libraries.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Install Node.js and npm (v16 or higher)
node --version
npm --version
# Install Hardhat - Ethereum development environment
npm install --save-dev hardhat
# Initialize Hardhat project
npx hardhat
# Install required dependencies
npm install --save-dev @nomiclabs/hardhat-ethers ethers
npm install --save-dev @nomiclabs/hardhat-waffle ethereum-waffle chai
npm install --save-dev @openzeppelin/contracts
npm install dotenv
npm install web3
Project Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
flash-loan-arbitrage-bot/
├── contracts/
│ ├── FlashLoanArbitrage.sol # Main arbitrage contract
│ └── interfaces/
│ ├── ILendingPool.sol
│ ├── IUniswapV2Router.sol
│ └── IERC20.sol
├── scripts/
│ ├── deploy.js # Deployment script
│ └── execute-arbitrage.js # Execution script
├── test/
│ └── FlashLoanArbitrage.test.js
├── hardhat.config.js
├── .env
└── package.json
Configuration
Create a .env file in your project root:
1
2
3
4
5
6
7
8
9
10
ALCHEMY_API_KEY=your_alchemy_api_key
PRIVATE_KEY=your_wallet_private_key
ETHERSCAN_API_KEY=your_etherscan_api_key
# Contract addresses (Ethereum Mainnet)
AAVE_LENDING_POOL=0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9
UNISWAP_V2_ROUTER=0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D
SUSHISWAP_ROUTER=0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F
WETH_ADDRESS=0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
DAI_ADDRESS=0x6B175474E89094C44Da98b954EedeAC495271d0F
Never commit your private keys to version control! Add .env to your .gitignore file.
Configure hardhat.config.js:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
require("@nomiclabs/hardhat-waffle");
require("@nomiclabs/hardhat-ethers");
require("dotenv").config();
module.exports = {
solidity: {
version: "0.8.10",
settings: {
optimizer: {
enabled: true,
runs: 200
}
}
},
networks: {
hardhat: {
forking: {
url: `https://eth-mainnet.alchemyapi.io/v2/${process.env.ALCHEMY_API_KEY}`,
blockNumber: 14500000 // Pin to specific block for consistent testing
}
},
mainnet: {
url: `https://eth-mainnet.alchemyapi.io/v2/${process.env.ALCHEMY_API_KEY}`,
accounts: [`0x${process.env.PRIVATE_KEY}`],
gasPrice: 30000000000 // 30 gwei
}
},
etherscan: {
apiKey: process.env.ETHERSCAN_API_KEY
}
};
Building the Flash Loan Smart Contract
Now let’s build the core smart contract that will execute our flash loan arbitrage strategy.
Complete Flash Loan Arbitrage Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
/**
* @title FlashLoanArbitrage
* @dev Executes arbitrage opportunities using Aave flash loans
*/
contract FlashLoanArbitrage is Ownable {
// Aave Lending Pool interface
interface ILendingPool {
function flashLoan(
address receiverAddress,
address[] calldata assets,
uint256[] calldata amounts,
uint256[] calldata modes,
address onBehalfOf,
bytes calldata params,
uint16 referralCode
) external;
}
// Uniswap V2 Router interface
interface IUniswapV2Router {
function swapExactTokensForTokens(
uint amountIn,
uint amountOutMin,
address[] calldata path,
address to,
uint deadline
) external returns (uint[] memory amounts);
function getAmountsOut(
uint amountIn,
address[] calldata path
) external view returns (uint[] memory amounts);
}
// Contract addresses
address private constant AAVE_LENDING_POOL = 0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9;
address private constant UNISWAP_ROUTER = 0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D;
address private constant SUSHISWAP_ROUTER = 0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F;
// Events for tracking
event ArbitrageExecuted(
address indexed token,
uint256 borrowed,
uint256 profit
);
event FlashLoanReceived(
address indexed asset,
uint256 amount,
uint256 premium
);
/**
* @dev Initiates a flash loan arbitrage
* @param asset Token address to borrow
* @param amount Amount to borrow
* @param dex1 First DEX router address
* @param dex2 Second DEX router address
*/
function executeArbitrage(
address asset,
uint256 amount,
address dex1,
address dex2
) external onlyOwner {
// Prepare flash loan parameters
address[] memory assets = new address[](1);
assets[0] = asset;
uint256[] memory amounts = new uint256[](1);
amounts[0] = amount;
uint256[] memory modes = new uint256[](1);
modes[0] = 0; // 0 = no debt, flash loan must be repaid in same transaction
// Encode DEX addresses for executeOperation
