This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc310x37e49bf3749513a02fa535f0cbc383796e8107e4Ethereum0x829c3ae2e82760ecead0f384918a650f8a31ba18Ethereum0xf8a8eae0206d36b9ac87eaa9a229047085af0178EthereumOn Ethereum mainnet block 18992908, an unprivileged adversary cluster centered on EOA 0xb90cf1d740b206b6d80854bc525e609dc42b45dc and helper contract 0x91c49cc7fbfe8f70aceeb075952cd64817f9d82c executed a single-transaction attack against WiseLending. The transaction 0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31 used a public Aave flash loan, permissionless Pendle entry points, and WiseLending deposit/withdraw/borrow functions to inflate the collateral value of the PendlePowerFarmToken lending pool and then borrow assets against the inflated position.
The root cause is a lending-share accounting asymmetry inside WiseLending. Deposits mint lending shares with floor rounding, while exact-amount withdrawals burn shares with round-up behavior. Once the pool share price is above one token per share, the attacker can repeatedly add more pool assets while restoring the same total Wise share count, which strictly raises asset-per-share and therefore the collateral value attributed to the attacker’s remaining Wise shares.
WiseLending tracks pool ownership through lending shares rather than direct token balances. A lender’s effective claim on a pool depends on the relation between the pool’s tracked assets and totalDepositShares. If the same number of shares comes to represent more underlying tokens, Wise will value those shares as more collateral.
The manipulated collateral token was PendlePowerFarmToken at 0xb40b073d7e47986d3a45ca7fd30772c25a2ad57f. WiseOracleHub used PendleChildLpOracle at 0x9229fe30c954f27ac5e7511ca00838a246ac25ed as the price feed for that token. That oracle does not return a fixed price; it multiplies the Pendle LP oracle result by the child token’s LP-assets-per-token ratio:
function latestAnswer()
public
view
returns (uint256)
{
return priceFeedPendleLpOracle.latestAnswer()
* pendleChildToken.totalLpAssets()
* PRECISION_FACTOR_E18
/ pendleChildToken.totalSupply()
/ PRECISION_FACTOR_E18;
}
This matters because Wise treated the attacker’s inflated lending-share claim over PendlePowerFarmToken as genuine collateral, then translated that claim into ETH value through the oracle path above.
The vulnerability is an on-chain accounting bug, not a private-key compromise or privileged admin misuse. WiseLending exposed two public paths over the same lending-share system that rounded in opposite directions. The deposit path minted shares conservatively for the user, while the exact-amount withdrawal path burned shares aggressively for the protocol. That asymmetry becomes exploitable once one Wise share is already worth more than one PendlePowerFarmToken unit.
The incident’s invariant is simple: if no external yield is created during the transaction, a same-transaction deposit/withdraw round trip should not increase the number of pool assets represented by pre-existing Wise shares. The observed behavior violated that invariant. After each attacker loop iteration, Wise’s totalDepositShares returned to the prior value, but the pool kept a net surplus of PendlePowerFarmToken, so every remaining share became more valuable. Wise then accepted those inflated shares as collateral and let the attacker borrow real assets from other pools.
The exploit began with a public Aave flash loan and a public Pendle mint path. The attacker converted the flash-loaned inventory into a large PendlePowerFarmToken balance, then used NFT 8 inside WiseLending as the inflation vessel. Before the geometric ratchet, the attacker first triggered the collapse withdrawal that reset the pool to an extreme one-share state:
WiseLending::withdrawExactShares(8, PendlePowerFarmToken, 10000000000)
emit FundsWithdrawn(... amount: 10000015261, shares: 10000000000 ...)
WiseLending::lendingPoolData(PendlePowerFarmToken) -> (2, 1, 750000000000000000)
That transition is the critical precondition. It left the pool with pseudoTotalPool = 2 and totalDepositShares = 1, meaning one Wise share now represented more than one token unit. From there the attacker repeatedly deposited 2 * pseudoTotalPool - 1 token units so that Wise minted exactly one share, then withdrew exact amount 1, which burned exactly one share and restored the one-share pool while leaving a net token surplus behind.
The trace captures the first round directly:
WiseLending::depositExactAmount(8, PendlePowerFarmToken, 3)
emit FundsDeposited(... amount: 3, shares: 1 ...)
WiseLending::withdrawExactAmount(8, PendlePowerFarmToken, 1)
Repeating that round trip ratcheted the pool upward until the later high-value deposit pushed the pool to the traced state (255310974640195504834, 7). At that point the attacker no longer needed a large number of Wise shares. A fresh helper-owned position could deposit only one Wise share worth of PendlePowerFarmToken and still be valued as substantial collateral.
Wise’s oracle path then converted that manipulated share claim into inflated ETH value. The validator fork run and the incident trace both show Wise invoking cashoutAmount(PendlePowerFarmToken, 1) and then WiseOracleHub::getTokensInETH(...) for roughly 36.472996377170786405 PendlePowerFarmToken units, which produced the collateral headroom used for borrowing.
The adversary lifecycle has three stages. First, the EOA deployed helper contract 0x91c49cc7fbfe8f70aceeb075952cd64817f9d82c in transaction 0x33e3c94e8e0359b7a98b74a02454a52fad2a8fb7faee02f888807bc60f688628. Second, in the exploit transaction, that helper called Aave V2 flashLoan, entered Pendle, withdrew 10000015261 units from Wise via NFT 8, and executed the repeated Wise deposit/withdraw ratchet on the PendlePowerFarmToken pool. Third, after collateral inflation, the attacker borrowed multiple assets from WiseLending, swapped enough of them to settle the flash loan, and returned the residual value to the originating EOA.
One of the decisive borrow events in the trace is the helper-owned NFT 9 borrow of 43767595652604943692 wstETH:
WiseLending::borrowExactAmount(9, WstETH, 43767595652604943692)
emit FundsBorrowed(... nftId: 9, token: WstETH, amount: 43767595652604943692 ...)
WstETH::transfer(... to attacker, value: 43767595652604943692)
This confirms that the attack was not merely cosmetic pool manipulation. The inflated collateral was spendable against Wise’s real borrow pools.
The incident caused direct loss of borrowable assets and collateral inventory from WiseLending. The collected balance-diff artifact records at least the following pool losses during the exploit transaction:
[
{
"token_symbol": "wstETH",
"amount": "104066616635764896511",
"decimal": 18
},
{
"token_symbol": "USDC",
"amount": "9000000000",
"decimal": 6
},
{
"token_symbol": "PendlePowerFarmToken",
"amount": "10000015262",
"decimal": 18
}
]
The attacker EOA’s native ETH balance increased by 177772035197698895925 wei net of gas according to the recorded transaction balance diff. The attack therefore realized both protocol asset depletion and attacker profit.
0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31, including metadata, receipt, and focused trace summary.0x33e3c94e8e0359b7a98b74a02454a52fad2a8fb7faee02f888807bc60f688628 and attacker contract profile for 0x91c49cc7fbfe8f70aceeb075952cd64817f9d82c.PendlePowerFarmToken verified source bundle for 0xb40b073d7e47986d3a45ca7fd30772c25a2ad57f.PendlePowerFarmToken and verified source bundle for PendleChildLpOracle.