All incidents
Loading report...
Overview
Code Analysis
Execution Trace
Root Cause Analysis
Rendering incident details
0xf91d26405fb5e489b7c4bbc11b9a5402ae9243d3Base0xa2092f9a2a5dd84d6df7d175673ec8a7357c551bBase0x5c52649d3c1e1d0ddf6a46e1c25a25d9fb148af8BaseAn attacker exploited a Compound-style lending deployment on Base governed by comptroller 0xf91d26405fb5e489b7c4bbc11b9a5402ae9243d3. The exploit chain used a public Morpho flash loan, manipulated the public WETH/uSUI concentrated-liquidity pool 0x5c45b0f48c326f79b56709d8f63ce2bee7697106, minted cSUI at the manipulated price, and then borrowed out the victim cMarkets before unwinding and repaying the flash loan.
The root cause was oracle trust in a same-transaction manipulable spot price. Oracle 0x93d619623abc60a22ee71a15db62eede3ef4dd5a priced cSUI through feed 0xc112e41c1094ff7fbf9e5dc0d1026103542e7e0c, and that feed read the live WETH/uSUI pool state directly. Because the comptroller accepted that spot-derived price during collateral checks, the attacker was able to inflate cSUI collateral value inside one transaction and convert that transient price distortion into borrow capacity.
The protocol is a Compound V2-style lending system with cTokens and a Unitroller-style comptroller/oracle stack. Both cWETH and cSUI were collateral-enabled, and cSUI carried a high 0.95e18 collateral factor. The validator fork execution confirmed that comptroller.markets(cSUI) still returned 950000000000000000, matching the seed configuration.
The oracle path for cSUI is the critical design detail. Live reads and traces show oracle.feeds(cSUI) = 0xc112e41c1094ff7fbf9e5dc0d1026103542e7e0c, and the feed exposes pair() pointing to the public WETH/uSUI pool. That means the protocol was not reading a manipulation-resistant TWAP or delayed oracle; it was reading the pool state that the borrower was able to move in the same transaction.
This matters because the comptroller prices collateral during borrow checks. If the price source is the same market the borrower can trade against with flash liquidity, then the borrower can create collateral value that exists only for the duration of the transaction and still borrow real reserves from other markets.
The vulnerability class is a collateral-overvaluation attack caused by a flash-loan-manipulable spot oracle. The cSUI feed depended on the live state of the WETH/uSUI pool instead of a manipulation-resistant price source. The seed trace and focused collector artifacts show the helper contract buying uSUI through router 0xbe6d8f0d05cc4be24d5167a3ef062215be6d18a5, immediately after which the first post-swap cSUI oracle read jumped from 0x1b00cd3cca4f9800 to 0x130d7d6d92dfe34504a12064c0000000. While that elevated oracle price was active, the helper minted 50e18 uSUI into cSUI and received 249931299699 cTokens. The comptroller then used that inflated valuation when computing account liquidity and allowed the helper to borrow out the victim reserves. The safety invariant that failed was straightforward: collateral pricing must not be directly controllable by the same transaction that consumes the price in borrow authorization.
Before the exploit, the attacker only needed public state and public contracts. Near-seed transaction history shows the attacker EOA 0x81d5187c8346073b648f2d44b9e269509513aae2 first deployed exploit contract 0x7562846468089cf0e8f7b38ac53406b895284901 in tx 0x196ee1330443b37c8a9f00bfa62adc41a33498b49e5093f2b3dcb771c5d2842e, preparing approvals and market-entry setup.
The exploit executed in tx 0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e. Seed metadata shows the attacker EOA called the deployed exploit contract, which then took an 800 WETH Morpho flash loan. The exploit first minted cWETH and borrowed the full cSUI reserve, giving the attacker working inventory for the oracle push.
The decisive step is captured by the collector’s focused swap/oracle artifact:
pre_swap_price seq=106 output=0x...1b00cd3cca4f9800
swap seq=120 decoded={"amountIn": 500000000000000000000, "amountOutMinimum": 1, "sqrtPriceLimitX96": 1000000000000000000000}
post_swap_price seq=173 output=0x...130d7d6d92dfe34504a12064c0000000
This shows the helper using 500 WETH to buy uSUI in the exact pool that the cSUI feed reads. The oracle price increase was not incidental; it happened immediately after the pool trade and before the borrow sequence.
