Resupply Crypto Exploit: $10M Debt Hole Created Via Smart Contract Logic Flaw
The cryptocurrency project Resupply has found itself at the epicenter of a cyber incident following a sophisticated exploit that enabled an attacker to engineer a debt hole totaling 10 million reUSD. The breach affected a single trading pair—crvUSD-wstUSR—which, according to the project team, did not compromise other components of the ecosystem.
The root of the issue lay in the logic governing collateral handling and exchange rate computation. Resupply operates on a Collateralized Debt Position (CDP) model, using ERC-4626 tokens—in this case, shares from CurveLend and FraxLend—as collateral. Valuation is managed by oracles relying on the convertToAssets()
function, which converts shares into base assets while treating crvUSD and frxUSD as equivalent to reUSD.
The pivotal factor in the attack was that the CurveLend vault underlying the crvUSD-wstUSR pair was completely empty at the time of the incident—an opportunity the attacker swiftly exploited. Initially, they transferred 2,000 crvUSD to the vault controller—the address responsible for asset management. Then, by depositing a mere 2 crvUSD, they received a fractional share—1 wei.
At first glance, the maneuver appeared innocuous, as the oracle continued to track the actual value of shares. Yet the exploit was meticulously crafted, extending beyond standard share inflation tactics.
The crux lay in the internal exchange rate logic of the smart contract. A hardcoded figure of 1e18 shares was passed through convertToAssets()
, which returned an inflated value—2e36. The exchange rate was then computed as follows:
exchangeRate = 1e36 / 2e36
Due to EVM rounding mechanics, the result was zero. While an exchange rate of zero might not initially seem alarming, it became the linchpin of bypassing the platform’s solvency checks during loan issuance.
Each loan request triggers a check:
_isSolvent() ➔ ltv = (_borrowAmount * exchangeRate * LTV_PRECISION) / EXCHANGE_PRECISION / _collateralAmount
Because exchangeRate
equaled zero, the resulting loan-to-value ratio (LTV) also resolved to zero, causing the system to falsely assume the borrower was fully solvent—regardless of actual collateral.
Exploiting this flaw, the attacker was able to borrow the full available limit of 10 million reUSD tied to the affected pair.
Upon discovering the exploit, the Resupply team responded swiftly. The vulnerable trading pair was halted, its debt ceiling reduced to zero, and withdrawals from the insurance pool—used to cover losses across all trading pairs—were temporarily suspended.
To prevent similar attacks, developers introduced a revised interest rate logic for the affected pair, setting it to zero to halt further debt accumulation. A specialized share-burning contract was also deployed to neutralize this class of vulnerability system-wide.
According to project representatives, a portion of the losses has been offset using Resupply’s treasury funds, with over 643,000 reUSD already recovered. The remaining stolen funds are under active blockchain surveillance, and the team maintains that the situation is fully under control.
To reopen the insurance pool and finalize recovery efforts, a formal vote will be held among token holders. Additionally, key components—ResupplyPairCore.sol and ResupplyPairDeployer.sol—are slated for updates to permanently eliminate the possibility of a similar exploit.
The team urges all community members to stay engaged and monitor official governance forums for forthcoming updates and decisions.