XLinkedInTelegram
Hack Analysis

How Dexodus Finance Lost $300k to Signature Replay Attack?

Dexodus Finance lost $300K in a signature replay attack. Discover how it happened, the exploit flow and how to prevent such vulnerabilities.

Author
QuillAudits Team
June 4, 2025
How Dexodus Finance Lost $300k to Signature Replay Attack?
XLinkedInTelegram

Dexodus is a perpetual derivatives protocol that functions on a pool-based model. The protocol was live on Base Network.

On May 26th, 12:43 UTC, the protocol got hit with an attack that led to the loss of funds from the exchange liquidity pool. The analysis covers the hack details, how it happened, the attack flow, and the funds lost.
 

Hack Analysis and Its Impact

The attacker initially took a flash loan of $10.5k from the Balancer vault to execute the attack.

image (23).webp

The attacker utilized the old signatures and used them to manipulate the position index price(the price at which the position was opened). They set the price of ETH to $1816. The attacker took a 100x long position on ETH at this price by providing a collateral of $10k, taking the position size to $1M.

image (24).webp

Then the attacker closed the position at the market price.

image (25).webp

Closing the position helped the attacker to earn about $300k from the pool, leaving the protocol liquidity pool empty.

image (26).webp

The attacker then returned the initial $10.5k they borrowed as a flashloan to the Balancer vault and profited the rest.

Don’t Let Replay Attacks Drain Your Protocol!

Dexodus lost $300K to reused oracle signatures. Avoid similar risks with QuillAudits. We catch hidden vulnerabilities before attackers do.

Request An Audit

Root Cause Analysis

The protocol utilizes Chainlink price feeds. The attacker utilized the old signatures of the oracle signers and pushed the altered prices of ETH. The following function is responsible for verifying the signature. Notice how it doesn’t take into consideration the nonce or any unique data. An application-level check for the latest data would have worked here.

image (27).webp

The entry point of the attacker was the performUpKeep function, where they pushed the performData. This data is decoded to signedReports and extraData.

image (28).webp

image (29).webp

The signedReport is then decoded to different components required to verify the signature, including r, s, and the reportData value. The reportData variable has the data for the ETH index price. The r and s data consists of 6 values, each representing signature components from the signers.

image (30).webp

Upon decompiling the data using tools like Swiss Knife, one can see the prices pushed by the attacker, and also in the above images, when the attacker opened a long position, it was $1816.83.

image (31).webp

The attacker used the old signatures, and the function emitted the ReportVerified event, executing the position at the price submitted by the attacker.

image (32).webp

Once the position was opened, the attacker changed the prices back to the market values and closed their long position.
 

Attack Flow:

image (33).webp

Attack Tx Hash (Base): 0x6ffb494293fc5c32c5a6ab7dc3fff1fcc6e90fba9a6d6e486ba0a15ce518147e
 

Fund Flow Post Attack

The attacker bridged the funds through Stargate to Ethereum.

image (34).webp

Attacker Wallet: 0x863D3B920a6D98D5689D2cB8Bb0D61E90a91e0dc

Source Tx Hash (base): 0x523270ae393cc407b35c83ba854776535ca6d05f7433a07faad3f713e120947f

Destination Tx Hash (Ethereum):

0xec19670949b77ffdf92a2fcfc86175d687800051ab80ca3f12b48b1de03db26e

The attacker later transferred about 107ETH to a safe multisig owned by the team. https://etherscan.io/tx/0x69fbc7f5890bb90fb433880b68b383db93003d79cf3b3fb4a1ff7eea38334e1d

image (35).webp

The attacker later transferred the remaining 6.2 ETH to wallet 0xc372Ca5ed1004dDF649fcBa129F7b64FDB9FF607, which later transferred the funds to Binance (likely the bounty).

https://etherscan.io/tx/0x265283b45cd5489a24a56334dd91828f251340b32efaa94e4f9c856a164b6aac

How the Hack Could Have Been Prevented?

The root cause of the attack was letting the old signatures from the chainlink signers be utilized again in the protocol and executing the same report data.

It could have been avoided by having an application-level check if the protocol is using the latest data or not. Derivatives protocols are complex, and edge cases like these are often overlooked by the protocols. It is essential to go through a rigorous audit process before deployment.
 

Conclusion

Dexodus Finance was recently hit with an exploit, leading to the loss of ~$300k from the protocol’s liquidity pool. The protocol utilized Chainlink price feeds but didn’t implement robust signature verification to verify the data submitted.

The lack of verification helped the attacker to submit the older, lower prices of ETH, open a 100x leveraged long position, push the prices back to the market value, and close their position.

At QuillAudits, with our 7+ years of experience in testing and auditing smart contracts and our multi-layered auditing framework, we ensure that exploits like these can be avoided.

Contents

Tell Us About Your Project
Request An Audit
Subscribe to Newsletter
hashing bits image
Loading...

STAY IN THE LOOP

Get updates on our community, partners, events, and everything happening across the ecosystem — delivered straight to your inbox.

Subscribe Now!

newsletter
QuillAudits Logo
audits@quillaudits.com

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

Privacy Policy

All Rights Reserved. © 2025. QuillAudits - LLC

ALL SERVICES
LANGUAGES
CHAINS
RESOURCES
PROGRAMS
COMPANY
DeFi SecurityTelangana GovtBharat Web3CoinwebCoinGeckoUniswap Foundation

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

audits@quillaudits.com

All Rights Reserved. © 2025. QuillAudits - LLC

Privacy Policy