This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0x4a304ff08851106691f626045b0f55d403e3a0958363bdf82b96e8ce7209c3a60x13ae975c5a1198e4f47c68c31c1230694dc44a57BSC0xf8527dc5611b589cbb365acacaac0d1dc70b25cbBSC0x10b6f851225c203ee74c369ce876beb56379fca3BSC0xb2b01d6f953a28ba6c8f9e22986f5bddb7653aeaBSCAt BSC block 29185769, transaction 0x4a304ff08851106691f626045b0f55d403e3a0958363bdf82b96e8ce7209c3a6 exploited Helio's plugin-backed fsAMM-HAY/BUSD market. The attacker reduced the market's cToken supply to dust, then deposited LP directly into the market's ERC4626 plugin vault with the market itself as the share receiver. That donation inflated the market exchange rate without minting matching fsAMM cTokens, so Helio's comptroller treated the dust collateral as highly valuable and allowed the attacker cluster to drain assets from fANKR, fHAY, and fankrBNB.
The root cause is a broken accounting invariant in the plugin market design: market cash increased through externally minted plugin shares even though cToken supply did not increase. That violated the requirement that each outstanding cToken represent a fair share of legitimately supplied underlying.
Helio's fsAMM-HAY/BUSD market is not a plain ERC20-backed cToken. It is a plugin-backed market that deposits the underlying LP token into an ERC4626-style vault and treats the vault position as market cash.
The critical accounting path is in the victim market implementation:
Origin: Helio CErc20PluginDelegate victim code.
function getCashPrior() internal view override returns (uint256) {
return plugin.previewRedeem(plugin.balanceOf(address(this)));
}
function doTransferIn(address from, uint256 amount) internal override returns (uint256) {
require(EIP20Interface(underlying).transferFrom(from, address(this), amount), "send");
deposit(amount);
return amount;
}
function deposit(uint256 amount) internal {
plugin.deposit(amount, address(this));
}
That logic is only safe if plugin shares credited to the market can only be created through the market's own mint flow. The paired vault interface does not enforce that:
Origin: Helio plugin vault ERC4626 interface.
function deposit(uint256 underlyingAmount, address to) external returns (uint256 shares);
Because deposit accepts an arbitrary to address, any caller can mint plugin shares directly to the fsAMM market address. Once that happens, getCashPrior() counts those donated shares as market backing even though no new fsAMM cTokens were minted.
This is an ATTACK-class accounting exploit in a plugin-backed collateral market. The exploitable invariant is that increases in collateral backing must be paired with proportional increases in cToken supply. Helio broke that invariant by valuing fsAMM cash as plugin.previewRedeem(plugin.balanceOf(market)) while the plugin vault allowed arbitrary third parties to mint shares to market. An attacker could therefore create a tiny outstanding cToken supply, donate a large amount of LP to the vault on behalf of the market, and make each remaining fsAMM cToken represent an artificially huge amount of underlying. Helio's comptroller used that inflated exchange rate in its collateral calculations and permitted borrowing against it. The exploit remained permissionless because every component used by the attacker was public: flash liquidity, public Helio markets, and unrestricted vault entry points. The incident therefore satisfies the ACT model.
The attacker cluster used public ANKR flash liquidity and public Helio markets only. First, the borrower account supplied 34,494,086.936027488122501834 raw ANKR to fANKR, establishing borrowable collateral. In parallel, the attacker contract minted a small fsAMM-HAY/BUSD position from LP and immediately redeemed almost all of it, leaving only 1001 fsAMM cTokens outstanding for the borrower cluster.
The decisive step was a direct vault deposit to the plugin on behalf of the market itself:
Origin: seed trace, direct plugin donation.
TransparentUpgradeableProxy::fallback(
238641886110500562471821,
CErc20Delegator: [0xF8527Dc5611B589CbB365aCACaac0d1DC70b25cB]
)
0xC3F159eB41b75BF79bbC099AFB63ED0c74d6aEC5::deposit(
238641886110500562471821,
CErc20Delegator: [0xF8527Dc5611B589CbB365aCACaac0d1DC70b25cB]
)
emit Deposit(
param0: 0xC40119C7269A5FA813d878BF83d14E3462fC8Fde,
param1: CErc20Delegator: [0xF8527Dc5611B589CbB365aCACaac0d1DC70b25cB],
param2: 238641886110500562471821,
param3: 238641886110500562471821
)
That call moved fresh LP into the vault and minted new plugin shares to the fsAMM market address, not to the attacker. Since the market's cash calculation looks only at plugin.balanceOf(address(this)), the donated shares became indistinguishable from legitimately market-minted backing. No new fsAMM cTokens were created during this step, so the market's exchange rate inflated sharply over a dust cToken supply.
The trace later shows the post-donation borrow and one-token redemption behavior:
Origin: seed trace, post-inflation borrow and redemption.