The next step is the cSUI mint under the manipulated price. The focused mint artifact records:
mint_event={"minter":"0x1e03834f759dac9561d366958b00fe000d9e00e3","mintAmount":50000000000000000000,"mintTokens":249931299699}
The helper 0x1e03834f759dac9561d366958b00fe000d9e00e3 then entered cSUI as collateral and called the unresolved comptroller selector 0x38edc837, matching the same path seen in the seed exploit. A later focused borrow artifact shows getAccountLiquidity(helper) returning a large positive liquidity value:
return_uint256_triplet: [0, 1202955348671711384079342129739493452275, 0]
After that, the borrow sequence becomes mechanical. The helper successfully borrowed cWETH, cUSD+, ccbBTC, cwstETH, cUSDT, cUSDz, cMOG, cBRETT, cDEGEN, and other reserves. The reserve depletion is corroborated by the seed balance_diff.json, which shows cWETH losing 247435971398571237348 wei of WETH, cUSD+ losing 79061671018352919009, ccbBTC losing 68269296, and the attacker cluster receiving those balances.
The code-level breakpoint is the oracle/comptroller interaction itself. The oracle’s getUnderlyingPrice(cSUI) path resolves through the cSUI feed and the live WETH/uSUI pool, then the comptroller consumes that result in borrowAllowed and account-liquidity checks. No TWAP, delay, or anti-manipulation guard breaks the same-transaction feedback loop, so the attacker can set the price, mint against that price, borrow, and unwind before the transaction ends.
The attacker lifecycle has three clear stages.
First, the attacker EOA deployed the exploit contract and prepared approvals in tx 0x196ee1330443b37c8a9f00bfa62adc41a33498b49e5093f2b3dcb771c5d2842e. This stage established the reusable exploit entrypoint and market membership setup.
Second, in tx 0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e, the exploit contract took the Morpho flash loan, minted cWETH, and borrowed the entire cSUI reserve. That supplied the inventory needed to manipulate the oracle pool and create cSUI collateral.
Third, the helper contract executed the core exploit logic: buy uSUI in the oracle pool, mint cSUI while the manipulated price is active, enter the cSUI market, obtain inflated account liquidity, borrow all reachable reserves, sell uSUI back into WETH, and flush assets back to the main exploit contract. The helper borrow sequence shows thirteen successful cToken borrows before unwind, and the final transfers return the drained assets to exploit contract 0x7562846468089cf0e8f7b38ac53406b895284901.
The impact was protocol reserve depletion across multiple Base cMarkets. The validator accepted the following observed losses from the root-cause artifact:
[
{"token_symbol":"WETH","amount":"247435971398571237348","decimal":18},
{"token_symbol":"USD+","amount":"79061671018352919009","decimal":6},
{"token_symbol":"cbBTC","amount":"68269296","decimal":8},
{"token_symbol":"wstETH","amount":"7674494588504909905","decimal":18},
{"token_symbol":"USDT","amount":"18908270171","decimal":6},
{"token_symbol":"USDz","amount":"68993811","decimal":18},
{"token_symbol":"Mog","amount":"40573948868634870971110344139","decimal":18},
{"token_symbol":"BRETT","amount":"74764342547142290604590","decimal":18},
{"token_symbol":"DEGEN","amount":"8098042912568830424227988","decimal":18}
]
Operationally, the protocol lost borrowable liquidity across the listed markets, while attacker-controlled addresses finished the transaction holding the drained assets. That satisfies the ACT success predicate based on victim reserve depletion.
Primary exploit transaction: 0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e.
Attacker deployment transaction: 0x196ee1330443b37c8a9f00bfa62adc41a33498b49e5093f2b3dcb771c5d2842e.
Key protocol addresses: comptroller 0xf91d26405fb5e489b7c4bbc11b9a5402ae9243d3, oracle 0x93d619623abc60a22ee71a15db62eede3ef4dd5a, cSUI feed 0xc112e41c1094ff7fbf9e5dc0d1026103542e7e0c, WETH/uSUI pool 0x5c45b0f48c326f79b56709d8f63ce2bee7697106, cSUI 0xa2092f9a2a5dd84d6df7d175673ec8a7357c551b, cWETH 0x5c52649d3c1e1d0ddf6a46e1c25a25d9fb148af8.
Key evidence used in validation:
seed metadata and full trace
seed balance diff
attacker EOA near-seed transactions
oracle/comptroller code artifacts
helper->comptroller focus
swap_oracle_transition
csui_mint_transition
helper_borrow_sequence
first_helper_cweth_borrow_focus