Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SLOT
  • CASINO
  • SPORTSBET
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SLOT
  • CASINO
  • SPORTSBET
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Resupplyfi Nuclear Analysis -Ackee Blockchain
HACKING NEWS

Resupplyfi Nuclear Analysis -Ackee Blockchain

By Crypto FlexsAugust 20, 20252 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Resupplyfi Nuclear Analysis -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email
On June 26, 2025, the cost of a single water purification department is $ 9.56m. The attacker exploited the ERC4626 “First Donation” vulnerability in the ResupplyPair Contract (0x6e90c) of CVCRUSD Vault. They stole $ 10 million from one flash loan trading (0xFFBD).

How did this happen?

The Resupplyfi protocol includes vulnerabilities in the ERC4626 safe collateral processing, allowing the attacker to manipulate the exchange rate and bypass the LTV (Loan-TO-VALUE) inspection, which causes unauthorized borrowing. This vulnerability was successfully used as a real attack, resulting in $ 95.6 million in just a few hours after the protocol deployment.

Details of vulnerability

1. Calculation of exchange rates

location: ResupplyPaircore.sol: 573

_exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));

problem: If the prices of Oracle are very large due to the integer department without rounding protection, the exchange rate drops to zero.

2. ERC4626 Donation Attack Vector

location: ResupplyPaircore.sol: 155-156

underlying = IERC20(IERC4626(_collateral).asset());
This protocol accepts the ERC4626 safe as collateral, vulnerable to donation attacks. In the actual abuse, the attacker aimed at the vault, which is almost empty when distributed.

-The attacker can donate assets directly to the safe.

-This is a significant expansion of the price per share

-Oracle accurately reports the expansion price

-Crelmented exchange rate calculation: `1E36 / exth_large_number = 0`

3. Test of broken payment ability

location: ResupplyPaircore.sol: 282

uint256 _ltv = ((_borrowerAmount * _exchangeRate * LTV_PRECISION) / EXCHANGE_PRECISION) / _collateralAmount;
return _ltv <= _maxLTV;

when _EXCHANGERATE = 0

-LTV calculation:

(_borrowerAmount * 0 * LTV_PRECISION) / EXCHANGE_PRECISION / _collateralAmount = 0

– check: 0 <= _maxltv always Returns the truth

result: All collateral allows unlimited borrowing

Attack scenario

target: cvcrvusd ERC4626 safe (almost empty when distributed)

1. Initial operation:

The attacker made a big donation to artificially expand the ‘Pricepershare’ after depositing one WEI in the empty CVCRVUSD safe.

2. Exchange rate:

Attacker:

-An called borrow() Newly deployed ResupplyPair

-Triggered Oracle Price Fetch: GetPrices (address (collateral))

-The price is very high due to donation inflation

–_EXCHANGERATE = 1E36 / Price Solidity Floor Division was calculated as 0

3. Solvency bypass:

– _issolvent () Inspired inspection used _EXCHANGERATE = 0

-LTV calculation:

(_borrowAmount * 0 * LTV_PRECISION) / EXCHANGE_PRECISION / _collateralAmount = 0

– check 0 <= _maxltv Always return the truth

4. Bulk:

The attacker used only one WEI collateral to borrow $ 10 million in reuse to exchange and redistribute the stolen funds. This led to A Final profit 9.56 million It is divided into several addresses.

General attack pattern

1. Target new or low liquid ERC4626 vault.

2. Donate a large amount of basic assets to expand the stock price.

3. Sharing mint minimum safe (1 Wei)

4. Oracle prices expand to astronomical levels

5. The exchange rate due to the integer department drops to zero.

6. Minimal collateral and bypass LTV inspection

7. Borrow the maximum available funds

Recommendation

Immediate relief

1. Add the exchange rate floor

_exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));
require(_exchangeRate > 0, "Invalid exchange rate");
_exchangeRate = _exchangeRate == 0 ? 1 : _exchangeRate;

2. Add the minimum mortgage requirements

Enforce the minimum deposit for ERC4626 and implement a share/asset ratio.

reference

-ERC4626 Standard: https://eips.ethereum.org/eips/eip-4626

-RESUPPLYFI official response: https://x.com/resupplyfi/status/193809252431036491

-Standum safe: CVCRVUSD ERC4626 Vault

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Cryptocurrency trader, OTC fraud claims $ 1.4 million losses, guessing due to KUCOIN deposits

October 7, 2025

Cake Eyes 60% Rally Pancake WAP

October 5, 2025

Lombard Liquid Bitcoin Summary Summary

October 3, 2025
Add A Comment

Comments are closed.

Recent Posts

Cryptocurrency trader, OTC fraud claims $ 1.4 million losses, guessing due to KUCOIN deposits

October 7, 2025

Meanwhile, Bitcoin Life Insurer, Secures $82M To Meet Soaring Demand For Inflation-Proof Savings

October 7, 2025

Pepeto Presale Exceeds $6.93 Million; Staking And Exchange Demo Released

October 7, 2025

Eightco Holdings Inc. ($ORBS) Digital Asset Treasury Launches “Chairman’s Message” Video Series

October 7, 2025

Zeta Network Group Enters Strategic Partnership With SOLV Foundation To Advance Bitcoin-Centric Finance

October 7, 2025

Saylor tells MRBAST to buy Bitcoin even after pause the BTC purchase.

October 7, 2025

Bitcoin Steadies at Rally -Is another powerful brake out just in the future?

October 6, 2025

BitMine Immersion (BMNR) Announces ETH Holdings Exceeding 2.83 Million Tokens And Total Crypto And Cash Holdings Of $13.4 Billion

October 6, 2025

BC.GAME News Backs Deccan Gladiators As Title Sponsor In 2025 Abu Dhabi T10 League

October 6, 2025

Unity modifies mobile games and password wallets that threaten important vulnerability.

October 6, 2025

BitDigital becomes the first public Etherrium for distributing unsecured leverage -details -Details

October 6, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Cryptocurrency trader, OTC fraud claims $ 1.4 million losses, guessing due to KUCOIN deposits

October 7, 2025

Meanwhile, Bitcoin Life Insurer, Secures $82M To Meet Soaring Demand For Inflation-Proof Savings

October 7, 2025

Pepeto Presale Exceeds $6.93 Million; Staking And Exchange Demo Released

October 7, 2025
Most Popular

Banque de France and HKMA collaborate to enhance CBDC cross-border payments

June 27, 2024

Gala Games Integrates Google Pay and Apple Pay for NFT Trading

August 27, 2024

DTX Exchange (DTX) surpasses Ethereum (ETH) and Ripple (XRP) with 100x upside potential.

September 26, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.