bytes memory params = abi.encode(dex1, dex2);
// Request flash loan from Aave
ILendingPool(AAVE_LENDING_POOL).flashLoan(
address(this),
assets,
amounts,
modes,
address(this),
params,
0 // referral code
);
}
/**
* @dev Called by Aave Lending Pool after receiving flash loan
* This is where the arbitrage logic executes
*/
function executeOperation(
address[] calldata assets,
uint256[] calldata amounts,
uint256[] calldata premiums,
address initiator,
bytes calldata params
) external returns (bool) {
require(
msg.sender == AAVE_LENDING_POOL,
"Caller must be Aave Lending Pool"
);
require(
initiator == address(this),
"Initiator must be this contract"
);
// Decode parameters
(address dex1, address dex2) = abi.decode(params, (address, address));
address asset = assets[0];
uint256 amount = amounts[0];
uint256 premium = premiums[0];
emit FlashLoanReceived(asset, amount, premium);
// Execute arbitrage strategy
uint256 profit = _executeArbitrageStrategy(
asset,
amount,
dex1,
dex2
);
// Calculate total amount to repay (loan + premium)
uint256 amountOwed = amount + premium;
require(profit > 0, "Arbitrage not profitable");
require(
IERC20(asset).balanceOf(address(this)) >= amountOwed,
"Insufficient balance to repay flash loan"
);
// Approve Aave to take back the loan + premium
IERC20(asset).approve(AAVE_LENDING_POOL, amountOwed);
emit ArbitrageExecuted(asset, amount, profit);
return true;
}
/**
* @dev Internal function to execute the arbitrage strategy
* Buys on DEX1 and sells on DEX2 if profitable
*/
function _executeArbitrageStrategy(
address asset,
uint256 amount,
address dex1,
address dex2
) internal returns (uint256) {
uint256 initialBalance = IERC20(asset).balanceOf(address(this));
// Prepare swap path (assuming asset <-> WETH pairs exist)
address WETH = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
address[] memory path = new address[](2);
path[0] = asset;
path[1] = WETH;
// Step 1: Sell on DEX1 (asset -> WETH)
IERC20(asset).approve(dex1, amount);
uint256[] memory amountsOut1 = IUniswapV2Router(dex1).swapExactTokensForTokens(
amount,
0, // We'll calculate minimum after checking profitability off-chain
path,
address(this),
block.timestamp + 300 // 5 minutes deadline
);
uint256 wethReceived = amountsOut1[1];
// Step 2: Buy on DEX2 (WETH -> asset)
path[0] = WETH;
path[1] = asset;
IERC20(WETH).approve(dex2, wethReceived);
IUniswapV2Router(dex2).swapExactTokensForTokens(
wethReceived,
amount, // Must get at least what we borrowed + premium
path,
address(this),
block.timestamp + 300
);
uint256 finalBalance = IERC20(asset).balanceOf(address(this));
// Calculate profit (should be positive if arbitrage succeeded)
return finalBalance > initialBalance ? finalBalance - initialBalance : 0;
}
/**
* @dev Check if arbitrage is profitable before executing
* Call this off-chain to avoid wasting gas
*/
function checkProfitability(
address asset,
uint256 amount,
address dex1,
address dex2
) external view returns (bool isProfitable, uint256 estimatedProfit) {
address WETH = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
// Simulate DEX1 swap (asset -> WETH)
address[] memory path1 = new address[](2);
path1[0] = asset;
path1[1] = WETH;
uint256[] memory amounts1 = IUniswapV2Router(dex1).getAmountsOut(
amount,
path1
);
uint256 wethReceived = amounts1[1];
// Simulate DEX2 swap (WETH -> asset)
address[] memory path2 = new address[](2);
path2[0] = WETH;
path2[1] = asset;
uint256[] memory amounts2 = IUniswapV2Router(dex2).getAmountsOut(
wethReceived,
path2
);
uint256 assetReceived = amounts2[1];
// Calculate Aave flash loan premium (0.09%)
uint256 premium = (amount * 9) / 10000;
uint256 totalCost = amount + premium;
// Check if profitable
if (assetReceived > totalCost) {
return (true, assetReceived - totalCost);
}
return (false, 0);
}
/**
* @dev Withdraw profits to owner
*/
function withdrawToken(address token) external onlyOwner {
uint256 balance = IERC20(token).balanceOf(address(this));
require(balance > 0, "No balance to withdraw");
IERC20(token).transfer(owner(), balance);
}
/**
* @dev Withdraw ETH to owner
*/
function withdrawETH() external onlyOwner {
uint256 balance = address(this).balance;
require(balance > 0, "No ETH to withdraw");
payable(owner()).transfer(balance);
}
// Allow contract to receive ETH
receive() external payable {}
}
Key Contract Features
This contract uses OpenZeppelin’s audited libraries for enhanced security and reliability.
