PANews|Mar 06, 2026 02:40
[HypurrFi Discloses 'Rounding Error' Vulnerability in Early Versions of Aave V3, Suspends New Lending in XAUT0 and UBTC Markets]
The native non-custodial lending protocol HypurrFi posted on Platform X, stating that versions of Aave V3 prior to 3.5 have a 'rounding error' vulnerability. Under specific conditions, attackers could repeatedly execute supply/withdraw and borrow/repay loops to extract underlying tokens. The affected markets are XAUT0 and UBTC within HypurrFi Pooled. Currently, user funds are not at risk. To ensure safety, new supply and lending operations in the relevant markets have been suspended, while withdrawal and repayment functions remain operational. Other markets are functioning normally.
HypurrFi added that its internal monitoring system quickly identified the issue on-chain and promptly froze the affected markets. It is collaborating with other Aave deployers and security researchers to address the issue and invites other Aave fork projects to reach out for more security information.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink