Skip to main content

Donation Attacks

Introduction

This scenario illustrates a worst-case hypothetical attack on a lending protocol that relies on exchange rate manipulation of ERC-4626 vaults. Specifically, it focuses on an attack on a lending protocol that lists an ERC-4626 vault as both collateral and a borrowable asset, and uses the vault’s exchange rate as an oracle to price the underlying asset.

Although this particular scenario is highly unlikely in real-world conditions, exploring this case helps identify mitigations that strengthen protocol security in more realistic situations. The mechanics of the attack are outlined below or you can move directly to a worked example in this Google Sheet.

It is important to note that this hypothetical attack vector only works for basic ERC-4626 vault implementations and, in particular, not for more advanced ERC-4626 vault implementations, such as Euler Vault Kit (EVK) vaults, which can be custom-built to be safely priceable through mechanisms like internal balance tracking.

Attack

Initial setup

System Configuration:

  • ERC-4626 Vault: Allows depositing ABC to receive wABC.
  • Lending Protocol: Uses the ABC/wABC exchange rate to value wABC.
  • Collateral & Borrowing Rules:
    • wABC as Collateral to borrow USDC: 0.8 LTV (80% of wABC value can be borrowed).
    • USDC as Collateral to borrow wABC: 0.8 LTV (80% of USDC value can be borrowed).

Attack steps

  1. Flash loan setup

    • Attacker flash loans 1M ABC, wraps it into 1M wABC, and deposits it into the lending protocol (Account 1).
    • Simultaneously, the attacker flash loans 100M USDC and deposits it as collateral (Account 2).

  2. Building a leveraged position

    • Account 2 borrows 1M wABC and transfers it to Account 1, which re-deposits it into the vault.

    • This process is looped 80 times, resulting in:

      • Account 1: Holds 80M wABC as collateral.
      • Account 2: Has 100M USDC collateral and 80M wABC debt.

  3. Manipulating the exchange rate with donation

    • Account 1 withdraws 1M wABC and redeems 999,999 wABC for 999,999 ABC, leaving 1 wABC in the vault.
    • The vault now holds 1 ABC with 1 wABC in circulation (exchange rate = 1).
    • Account 1 transfers (donates) 999,999 ABC back to the vault, causing the exchange rate to increase 1 million-fold.

  4. Collateral and debt impact

    • The inflated exchange rate revalues Account 1's 79M wABC collateral to 79 trillion ABC.
    • At the same time, Account 2's 80M wABC debt also skyrockets, rendering the account insolvent (100M USDC collateral vs. 79T wABC debt).

  5. Extracting profit

    • Using the inflated collateral, the attacker borrows as many assets as possible from the lending protocol.
    • Repays the 101M flash loans, keeping any excess assets as profit.

How to Prevent This Attack

Prevent exchange rate manipulation

The attack relies on manipulating the exchange rate within an ERC-4626 vault. The most effective safeguard is to implement internal balance tracking mechanisms that prevent external donations from influencing the exchange rate. This approach stops the attack at Step 3.

Avoid vulnerable vaults as collateral

For ERC-4626 vaults where the exchange rate can be altered by donations, a simple mitigation strategy is to:

  • Avoid listing these vaults as collateral or
  • Prevent them from being borrowable in the lending protocol.

This measure cuts off the attack at Step 2.

Implement supply and borrow caps

If vulnerable ERC-4626 vaults must be used as collateral and borrowing assets, additional safeguards can reduce the risk:

  • Set conservative supply and borrow caps that do not exceed the total circulating supply of the vault’s share tokens.
  • This limits the effectiveness of donations, increasing the cost of the attack and making it unprofitable.

Use a wrapped exchange rate oracle

A wrapped exchange rate oracle can prevent extreme or rapid changes in the exchange rate:

  • Cap exchange rate increases within a set threshold.
  • Limit the rate of change within a single block, breaking the attack’s atomicity.
  • This forces the attacker into a multi-block strategy, exposing them to secondary market risks, which could result in financial losses.

Important note: Some existing wrapped exchange rate oracles may still be vulnerable to this type of attack. For example, certain price feeds from third-party oracle providers report the redemption price of an asset. However, this redemption price might internally use the ERC-4626 exchange rate, which, as shown earlier, can be manipulated through donation attacks. As a result, relying on these redemption price oracles may expose protocols to the same risks described in this scenario.

Conclusion

This hypothetical attack demonstrates how exchange rate manipulation in ERC-4626 vaults can be exploited to target lending protocols that allow vulnerable vaults as both collateral and borrowable assets.

The most robust protection involves internal balance tracking, as implemented in Euler’s EVK vaults, which fully mitigates the attack. Other strategies, such as supply and borrow caps, can also make these attacks unprofitable under normal market conditions, adding an extra layer of security.