“Vulnerability in storage facilities led to the loss of Defi protocols due to the manipulation of the oracles. The Chaos Labs presented an attack on Venus protocol at ~ $ 716 000. On February 27, the attacker made a Donation Attack based on an instant loan, lending to Aave about $ 4 million. He used token ERC-462 artificially inflated by his internal course. The attacker raised the Wusdm price from $ 1.06 to $ 1.7, […]”, – WRITE: Businessua.com.ua
Vulnerability in storage facilities led to the loss of Defi protocols due to the manipulation of the oracles. Chaos Labs presented an attack on Venus protocol at ~ $ 716,000.
On February 27, the attacker made a Donation Attack based on an instant loan, lending from Aave about $ 4 million. He used the token of ERC-4626 storage for wrapped profitable stablcoin Mountain Protocol, Wusdm, artificially inflating its internal course.
The attacker raised the WUSDM price from $ 1.06 to $ 1.7, using two self -liquidation accounts on Venus Protocol’s credit platform.
Despite the rapid response by the protocol, the attacker received a profit of about $ 200,000, and Venus has suffered losses of more than $ 716,000, according to Chaos Labs.
“Both teams have taken emergency measures – frozen markets, adjusted the risk parameters and dropped the price,” said Defi, Lightblocks Labs Joni Keselbrener, The Block said.
The attacked repository implements the ERC-4626 standard, presented in May 2022, which does not contain remedies against metabolic manipulation.
According to Euler Finance, in most such cases, there is no clear vulneraine checks. Chaos Labs acknowledged that security strategies are able to prevent harm.
“Wusdm contracts can use cross-course cross-course crosses or in Venus to think about implementing certain measures to contain quotes. For all income assets, an oracle with a price ceiling like CAPO in Aave will be introduced, which prevents manipulation with artificial jumps, ”the review said.
They agreed to Curve Finance with a similar opinion.
Man. This is vulnericability in venus: IT DID NOT EXPECT Borrowable Coin to Go Up. But is not the Problem in the Standard.
It Applies to Any Vault Btw, Not Only Standardized. Just A Common Misstep by Lending Platforms
– Curve Finance (@Curvefinance) March 30, 2025
“This applies to any repository, not just standardized. The usual mistake of credit platforms, ”the dex representatives indicated.
Ceselbrener noted that the CAPO standard is effective, but requires “additional complication of code and constant management.”
“As the Defi develops, we need to think not only about the simple transfer of prices, but also about understanding the profile of the risk of assets. The need for oracle infrastructure is an additional level of safety. Specialized suppliers can implement protection measures developed to identify and prevent manipulation, ”he summed up.
Earlier, Pyth Network project introduced a new Lazer Onchin Oracle, which is able to provide market data with a time of 1 millisecond.
Recall that in March, the POLYMARKET platform market reached the wrong resolution of the dispute as a result of manipulations with the oracle.
The gun
Please wait …