XLinkedInTelegram
Hack Analysis

Resupply Hack: How a donation attack led to $9.5m in Losses?

Explore how Resupply lost $9.5M in a donation attack due to a vault price manipulation. Know the flow, impact & how it could’ve been prevented.

Author
QuillAudits Team
June 27, 2025
Resupply Hack: How a donation attack led to $9.5m in Losses?
XLinkedInTelegram

Resupply is a stablecoin issuer; the stablecoin is backed by the Collateralized Debt Positions (CDPs), similar to how Sky Protocol works. It is a sub-DAO protocol of Convex and Yearn Finance.

The protocol was attacked with a donation attack on June 26, 2025, at 1:53 AM UTC. Notably, the attack occurred on a recently deployed pool of wstUSR by the protocol, which led to the loss of $9.5m to the protocol. The analysis covers the hack details, how it happened, the attack flow, and the funds lost.

Hack Analysis and Its Impact

The protocol, being completely decentralized and managed as a DAO, a proposal to deploy the crvUSD_wstUSR market got approved recently. As this market got deployed, only an hour and a half later, it got attacked. These markets follow ERC-4626 contracts.
 

Flow of Attack

The attacker took a flash loan of $4k USDC from Morpho and converted it to crvUSD.

image (79).webp

Donation of 2k crvUSD to 0x89707 and minted 1 wei cvcrvUSD by depositing 2 crvUSD.

image (80).png

The attacker then used this 1 wei cvcrvUSD as collateral and borrowed around 10M $reUSD.

image (81).png

Then these assets are swapped with 9.33m scrvUSD through a swap from 10m reUSD. And the scrvUSD is converted to 9.81m crvUSD and then converted to WETH.
 

Timeline of the Attack

  1. Deployment of the wstUSR market at 12:18:47 AM UTC.
  2. The attacker's address got funded via Tornado Cash at 1:50:11 AM UTC
  3. The attacker exploited the market through a donation attack at 1:53:59 AM UTC, which is about 1.5 hours later from the market creation.
  4. The attacker split the assets into two accounts in the same attack transaction.
  5. The protocol set the borrow limit to 0 at 2:53:23 AM UTC.
     

Some Key Events

wstUSR market deployment as per the governance proposal: 0x852eca15a9fd352817346915f7bc8817d46de349bd7a8fc6ee73c7b66ec9ab41

Tornado Cash Funding: 0x1962eb353a37ca816a6d967279dfdb005a640fe3b22ccb9e00939fe5810d8fb5

Attack Transaction: 0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3

reUSD depegged to $0.98 at 1:54 AM UTC

image (82).webp
Source: DexScreener

Resupply TVL plummeted

image (83).webp
Source: https://defillama.com/protocol/resupply

Setting the borrow limit to 0: 0x926ffae5506d261dde27910b8cfa0abae8d44eecfbb67a1c67a63c687bc30b3b

image (84).webp

Root Cause Analysis

The contract calls the getPrices function in the ResupplyPairCore contract, which returns a huge value of 1 wei of cvcrvUSD collateral. The value it returned is 2,000,000,000,000,000,001,998,001,998,001,998, which is incorrect.

The reason for the wrong prices is the donation attack done by the attacker; the initial donation of 2k crvUSD inflated the prices of shares, which were minted later by depositing 2 crvUSD into the protocol. Extra assets in the pool increased the price per share, cvcrvUSD.

Don’t Let Donation Attacks Drain Your Protocol!

If you're building with ERC-4626 or similar vault strategies, now’s the time to tighten your security. Let QuillAudits help you fortify your contracts and avoid critical loopholes.

Request An Audit

Now, if we do the math and divide 1e36 by the above number, we get to ~0.499, which rounds off to 0, and the function _updateExchangeRate returns the exchange rate as 0.

image (85).webp

After this, the contract calls _isSolvent to do the solvency check based on the exchange rate, and since the exchange rate is 0, the LTV is 0, and it returns true, hence the user is solvent.

image (86).webp

After a successful check of solvency, the protocol mints 10m reUSD tokens to the attacker contract, which was the borrow limit.
 

Relevant Addresses and Transactions

Victim Contract: 0x6e90c85a495d54c6d7e1f3400fef1f6e59f86bd6

Attack Txn: 0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3

Attack Contract #1: 0x151aA63dbb7C605E7b0a173Ab7375e1450E79238

Attacker Contract #2: 0xf90dA523A7C19A0A3d8d4606242c46f1eE459dc7

Resupply Attacker #1: 0x6D9f6E900ac2CE6770Fd9f04f98B7B0fc355E2EA (Funded by Tornado Cash)

Attacker Address #2: 0x31129a5c13306A48E827e851D44E19Ca07d4928A (Funded by 0x6D9f6E900ac2CE6770Fd9f04f98B7B0fc355E2EA - Attacker Address #1) [Holds $5.51M]

Attacker Address #3: 0x886f786618623ffFB2be59830A47661Ae6492E16 (Funded by 0x151aA63dbb7C605E7b0a173Ab7375e1450E79238) [Holds $3.90M]
 

How the Hack Could Have Been Prevented?

The attack essentially occurred because the protocol used the balanceOf function to calculate the balance of the vault and did the accounting based on that, which is not bad if the protocol's vault has assets already; this is how the basic accounting works in ERC-4626. The problem usually occurs when the pool is empty, which was true in this case.

Empty pools are mostly the target of donation attacks, as the attacker donated certain assets and then minted shares against a small deposit. These donated funds increase the balance of the vault, which inflates the price of each share in the pool.

A good solution to this is using virtual shares/offset as explained in this article by Cyfrin. The vault essentially pretends that it already has some assets and shares from the very beginning, and acts as an offset that doesn’t let anyone manipulate the exchangeRate of the vault.
 

Conclusion

Resupply recently deployed the market of wstUSR through a governance vote, got attacked, and led to stolen assets worth $9.8m. The core reason behind the attack was a donation made by the attacker, which manipulated the exchange rate for the vault shares. The inflated price of shares helped the attacker to borrow 10m reUSD from the protocol.

We recently published guidelines for developers that should be kept in check while utilizing ERC-4626 for your project. Check it out here.

At QuillAudits, with our 7+ years of experience and 1M+ lines audited, we make sure your code is safe and prevent it from different vulnerabilities.

Contents

Tell Us About Your Project
Request An Audit
Subscribe to Newsletter
hashing bits image
Loading...

STAY IN THE LOOP

Get updates on our community, partners, events, and everything happening across the ecosystem — delivered straight to your inbox.

Subscribe Now!

newsletter
DeFi SecurityplumeUniswap FoundationAethiropt-collectivePolygon SPNBNB Chain Kickstart

Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates P.O box: 416654

audits@quillaudits.com

All Rights Reserved. © 2025. QuillAudits - LLC

Privacy Policy