Term Labs is a fixed-rate lending and borrowing protocol that recently lost around $1.5M due to a poor protocol upgrade. It wasn’t a smart contract hack but a missed check by the team.
On April 26, 2025, 14:31 UTC, the first incident occurred, followed by another on 14:32 UTC. The analysis covers the incident details, how it happened, and the funds lost.
Loss Analysis and Its Impact
The root cause of the incident was the bad protocol upgrade to the pricing mechanism of the Treehouse tETH oracle. In the upgrade, there was a mismatch in the decimals.
The Term Labs price feed is derived from Chainlink, but during the upgrade, the decimals data for the tETH oracle was incorrect, which led to unintended liquidation.
During the time window when this update was live, the liquidator (0x416bcE754903a57b1Ed2E771025Db8521b8dfc54) followed the normal protocol conditions and liquidated the positions, as there was a huge mismatch in the price, gaining access to the funds of the users. The positions that were liquidated were not meant to be liquidated according to the market price.
The incident affected about 18 term lab users as their position was the one which got affected by the incident.
The attack impacted the following positions as per the Term post-mortem analysis:
0x4cab233548f729f23b9db55315a6660328d2a430 [wETH/ tETH maturing May 2, 2025]
0xa96ea908137c4fcc4ad40cefc416b22e6847f85b [ wETH/tETH maturing May 09, 2025]
Flow of Funds Post Attack
After the incident, the funds were returned to the Term Finance Smart Contract (0x8f0ea6dc39336edb3e538718c16df0308ea69a22) through negotiations between the team and the liquidator.
0x0ddf030a567809018358961930c4f4c279b80ec61c252bfa423546863f7a2327
Relevant Transactions
0x8da015d7c362a082fd23736b08dc17d3a9794086b713590273c9535a4c47a7e2
0xaa10cc076f27fcf7fc0b0a83ad170983e6791f5349d097ef4db0592a55d64048
Team Response
The team has worked with the liquidator and their partners to create a reimbursement plan for the users. They have secured a total of 695 wETH and have started the distribution to the affected users according to their tweet.
How the Loss Could Have Been Prevented?
The Term team was active during the incident timeline, but critical protocol upgrades, which involve updates to the oracle, protocol mechanism, and can directly affect the user interaction with the app, should be reviewed by a third party, and the Term team has acknowledged it.
In this case, a simple, thorough check and testing of the code before the deployment could have saved the human error.
Conclusion
The liquidator took advantage of the protocol's bad upgrade to the tETH price oracle and liquidated positions affecting a bunch of users.
It is important to involve a third party to validate the code before deploying the code to the mainnet.
At QuillAudits, with our 7+ years of experience, 1400+ audits, and $ 30b+ secured, we make sure a proper review of code is done with our multi-layered auditing approach.
