Decoding UwU Lend’s $19.4 Million Exploit
Contents
On the 10th of June, 2024, Uwu Lend was attacked resulting in a loss of more than $19.4 million.
UwU Lend is a decentralized non-custodial liquidity market protocol where users can participate as depositors, borrowers or LP stakers. To learn more about UwU Lend, head over to https://uwulend.fi/
Attacker Address: 0x841ddf093f5188989fa1524e7b893de64b421f47
Attacker Contract: 0x21C58d8F816578b1193AEf4683E8c64405A4312E
Attacker Transactions: https://etherscan.io/address/0x841dDf093f5188989fA1524e7B893de64B421f47
The USDe oracle on UwU Lend uses the median of 11 price sources. However, 5 of these sources were easily manipulated using CurveFinance pools.
The transactions by the attacker can be seen below.
The price of sUSDe on the Curve Finance oracle was manipulated down by 4% to enable borrowing at $0.99. When the price went back up to $1.03, liquidations occurred, leading to substantial gains for the attacker. UwU and its lenders faced losses because of aggressive rehypothecation through repeated borrowing and lending.
Rehypothecation is a practice whereby banks and brokers use, for their own purposes, assets that have been …
UwU Lend is a decentralized non-custodial liquidity market protocol where users can participate as depositors, borrowers or LP stakers. To learn more about UwU Lend, head over to https://uwulend.fi/
Attacker Address: 0x841ddf093f5188989fa1524e7b893de64b421f47
Attacker Contract: 0x21C58d8F816578b1193AEf4683E8c64405A4312E
Attacker Transactions: https://etherscan.io/address/0x841dDf093f5188989fA1524e7B893de64B421f47
The USDe oracle on UwU Lend uses the median of 11 price sources. However, 5 of these sources were easily manipulated using CurveFinance pools.
The transactions by the attacker can be seen below.
The price of sUSDe on the Curve Finance oracle was manipulated down by 4% to enable borrowing at $0.99. When the price went back up to $1.03, liquidations occurred, leading to substantial gains for the attacker. UwU and its lenders faced losses because of aggressive rehypothecation through repeated borrowing and lending.
Rehypothecation is a practice whereby banks and brokers use, for their own purposes, assets that have been …
IoC
841ddf093f5188989fa1524e7b893de64b421f47
841dDf093f5188989fA1524e7B893de64B421f47
21C58d8F816578b1193AEf4683E8c64405A4312E
841dDf093f5188989fA1524e7B893de64B421f47
21C58d8F816578b1193AEf4683E8c64405A4312E