Security First: The contract uses OpenZeppelin’s Ownable for access control, ensuring only the owner can initiate arbitrage operations.
Profitability Check: The checkProfitability function allows you to simulate the entire arbitrage off-chain before spending gas, preventing failed transactions.
Flexible DEX Support: The contract accepts any Uniswap V2-compatible DEX router, making it work with Uniswap, SushiSwap, PancakeSwap, and others.
Event Logging: Comprehensive events enable easy tracking and monitoring of arbitrage executions.
Identifying Arbitrage Opportunities
The smart contract handles execution, but we need a bot to constantly monitor prices and identify profitable opportunities.
Building the Opportunity Scanner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
// scripts/arbitrage-scanner.js
const { ethers } = require("ethers");
const dotenv = require("dotenv");
dotenv.config();
// Initialize provider
const provider = new ethers.providers.AlchemyProvider(
"homestead",
process.env.ALCHEMY_API_KEY
);
// Contract addresses
const UNISWAP_ROUTER = "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D";
const SUSHISWAP_ROUTER = "0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F";
const WETH = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
// Popular tokens to monitor
const TOKENS = [
{
symbol: "DAI",
address: "0x6B175474E89094C44Da98b954EedeAC495271d0F"
},
{
symbol: "USDC",
address: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
},
{
symbol: "USDT",
address: "0xdAC17F958D2ee523a2206206994597C13D831ec7"
},
{
symbol: "LINK",
address: "0x514910771AF9Ca656af840dff83E8264EcF986CA"
},
{
symbol: "UNI",
address: "0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984"
}
];
// Uniswap V2 Router ABI (minimal)
const ROUTER_ABI = [
"function getAmountsOut(uint amountIn, address[] memory path) public view returns (uint[] memory amounts)"
];
/**
* Get price quote from a DEX
*/
async function getPrice(routerAddress, amountIn, tokenIn, tokenOut) {
try {
const router = new ethers.Contract(routerAddress, ROUTER_ABI, provider);
const path = [tokenIn, tokenOut];
const amounts = await router.getAmountsOut(amountIn, path);
return amounts[1];
} catch (error) {
console.error(`Error getting price: ${error.message}`);
return null;
}
}
/**
* Calculate potential profit for an arbitrage opportunity
*/
async function calculateArbitrageProfit(token, borrowAmount) {
const tokenAddress = token.address;
// Get price on Uniswap (buy here)
const uniswapPrice = await getPrice(
UNISWAP_ROUTER,
borrowAmount,
tokenAddress,
WETH
);
if (!uniswapPrice) return null;
// Get reverse price on SushiSwap (sell here)
const sushiswapPrice = await getPrice(
SUSHISWAP_ROUTER,
uniswapPrice,
WETH,
tokenAddress
);
if (!sushiswapPrice) return null;
// Calculate flash loan fee (0.09% on Aave)
const flashLoanFee = borrowAmount.mul(9).div(10000);
const totalCost = borrowAmount.add(flashLoanFee);
// Calculate profit
const profit = sushiswapPrice.sub(totalCost);
const profitPercentage = profit.mul(10000).div(borrowAmount);
return {
tokenSymbol: token.symbol,
tokenAddress: tokenAddress,
borrowAmount: ethers.utils.formatUnits(borrowAmount, 18),
profit: ethers.utils.formatUnits(profit, 18),
profitPercentage: profitPercentage.toNumber() / 100,
isProfitable: profit.gt(0)
};
}
/**
* Scan for arbitrage opportunities across all tokens
*/
async function scanForOpportunities() {
console.log("\n🔍 Scanning for arbitrage opportunities...\n");
const opportunities = [];
// Test different borrow amounts
const borrowAmounts = [
ethers.utils.parseEther("1000"), // $1,000
ethers.utils.parseEther("5000"), // $5,000
ethers.utils.parseEther("10000"), // $10,000
ethers.utils.parseEther("50000") // $50,000
];
for (const token of TOKENS) {
for (const borrowAmount of borrowAmounts) {
const result = await calculateArbitrageProfit(token, borrowAmount);
if (result && result.isProfitable) {
console.log(`✅ OPPORTUNITY FOUND!`);
console.log(` Token: ${result.tokenSymbol}`);
console.log(` Borrow: ${result.borrowAmount} ${result.tokenSymbol}`);
console.log(` Profit: ${result.profit} ${result.tokenSymbol}`);
console.log(` ROI: ${result.profitPercentage.toFixed(2)}%\n`);
opportunities.push(result);
}
}
}
if (opportunities.length === 0) {
console.log("❌ No profitable opportunities found at this time.\n");
