Hack Explained - UwuLend

Hack Explained - UwuLend


2 min read

UwuLend is a decentralised finance (DeFi) protocol that functions as a liquidity market, allowing users to deposit and borrow digital assets. UwuLend was hacked leading to the theft of approximately $20 million. This significant breach was due to the manipulation of the protocol’s price oracle system, allowing the attacker to exploit vulnerabilities using a flash loan.

Behind the Breach

The attack involved the use of a flash loan to manipulate the price feed of UwuLend's stablecoin, USDe, and its synthetic version, sUSDe. The attacker exploited the protocol’s price oracle system by manipulating several sources used for price feeds, such as FRAXUSDe and USDeUSDC. This allowed them to borrow more assets than they should have been able to, effectively draining the protocol’s funds.

Protect Your Protocol

This is what you should do to protect your project from these kind of attacks:

  1. Enhanced Oracle Security: Implement more robust and tamper-proof price oracle mechanisms to ensure accurate and reliable data feeds.

  2. Flash Loan Safeguards: Introduce measures to detect and prevent flash loan attacks, such as transaction monitoring and anomaly detection systems.

  3. Comprehensive Audits: Conduct regular and thorough security audits by multiple independent firms to identify and address potential vulnerabilities.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.