Author: CryptoSlate
Compiled by: Deep Tide TechFlow
Deep Tide Guide: A collateral worth a few dollars in a meme coin was successfully loaned out for 9.05 million dollars through a zero-signature vulnerability in the oracle validator. This incident exposes a blind spot in the mathematical verification of DeFi infrastructure: when the validator misinterprets the mathematical identity as proof of authorization, the loan-to-value ratio rule designed by the protocol becomes an accomplice.
The Hedera-based lending protocol Bonzo Lend has locked the withdrawal function, after an oracle validator accepted a proof containing a zero signature and public key, allowing a wallet to borrow 9.05 million dollars with 250 SAUCE as collateral.

As of July 13, Bonzo Lend and Bonzo Points remain paused, with the official status page of the protocol showing that Bonzo Lend and all affected asset markets are under maintenance.
During the period when Bonzo Finance Labs and Bonzo Finance Foundation determine the recovery path and reopening conditions, liquidity providers are still unable to withdraw funds.
Wallet A first deposited 250 SAUCE, worth only a few dollars. At 00:51 UTC, it submitted a SAUCE/wHBAR price update that exaggerated the value of the token by about 12 orders of magnitude, even though the market price remained around 0.2 HBAR.
After the manipulated price reached the oracle's on-chain storage for 8 seconds, the wallet borrowed 6.63 million USDC.
It then borrowed an additional 34.5 million wrapped HBAR, making the principal withdrawn by Wallet A approximately 9.05 million dollars according to Bonzo’s reference price.
How Zero Value Passed Through the Validator
The submitted update did not contain a valid oracle signature. Its signature field was [0, 0], and the referenced committee public key was also zero, referred to in cryptography as the point at infinity.
Supra's validator sent these inputs to Hedera's pairing precompiled contract. As both points represent a mathematical identity, the pairing equations returned true as designed.
The validator then treated this result as proof of the committee’s signature, as it did not first reject the zero value, identity, and non-subgroup inputs.
In simple terms, the network correctly answered the equation it received, while the validator misinterpreted that answer as authorization.
Bonzo stated that its lending contract then used the price stored by the oracle to execute according to its programmed loan-to-value ratio rules.
Another Wallet B borrowed about 1 million dollars while the abnormal price was still valid. This wallet contacted Bonzo, indicating it was a white hat responder and declared its intention to return the funds.
Bonzo reported that about 1 million dollars had been recovered, although the funds have not yet been returned, and the final amount remains uncertain.
Bonzo reported that Supra has fixed the validator, but the lending pool remains closed.
Remaining issues include whether regression tests confirm that the validator rejects identity inputs, whether Bonzo will add price deviation checks or tighten collateral parameters, and how to handle available assets when withdrawals are restored.
As of July 13, Bonzo's official status page continues to list this incident as unresolved. Its latest official update released on July 11 states that the protocol remains paused.
Bonzo has not announced compensation, reopening dates, or withdrawal terms for users, leaving liquidity providers reliant on the upcoming recovery plan.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。