}
return opportunities;
}
/**
* Monitor prices continuously
*/
async function monitorPrices() {
console.log("🤖 Flash Loan Arbitrage Bot Started");
console.log("📊 Monitoring DEX prices for arbitrage opportunities...\n");
// Scan every 30 seconds
setInterval(async () => {
try {
await scanForOpportunities();
} catch (error) {
console.error(`Error in monitoring: ${error.message}`);
}
}, 30000);
// Run initial scan
await scanForOpportunities();
}
// Start monitoring
if (require.main === module) {
monitorPrices().catch(console.error);
}
module.exports = { scanForOpportunities, calculateArbitrageProfit };
Figure 3: Cross-exchange arbitrage strategy showing price differences and execution flow
Executing Arbitrage Operations
Once we’ve identified a profitable opportunity, we need to execute it quickly and efficiently.
Deployment Script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// scripts/deploy.js
const hre = require("hardhat");
async function main() {
console.log("🚀 Deploying FlashLoanArbitrage contract...");
const FlashLoanArbitrage = await hre.ethers.getContractFactory("FlashLoanArbitrage");
const flashLoanArbitrage = await FlashLoanArbitrage.deploy();
await flashLoanArbitrage.deployed();
console.log(`✅ Contract deployed to: ${flashLoanArbitrage.address}`);
console.log(`📝 Save this address to your .env file\n`);
// Verify on Etherscan
if (hre.network.name !== "hardhat") {
console.log("⏳ Waiting for block confirmations...");
await flashLoanArbitrage.deployTransaction.wait(6);
console.log("🔍 Verifying contract on Etherscan...");
await hre.run("verify:verify", {
address: flashLoanArbitrage.address,
constructorArguments: []
});
}
}
main()
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});
Execution Script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// scripts/execute-arbitrage.js
const { ethers } = require("hardhat");
const dotenv = require("dotenv");
dotenv.config();
// Contract addresses
const FLASH_LOAN_ARBITRAGE = process.env.FLASH_LOAN_ARBITRAGE_ADDRESS;
const UNISWAP_ROUTER = "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D";
const SUSHISWAP_ROUTER = "0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F";
async function executeArbitrage(tokenAddress, borrowAmount) {
console.log("🎯 Executing Flash Loan Arbitrage...\n");
// Get signer
const [signer] = await ethers.getSigners();
console.log(`👤 Using account: ${signer.address}`);
// Get contract instance
const flashLoanArbitrage = await ethers.getContractAt(
"FlashLoanArbitrage",
FLASH_LOAN_ARBITRAGE,
signer
);
// Check profitability first
console.log("📊 Checking profitability...");
const [isProfitable, estimatedProfit] = await flashLoanArbitrage.checkProfitability(
tokenAddress,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER
);
if (!isProfitable) {
console.log("❌ Arbitrage is not profitable. Aborting.");
return;
}
console.log(`✅ Expected profit: ${ethers.utils.formatUnits(estimatedProfit, 18)} tokens`);
console.log("\n⏳ Executing arbitrage transaction...");
// Execute arbitrage
const tx = await flashLoanArbitrage.executeArbitrage(
tokenAddress,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER,
{
gasLimit: 3000000 // Set appropriate gas limit
}
);
console.log(`📝 Transaction hash: ${tx.hash}`);
console.log("⏳ Waiting for confirmation...");
const receipt = await tx.wait();
console.log(`✅ Transaction confirmed in block ${receipt.blockNumber}`);
console.log(`⛽ Gas used: ${receipt.gasUsed.toString()}`);
// Parse events
const arbitrageEvent = receipt.events?.find(e => e.event === "ArbitrageExecuted");
if (arbitrageEvent) {
const profit = arbitrageEvent.args.profit;
console.log(`💰 Actual profit: ${ethers.utils.formatUnits(profit, 18)} tokens`);
}
console.log("\n🎉 Arbitrage executed successfully!");
}
// Example usage
async function main() {
const DAI_ADDRESS = "0x6B175474E89094C44Da98b954EedeAC495271d0F";
const BORROW_AMOUNT = ethers.utils.parseEther("10000"); // 10,000 DAI
await executeArbitrage(DAI_ADDRESS, BORROW_AMOUNT);
}
if (require.main === module) {
main()
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});
}
module.exports = { executeArbitrage };
Testing the Bot
Thorough testing is crucial before deploying real funds. Hardhat’s mainnet forking feature allows us to test against real market conditions without risking actual money.