0x96954e4ab0fa5a10C5f2DB11B681D17E704574B7::borrow(
685999702783572563751255
)
emit Redeem(
: 0xC40119C7269A5FA813d878BF83d14E3462fC8Fde,
: 519134100928882317409,
: 1
)
This proves both sides of the invariant break. Helio accepted the inflated fsAMM collateral value and allowed borrowing of 685999702783572563751255 raw ANKR from fANKR. Separately, a holder of only 1 fsAMM cToken could redeem 519134100928882317409 raw LP underlying, demonstrating that the donated value had been converted into redeemable market backing.
The realized depletion predicate is explicit in the balance diff. After the exploit transaction, fANKR lost 685999702783572563751254 raw ANKR, fHAY lost 25296116863562095022654 raw lisUSD, and fankrBNB lost 1148264532617591819152 raw ankrBNB. Those deltas make the ACT success condition deterministic without relying on fee conversion estimates.
The adversary cluster consisted of sender EOA 0x4b92cc3452ef1e37528470495b86d3f976470734, main attacker contract 0xc40119c7269a5fa813d878bf83d14e3462fc8fde, and borrower helper 0xd2094b870d80cfb7dada4893ad0030d642ca9f72.
The on-chain flow was:
0x8028ac1195b6469de22929c4f329f96b06d65f25 and Algebra pool 0xc8cbf9b12552c0b85fc368aa530cc31e00526e2f.fANKR at 0x13ae975c5a1198e4f47c68c31c1230694dc44a57.fsAMM-HAY/BUSD from LP, redeemed almost all of it, and transferred the remaining 1001 cTokens into the borrower cluster.0x02706a482fc9f6b20238157b56763391a45be60e with receiver 0xf8527dc5611b589cbb365acacaac0d1dc70b25cb, the fsAMM market.0x1851e32f34565cb95754310b031c5a2fc0a8a905 then valued the dust fsAMM position using the inflated exchange rate and allowed borrowing and redemption from the other Helio markets.ankrBNB gain.This sequence was fully adversary-crafted inside one public transaction and required no privileged role, private key compromise, or private orderflow dependency.
The exploit drained three Helio markets:
fANKR (0x13ae975c5a1198e4f47c68c31c1230694dc44a57) lost 685999702783572563751254 raw ANKR.fHAY (0x10b6f851225c203ee74c369ce876beb56379fca3) lost 25296116863562095022654 raw lisUSD.fankrBNB (0xb2b01d6f953a28ba6c8f9e22986f5bddb7653aea) lost 1148264532617591819152 raw ankrBNB.Origin: seed transaction balance diff.
{
"holder": "0x13ae975c5a1198e4f47c68c31c1230694dc44a57",
"token": "0xf307910a4c7bbc79691fd374889b36d8531b08e3",
"delta": "-685999702783572563751254"
}
{
"holder": "0x10b6f851225c203ee74c369ce876beb56379fca3",
"token": "0x0782b6d8c4551b9760e74c0545a9bcd90bdc41e5",
"delta": "-25296116863562095022654"
}
{
"holder": "0xb2b01d6f953a28ba6c8f9e22986f5bddb7653aea",
"token": "0x52f24a5e03aee338da5fd9df68d2b6fae1178827",
"delta": "-1148264532617591819152"
}
The attacker contract itself finished with 590964388569997952122303 raw ANKR and 116000000000000000000 raw ankrBNB after flash repayment, but the decisive incident predicate is the protocol depletion above.
0x4a304ff08851106691f626045b0f55d403e3a0958363bdf82b96e8ce7209c3a629185769fANKR: 0x13ae975c5a1198e4f47c68c31c1230694dc44a57fsAMM-HAY/BUSD: 0xf8527dc5611b589cbb365acacaac0d1dc70b25cb0x02706a482fc9f6b20238157b56763391a45be60efHAY: 0x10b6f851225c203ee74c369ce876beb56379fca3fankrBNB: 0xb2b01d6f953a28ba6c8f9e22986f5bddb7653aea/workspace/session/artifacts/collector/seed/56/0x4a304ff08851106691f626045b0f55d403e3a0958363bdf82b96e8ce7209c3a6/trace.cast.log/workspace/session/artifacts/collector/seed/56/0x4a304ff08851106691f626045b0f55d403e3a0958363bdf82b96e8ce7209c3a6/balance_diff.json/workspace/session/artifacts/collector/seed/56/0x13a2eb858aa1ace895a2a89ac6afd48bd6b1f8d7/src/compound/CErc20PluginDelegate.sol/workspace/session/artifacts/collector/seed/56/0x13a2eb858aa1ace895a2a89ac6afd48bd6b1f8d7/src/compound/IERC4626.solfHAY: https://api.etherscan.io/v2/api?chainid=56&module=contract&action=getsourcecode&address=0x10b6f851225c203ee74c369ce876beb56379fca3