3 months ago
7144
On June 26, a security breach ravaged the Resupply protocol, resulting in a staggering loss of around $9.5 million due to price manipulation tactics. The intruder inflated the share price of wrapped cvcrvUSD staked on Convex Finance by making strategic donations, disrupting Resupply’s CurveLend: crvUSD/wstUSR contract. This breach allowed the attacker to exploit the collateral ratio, borrowing 10 million reUSD with minimal cvcrvUSD backing, which they then exchanged in external markets. As a precaution, Resupply’s team halted the impacted contract.
How Was Price Manipulation Exploited?
A PeckShield report highlighted that the attacker increased cvcrvUSD’s share price through its vault donations, skewing the lending operation in their favor. This flaw led to uncollateralized lending possibilities within the protocol.
Due to artificial price inflation, even a negligible wei of cvcrvUSD assumed significant value, igniting concerns about collateral models in liquidity pools reliant on non-verified price feeds.
The breach stemmed from over-reliance on a solitary price oracle. Although Resupply aimed to enhance liquidity via its “lend” feature, the protection mechanism failed. Security experts advise adopting multiple oracles and establishing cap controls to avert such vulnerabilities.
What Was the Attack’s Impact?
Following the hack, the extraction of 10 million reUSD caused temporary disruptions in Resupply’s market stability. The project team quickly suspended affected contracts, promising a compensation plan for users soon. Despite the cvcrvUSD price normalization, a permanent imbalance in debt and collateral affected lending portfolios.
PeckShield detailed that the attacker promptly traded reUSD across different decentralized exchanges, complicating the asset recovery process. Given that reUSD came from a limited issuance, retrieving it seems difficult. However, blockchain freezing scenarios are being discussed to minimize damage.
– Resupply paused the attacked contract to prevent further damage.
– Tracking reUSD has been challenging due to decentralized exchange trades.
– A compensation strategy for users will soon be disclosed by Resupply.
As Resupply navigates through this crisis, the incident highlights the need for robust security measures in cryptocurrency protocols to safeguard against future breaches and instill trust within the digital finance ecosystem.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.
English (US)