Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Resupplyfi Nuclear Analysis -Ackee Blockchain
HACKING NEWS

Resupplyfi Nuclear Analysis -Ackee Blockchain

By Crypto FlexsAugust 20, 20252 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Resupplyfi Nuclear Analysis -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email
On June 26, 2025, the cost of a single water purification department is $ 9.56m. The attacker exploited the ERC4626 “First Donation” vulnerability in the ResupplyPair Contract (0x6e90c) of CVCRUSD Vault. They stole $ 10 million from one flash loan trading (0xFFBD).

How did this happen?

The Resupplyfi protocol includes vulnerabilities in the ERC4626 safe collateral processing, allowing the attacker to manipulate the exchange rate and bypass the LTV (Loan-TO-VALUE) inspection, which causes unauthorized borrowing. This vulnerability was successfully used as a real attack, resulting in $ 95.6 million in just a few hours after the protocol deployment.

Details of vulnerability

1. Calculation of exchange rates

location: ResupplyPaircore.sol: 573

_exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));

problem: If the prices of Oracle are very large due to the integer department without rounding protection, the exchange rate drops to zero.

2. ERC4626 Donation Attack Vector

location: ResupplyPaircore.sol: 155-156

underlying = IERC20(IERC4626(_collateral).asset());
This protocol accepts the ERC4626 safe as collateral, vulnerable to donation attacks. In the actual abuse, the attacker aimed at the vault, which is almost empty when distributed.

-The attacker can donate assets directly to the safe.

-This is a significant expansion of the price per share

-Oracle accurately reports the expansion price

-Crelmented exchange rate calculation: `1E36 / exth_large_number = 0`

3. Test of broken payment ability

location: ResupplyPaircore.sol: 282

uint256 _ltv = ((_borrowerAmount * _exchangeRate * LTV_PRECISION) / EXCHANGE_PRECISION) / _collateralAmount;
return _ltv <= _maxLTV;

when _EXCHANGERATE = 0

-LTV calculation:

(_borrowerAmount * 0 * LTV_PRECISION) / EXCHANGE_PRECISION / _collateralAmount = 0

– check: 0 <= _maxltv always Returns the truth

result: All collateral allows unlimited borrowing

Attack scenario

target: cvcrvusd ERC4626 safe (almost empty when distributed)

1. Initial operation:

The attacker made a big donation to artificially expand the ‘Pricepershare’ after depositing one WEI in the empty CVCRVUSD safe.

2. Exchange rate:

Attacker:

-An called borrow() Newly deployed ResupplyPair

-Triggered Oracle Price Fetch: GetPrices (address (collateral))

-The price is very high due to donation inflation

–_EXCHANGERATE = 1E36 / Price Solidity Floor Division was calculated as 0

3. Solvency bypass:

– _issolvent () Inspired inspection used _EXCHANGERATE = 0

-LTV calculation:

(_borrowAmount * 0 * LTV_PRECISION) / EXCHANGE_PRECISION / _collateralAmount = 0

– check 0 <= _maxltv Always return the truth

4. Bulk:

The attacker used only one WEI collateral to borrow $ 10 million in reuse to exchange and redistribute the stolen funds. This led to A Final profit 9.56 million It is divided into several addresses.

General attack pattern

1. Target new or low liquid ERC4626 vault.

2. Donate a large amount of basic assets to expand the stock price.

3. Sharing mint minimum safe (1 Wei)

4. Oracle prices expand to astronomical levels

5. The exchange rate due to the integer department drops to zero.

6. Minimal collateral and bypass LTV inspection

7. Borrow the maximum available funds

Recommendation

Immediate relief

1. Add the exchange rate floor

_exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));
require(_exchangeRate > 0, "Invalid exchange rate");
_exchangeRate = _exchangeRate == 0 ? 1 : _exchangeRate;

2. Add the minimum mortgage requirements

Enforce the minimum deposit for ERC4626 and implement a share/asset ratio.

reference

-ERC4626 Standard: https://eips.ethereum.org/eips/eip-4626

-RESUPPLYFI official response: https://x.com/resupplyfi/status/193809252431036491

-Standum safe: CVCRVUSD ERC4626 Vault

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The first extension for Solana developers

October 27, 2025

Shamir’s Secret Sharing (SSS) for secure quantum data storage

October 25, 2025

Cryptocurrency company Xeltox has been fined C$177M by Canada’s AML regulator.

October 23, 2025
Add A Comment

Comments are closed.

Recent Posts

Australia provides clarity on cryptocurrency regulation with new guidelines

October 29, 2025

Stake USDT To Earn BTC With Up To 600% APR

October 28, 2025

Coinbase Acquires Echo, Leading On-Chain Capital Raising Platform in $375 Million Deal

October 28, 2025

US Bitcoin reports holdings of 3,865 BTC after recent acquisition

October 27, 2025

Swiss Bitcoin App Relai Acquires MiCA License In France

October 27, 2025

Tapzi Presale Gains Traction with DeepSnitch AI and Bitcoin Hyper

October 27, 2025

The first extension for Solana developers

October 27, 2025

River Public Sale – 48-Hour Dutch Auction Lowest Price Settlement, Claim And Refund Instantly After End

October 27, 2025

Jiuzi Holdings, Inc. Partners With SOLV Foundation On $2.8B TVL Bitcoin Initiative To Advance Crypto Treasury Strategy

October 27, 2025

Why Elon Musk’s SpaceX transferred $133 million in Bitcoin

October 27, 2025

Stablecoin payments reach $10 billion with mainstream adoption

October 26, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Australia provides clarity on cryptocurrency regulation with new guidelines

October 29, 2025

Stake USDT To Earn BTC With Up To 600% APR

October 28, 2025

Coinbase Acquires Echo, Leading On-Chain Capital Raising Platform in $375 Million Deal

October 28, 2025
Most Popular

X Hall of Flame, Roman – Cointelegraph Magazine

July 30, 2024

Cube.Exchange Raises $12 Million in Series A Funding, Backed by Leading Investors – The Defi Info

February 1, 2024

Elderberry upgrade deployed live on mainnet

March 17, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.