Comprehensive Test Suite
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// test/FlashLoanArbitrage.test.js
const { expect } = require("chai");
const { ethers } = require("hardhat");
describe("FlashLoanArbitrage", function () {
let flashLoanArbitrage;
let owner;
let addr1;
const DAI_ADDRESS = "0x6B175474E89094C44Da98b954EedeAC495271d0F";
const WETH_ADDRESS = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
const UNISWAP_ROUTER = "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D";
const SUSHISWAP_ROUTER = "0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F";
before(async function () {
[owner, addr1] = await ethers.getSigners();
// Deploy contract
const FlashLoanArbitrage = await ethers.getContractFactory("FlashLoanArbitrage");
flashLoanArbitrage = await FlashLoanArbitrage.deploy();
await flashLoanArbitrage.deployed();
console.log(`Contract deployed at: ${flashLoanArbitrage.address}`);
});
describe("Deployment", function () {
it("Should set the right owner", async function () {
expect(await flashLoanArbitrage.owner()).to.equal(owner.address);
});
});
describe("Profitability Check", function () {
it("Should check profitability without executing", async function () {
const borrowAmount = ethers.utils.parseEther("1000");
const [isProfitable, estimatedProfit] = await flashLoanArbitrage.checkProfitability(
DAI_ADDRESS,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER
);
console.log(`Is profitable: ${isProfitable}`);
console.log(`Estimated profit: ${ethers.utils.formatEther(estimatedProfit)} DAI`);
expect(estimatedProfit).to.be.a("BigNumber");
});
});
describe("Flash Loan Execution", function () {
it("Should execute flash loan arbitrage if profitable", async function () {
this.timeout(120000); // 2 minutes timeout for mainnet fork
const borrowAmount = ethers.utils.parseEther("10000");
// Check profitability first
const [isProfitable] = await flashLoanArbitrage.checkProfitability(
DAI_ADDRESS,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER
);
if (!isProfitable) {
console.log("Skipping test - not profitable at current prices");
this.skip();
}
// Execute arbitrage
const tx = await flashLoanArbitrage.executeArbitrage(
DAI_ADDRESS,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER,
{
gasLimit: 3000000
}
);
const receipt = await tx.wait();
// Check for ArbitrageExecuted event
const event = receipt.events?.find(e => e.event === "ArbitrageExecuted");
expect(event).to.not.be.undefined;
console.log(`Profit: ${ethers.utils.formatEther(event.args.profit)} DAI`);
});
it("Should revert if caller is not owner", async function () {
const borrowAmount = ethers.utils.parseEther("1000");
await expect(
flashLoanArbitrage.connect(addr1).executeArbitrage(
DAI_ADDRESS,
borrowAmount,
UNISWAP_ROUTER,
SUSHISWAP_ROUTER
)
).to.be.revertedWith("Ownable: caller is not the owner");
});
});
describe("Withdrawals", function () {
it("Should allow owner to withdraw tokens", async function () {
// Assume contract has some DAI balance from previous arbitrage
const daiContract = await ethers.getContractAt("IERC20", DAI_ADDRESS);
const initialBalance = await daiContract.balanceOf(owner.address);
await flashLoanArbitrage.withdrawToken(DAI_ADDRESS);
const finalBalance = await daiContract.balanceOf(owner.address);
expect(finalBalance).to.be.gte(initialBalance);
});
});
});
Running Tests
1
2
3
4
5
6
7
8
9
10
11
# Run tests on Hardhat network (forked from mainnet)
npx hardhat test
# Run specific test file
npx hardhat test test/FlashLoanArbitrage.test.js
# Run with gas reporting
REPORT_GAS=true npx hardhat test
# Run tests with console logs
npx hardhat test --logs
Always test on a forked mainnet before deploying real funds to catch potential issues with actual DEX liquidity.
