SlowMist|7月 01, 2026 02:35
🚨SlowMist TI Alert🚨
💸 @edeldotfinance Loss: ~ $350k
🔍 Root Cause: `latestAnswer()` in price source reads `convertToAssets()` from ERC4626 vault. Vault's `totalAssets()` directly uses underlying asset balance, allowing attacker to donate assets via direct transfer to inflate share price. No TWAP, rate cap, or donation protection.
📌 Attacker EOA: 0x58428161bb55c14a413945f06cbdec157f411c76
📌 Victim: Aave Pool 0x3eeeb3cd20f844a578807fc457388ceb9a67faa6
📌 Vulnerable Contracts:
- Price Source: 0x4c2c9df4559d80e0a7aa3c7f281704a7992f4ce2
- ERC4626 Vault: 0x14f37168ab9eafcd94d5b142a00e6e9b261bad48 (WrappedBackedTokenImplementation)
Flash loan + donation attack on ERC4626 vault manipulates oracle, enabling attacker to drain ~$350k and other reserves.
Powered by #SlowMist.AI(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink