avatar
Marcin (wartime arc) ๐Ÿ”œ NYC DAS ๐Ÿ‡บ๐Ÿ‡ธ
10,314 Twitter followers
Follow
Co-Founder @redstone_defi Oracles โ™ฆ๏ธ Summoner @ETHWarsaw
Posts
avatar
Marcin (wartime arc) ๐Ÿ”œ NYC DAS ๐Ÿ‡บ๐Ÿ‡ธ
03-04
Something you might not have noticed due to the eventful weekend. A manipulation attack against Curve Lend (LlamaLend) - using sDOLA as collateral. The @CurveFinance / @InverseFinance sDOLA incident is a very interesting case for oracle manipulation risk. The attacker walked away with ~$240K. Funded and returned through Tornado Cash. The attack in 4 steps: 1. Soft-liquidate all sDOLA suppliers on LlamaLend โ†’ converts collateral into crvUSD 2. Donate to sDOLA pool โ†’ manipulate oracle price from ~1.188 to ~1.358 sDOLA/DOLA (a +14% move) 3. Hard-liquidate all previously soft-liquidated users โ†’ attacker pockets the crvUSD surplus 4. Deposit the gained sDOLA back into Curve Lend, borrow crvUSD โ†’ repay the $30M flash loan Why does the oracle price going UP cause liquidations? Curve Lend's soft-liquidation uses an AMM built around the oracle price. When price moves sharply - even upward - users suffer instant impermanent loss (IL) inside the AMM. That IL is realized before the hard-liquidation check kicks in. So even "collateral going up in value" can get you wiped out. Root cause: Curve Lend's liquidation mechanism is incompatible with atomically-manipulable oracles. sDOLA's donation mechanism isn't broken in isolation. It only becomes exploitable when paired with a liquidation system that doesn't account for instant, single-block price manipulation. The broader lesson for oracle design: โ†’ Liquidation logic must assume oracles CAN be manipulated within a single block โ†’ TWAP or manipulation-resistant feeds matter even more in lending contexts โ†’ Composability risk is real - protocol A can be safe while protocol B makes it dangerous This is exactly the kind of infrastructure risk that oracle providers need to solve at the root level. Silver lining is that @InverseFinance confirmed DOLA itself is safe sDOLA holders not on LlamaLend are actually up ~14% from the donation DOLA briefly traded at ~1% discount. Hope that visualisation helps in understanding the sequence.
CRV
1.14%
loading indicator
Loading..