Handling Slippage and Fees
One of the biggest challenges in arbitrage is accounting for slippage and transaction fees that can quickly eat into profits.
Slippage protection is critical! Even small price movements during transaction execution can turn profitable trades into losses.
Calculating Minimum Output Amounts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/**
* Calculate minimum output amount with slippage tolerance
*/
function calculateMinOutput(expectedOutput, slippageTolerance = 0.5) {
// slippageTolerance in percentage (e.g., 0.5 = 0.5%)
const slippageMultiplier = 1 - (slippageTolerance / 100);
return expectedOutput.mul(Math.floor(slippageMultiplier * 10000)).div(10000);
}
// Example usage in executeArbitrage
async function executeWithSlippageProtection(tokenAddress, borrowAmount) {
const [isProfitable, estimatedProfit] = await contract.checkProfitability(
tokenAddress,
borrowAmount,
DEX1,
DEX2
);
// Only execute if profit is above threshold (covers gas + fees + safety margin)
const GAS_COST = ethers.utils.parseEther("0.05"); // ~$50 in token
const SAFETY_MARGIN = ethers.utils.parseEther("0.1"); // Extra buffer
const MIN_PROFIT = GAS_COST.add(SAFETY_MARGIN);
if (estimatedProfit.lt(MIN_PROFIT)) {
console.log("Profit too small after accounting for gas and fees");
return;
}
// Execute with higher gas price for faster inclusion
const tx = await contract.executeArbitrage(
tokenAddress,
borrowAmount,
DEX1,
DEX2,
{
gasLimit: 3000000,
gasPrice: ethers.utils.parseUnits("50", "gwei") // Fast confirmation
}
);
await tx.wait();
}
Fee Breakdown
Understanding all fees involved is critical for profitability:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
function calculateTotalFees(borrowAmount, gasPrice) {
// 1. Aave flash loan fee: 0.09%
const flashLoanFee = borrowAmount.mul(9).div(10000);
// 2. DEX swap fees: 0.3% per swap (Uniswap/SushiSwap)
const swap1Fee = borrowAmount.mul(30).div(10000);
const swap2Fee = borrowAmount.mul(30).div(10000);
// 3. Gas costs (estimate: 500,000 gas)
const gasLimit = 500000;
const gasCostWei = gasPrice.mul(gasLimit);
// Convert gas cost to token amount (rough estimate)
const ethPrice = 2000; // $2000 per ETH
const tokenPrice = 1; // Assuming stablecoin
const gasCostInToken = gasCostWei
.mul(ethPrice)
.div(tokenPrice)
.div(ethers.utils.parseEther("1"));
const totalFees = flashLoanFee
.add(swap1Fee)
.add(swap2Fee)
.add(gasCostInToken);
return {
flashLoanFee,
swap1Fee,
swap2Fee,
gasCost: gasCostInToken,
totalFees
};
}
Advanced Strategies and Optimizations
Multi-Hop Arbitrage
Instead of simple two-DEX arbitrage, you can implement multi-hop strategies:
// Multi-hop arbitrage: DAI -> WETH -> USDC -> DAI
function executeMultiHopArbitrage(
uint256 amount,
address[] calldata dexRouters,
address[] calldata tokens
) internal returns (uint256) {
require(tokens.length >= 2, "Need at least 2 tokens");
require(dexRouters.length == tokens.length - 1, "Mismatched DEX count");
uint256 currentAmount = amount;
// Execute swaps sequentially
for (uint i = 0; i < dexRouters.length; i++) {
address[] memory path = new address[](2);
path[0] = tokens[i];
path[1] = tokens[i + 1];
IERC20(tokens[i]).approve(dexRouters[i], currentAmount);
uint256[] memory amounts = IUniswapV2Router(dexRouters[i])
.swapExactTokensForTokens(
currentAmount,
0,
path,
address(this),
block.timestamp + 300
);
currentAmount = amounts[1];
}
return currentAmount;
}
Gas Optimization Techniques
// Use unchecked blocks for gas savings where overflow is impossible
function optimizedCalculation(uint256 a, uint256 b) internal pure returns (uint256) {
unchecked {
// Safe because we check conditions beforehand
return a + b;
}
}
// Pack variables to save storage
struct ArbitrageParams {
address token; // 20 bytes
uint96 amount; // 12 bytes - total 32 bytes (1 slot)
address dex1; // 20 bytes
address dex2; // 20 bytes - need 2 more slots
uint16 minProfit; // 2 bytes
// Total: 3 storage slots instead of 5
}
MEV Protection
