Oracle Manipulation of Fuse Pool Leads to Draining of all the Funds in the Pool

Key takeaways

  • Today, an isolated incident of oracle manipulation on Fuse Pool #23 occurred. This affects Depositors in Vesper Lend beta (i.e., Rari Fuse Pool #23), participants in the Vesper Aggressive and Vesper Conservative Grow pools, and Participants in the Vesper Earn (beta) pool.
  • To examine the problem and find answers, Vesper finance collaborated with Rari Capital, Yearn, and Uniswap.
Oracle Manipulation of Fuse Pool
Oracle Manipulation of Fuse Pool

Oracle manipulation, also known as oracle price manipulation, is a famous vulnerability in the DeFi sector. An oracle smart contract is altered by attackers, resulting in system failure, theft, and other damages. DeFi networks have lost more than $33 million in 2020 due to pricing oracle manipulation.

Oracles are third-party service providers that give external or real-world data to blockchains such as price feeds, weather information, statistics, etc. Price feeds are by far the most abused oracle data, allowing attackers to steal millions of dollars from DeFi platforms.

Today, the Vesper Lend beta on Rari Fuse (Pool #23) was misused. 

As of today evening, U.S. time, the consequences of the exploit appears to be varied for various users:

Beta Vesper Lend (Rari Fuse Pool #23): Users will see a greater APY across all tokens because of the debt assumed by the exploiter. vVSP investors, on the other hand, will be unable to withdraw until more liquidity becomes available. For individuals who choose to withdraw, this will become possible in the coming weeks as the tight supply channel opens to match the surge of demand.

Vesper Grow (Aggressive):: The funds are SAFU. Rari Fuse Pool #23 was exploited as a yield source by aggressive pools. As a result, users will also see a little higher APY.

Funds are SAFU( Secure Asset Fund for Users), according to Vesper Earn (Beta). Similarly, users will notice a modest increase in APY. Vesper Earn derives its yield from the Vesper Aggressive DAI Pool, which derives its production from Rari Fuse Pool #23.

Vesper Grow (Conservative): The funds are SAFU. Since no Conservative Grow pools utilised Rari Fuse Pool #23 as a yield source, these users are unaffected.

Funds are SAFU for VUSD holders. Although the VUSD price has been adjusted upward, the collateral system remains solvent.

How the attack seems to have been structured:

To maintain secrecy, the attacker first obtained 100 ETH from tornado.cash and then exchanged 58 ETH for USDC.

Using this USDC, they purchased all available VUSD on the Uniswap v3 0.05% charge tier, causing that market to go out of range.

They then established a new LP stake of 0.1 USDC at a price of trillions of VUSD per USDC.

As a result, the Uniswap v3 oracle reported a price in the trillions for the 0.05% charge range.

The Rari loan market got the VUSD price via the Uniswap v3 oracle price feed and valued VUSD collateral at “infinity”.

The attacker handed Vesper Lend the acquired VUSD as collateral, giving them “infinite” collateral to borrow all accessible assets.

The attacker utilised the VUSD collateral to borrow around 3.5 million in various assets, so the 735 ETH accrued are presently here.

As soon as the community and VBC team became aware of the problem, they collaborated with Rari Capital, Yearn, and Uniswap to examine the situation and find remedies. As a result, they suspended VUSD and vVSP borrowing on #23.

Set the collateral factor for VUSD to “zero.”

VBC has put all other activities on hold to focus on fixing this attack.

Working together with Rari, Yearn, and Uniswap, the team continues to study the entire extent of this attack. Vesper will be closely monitoring the Discord chat over the next 24 hours while they evaluate all possibilities.

Also, read

Share your Love
Default image
Aadrika Sharma
I enjoy writing and try to learn new things every passing day!