Protect your transactions from front-running:
Without MEV protection, your profitable trades can be front-run by bots, resulting in losses. Always use Flashbots or similar services for production.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// Use Flashbots RPC to send private transactions
const { FlashbotsBundleProvider } = require("@flashbots/ethers-provider-bundle");
async function sendPrivateTransaction(tx) {
const flashbotsProvider = await FlashbotsBundleProvider.create(
provider,
authSigner,
"https://relay.flashbots.net"
);
const signedBundle = await flashbotsProvider.signBundle([
{
signer: wallet,
transaction: tx
}
]);
const simulation = await flashbotsProvider.simulate(
signedBundle,
targetBlockNumber
);
if ("error" in simulation) {
console.error("Simulation error:", simulation.error);
return;
}
const bundleSubmission = await flashbotsProvider.sendRawBundle(
signedBundle,
targetBlockNumber
);
return bundleSubmission;
}
Risk Management and Best Practices
Common Pitfalls to Avoid
1. Insufficient Slippage Protection
Never set minimum output to 0! This allows your transaction to be sandwich attacked with 100% slippage.
1
2
3
4
5
6
// Bad: No slippage protection
swapExactTokensForTokens(amount, 0, path, to, deadline);
// ✅ Good: Set minimum output based on market conditions
const minOutput = calculateMinOutput(expectedAmount, 0.5); // 0.5% slippage
swapExactTokensForTokens(amount, minOutput, path, to, deadline);
2. Ignoring Gas Costs
Gas costs can easily exceed profits on small arbitrage opportunities. Always calculate break-even thresholds.
1
2
3
4
5
6
7
8
// Always check if profit > gas costs
const estimatedGasCost = gasPrice.mul(gasLimit);
const estimatedGasCostInUSD = estimatedGasCost.mul(ethPriceUSD).div(1e18);
if (profitUSD.lt(estimatedGasCostInUSD.mul(2))) {
console.log("Profit doesn't justify gas costs");
return;
}
3. Not Handling Reverts Gracefully
1
2
3
4
5
6
7
8
9
10
11
// Wrap execution in try-catch
try {
const tx = await contract.executeArbitrage(...);
await tx.wait();
} catch (error) {
if (error.code === "UNPREDICTABLE_GAS_LIMIT") {
console.log("Transaction would fail - aborting");
} else {
console.error("Unexpected error:", error);
}
}
Security Checklist
- ✅ Test on testnet first before using real funds
- ✅ Start with small amounts to verify profitability
- ✅ Monitor gas prices - high gas can eliminate profits
- ✅ Set maximum gas price - don’t overpay
- ✅ Implement circuit breakers - pause if losing money
- ✅ Use time locks - prevent rapid-fire failed transactions
- ✅ Monitor contract balance - withdraw profits regularly
- ✅ Keep private keys secure - use hardware wallets for production
- ✅ Audit smart contracts - get professional security review
- ✅ Have emergency shutdown - ability to pause operations
Monitoring and Alerting
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
// Set up monitoring for key metrics
const { Webhook } = require("discord-webhook-node");
const webhook = new Webhook(process.env.DISCORD_WEBHOOK_URL);
async function monitorBotHealth() {
const contractBalance = await provider.getBalance(CONTRACT_ADDRESS);
const gasPrice = await provider.getGasPrice();
// Alert if contract balance is low
if (contractBalance.lt(ethers.utils.parseEther("0.1"))) {
await webhook.send("⚠️ Contract balance low! Please top up.");
}
// Alert if gas prices are too high
if (gasPrice.gt(ethers.utils.parseUnits("100", "gwei"))) {
await webhook.send("⚠️ Gas prices are high! Consider pausing operations.");
}
}
// Run health check every 5 minutes
setInterval(monitorBotHealth, 5 * 60 * 1000);
Deployment to Production
Pre-Deployment Checklist
Complete all testing steps before deploying to mainnet. Skipping steps can result in loss of funds.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 1. Audit your smart contract
npm install -g mythril
myth analyze contracts/FlashLoanArbitrage.sol
# 2. Run comprehensive tests
npx hardhat test
# 3. Deploy to testnet first
npx hardhat run scripts/deploy.js --network goerli
# 4. Verify contract on Etherscan
npx hardhat verify --network goerli DEPLOYED_ADDRESS
# 5. Test with small amounts on testnet
# 6. Deploy to mainnet
npx hardhat run scripts/deploy.js --network mainnet
# 7. Verify on mainnet
npx hardhat verify --network mainnet DEPLOYED_ADDRESS
Production Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
// production-config.js
module.exports = {
// Minimum profit threshold (in USD)
MIN_PROFIT_USD: 10,
// Maximum gas price willing to pay (in gwei)
MAX_GAS_PRICE: 80,
// Slippage tolerance (in percentage)
SLIPPAGE_TOLERANCE: 0.5,
// Scan interval (in milliseconds)
SCAN_INTERVAL: 15000, // 15 seconds
// Maximum consecutive failures before pause
MAX_CONSECUTIVE_FAILURES: 3,
// Cool-down period after failure (in milliseconds)
COOLDOWN_PERIOD: 60000, // 1 minute
// Tokens to monitor
MONITORED_TOKENS: [
"DAI",
"USDC",
"USDT",
"WBTC",
"LINK"
],
// DEX routers to compare
DEX_ROUTERS: {
"Uniswap": "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D",
"SushiSwap": "0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F",
"Balancer": "0xBA12222222228d8Ba445958a75a0704d566BF2C8"
}
};
Conclusion
Building a flash loan arbitrage bot is an advanced DeFi project that combines smart contract development, market analysis, and automated trading strategies. Throughout this guide, we’ve covered:
- Flash Loan Fundamentals: Understanding how uncollateralized loans work and why they’re revolutionary for DeFi arbitrage
- Smart Contract Development: Building a secure, gas-optimized contract that integrates with Aave and multiple DEXs
- Opportunity Detection: Creating scanning scripts that monitor prices and identify profitable arbitrage in real-time
- Execution Strategies: Implementing slippage protection, fee calculations, and MEV resistance
- Risk Management: Avoiding common pitfalls and implementing security best practices
- Production Deployment: Taking your bot from testing to live trading safely
Key Takeaways
Start Small: Begin with testnet deployment and small trades. Flash loan arbitrage can be profitable, but market conditions change rapidly. Test thoroughly before committing significant capital.
Monitor Constantly: Successful arbitrage requires constant monitoring. Gas prices, liquidity, and price differentials can change within seconds. Automated monitoring and alerting are essential.
Calculate All Costs: Flash loan fees (0.09%), DEX swap fees (0.3% per swap), and gas costs add up quickly. Your profit must exceed these costs significantly to be worthwhile.
Security First: Smart contracts holding funds are prime targets for attackers. Get your code audited, use battle-tested patterns, and implement emergency shutdown mechanisms.
Stay Updated: The DeFi landscape evolves rapidly. New protocols, better DEXs, and changed fee structures mean you need to continuously optimize your strategies.
Next Steps
To take your flash loan arbitrage bot further:
- Expand DEX Coverage: Add support for more DEXs like Curve, Balancer, and layer-2 solutions
- Implement Triangular Arbitrage: Look for opportunities across three or more assets
- Add Cross-Chain Arbitrage: Explore opportunities across different blockchains
- Optimize for MEV: Integrate with Flashbots or similar services to protect against front-running
- Machine Learning: Use ML models to predict profitable opportunities before they occur
Resources
- Aave Flash Loan Documentation
- Uniswap V2 Documentation
- Hardhat Documentation
- OpenZeppelin Contracts
- Flashbots Documentation
- DeFi Security Best Practices
Flash loan arbitrage represents the cutting edge of DeFi innovation, democratizing access to trading strategies that were once only available to well-capitalized institutions. With the knowledge from this guide, you’re equipped to build, test, and deploy your own arbitrage bot. Remember: start small, test thoroughly, and always prioritize security. Happy arbitraging! 🚀
Bu gönderi CC BY 4.0 lisansı altındadır.