Security

Lending Protocol Drained by Temporary Oracle Failure Mispricing Wrapped Staked Ether

A critical misvaluation of wrapped staked Ether collateral allowed a rapid, multi-transaction liquidation and asset drain, exposing the systemic risk of external data dependency.
November 23, 20253 min

The image displays vibrant blue crystalline formations, partially covered in white, snow-like granular material, intersected by polished silver rods. Several transparent, reflective spheres float around these structures, some resting on the white substance
The image presents an abstract arrangement of volumetric blue and white masses, transparent geometric forms, and a distinct white fibrous object. Central to the composition, a clear, faceted structure encases a smooth white sphere, surrounded by the ethereal masses

Briefing

The Moonwell lending protocol on the Base network was compromised via a Chainlink oracle malfunction that temporarily mispriced a wrapped liquid staking token (LST) collateral. This oracle failure created a false capital surplus, allowing a malicious actor to deposit a negligible amount of the LST and borrow significant assets against its artificially inflated value, resulting in a direct liquidity drain from the protocol. The attacker executed several rapid, leveraged transactions to maximize the exposure before the price feed corrected, securing a total profit of approximately $1.1 million in digital assets.

A white spherical module with a clear lens is positioned centrally, surrounded by numerous blue, faceted crystal-like structures. The sphere has segmented panels with glowing blue lines, while the blue crystals reflect light, creating a sense of depth and complexity

Context

The prevailing attack surface for lending protocols remains the reliance on external price feeds, particularly for volatile or complex assets like LSTs, which often lack the deep liquidity of primary assets. Prior to this event, the sector had documented numerous instances of oracle manipulation where protocols failed to implement robust sanity checks for extreme price deltas or stale timestamps. This specific incident underscores a persistent infrastructure dependency risk, where a glitch in a primary data provider can be immediately weaponized to exploit smart contract logic.

The image displays an abstract arrangement centered on a large, irregular, deep blue translucent form, resembling a crystalline or icy structure. Several elongated, sharp-edged white elements are embedded within this blue mass, while a frothy white substance spreads outwards from its base, topped by a white sphere and a cloud-like puff

Analysis

The attack vector leveraged a temporary mispricing of the wrstETH token, where the Chainlink oracle feed briefly reported a value of $5.8 million for a small deposit of 0.02 wrstETH. The attacker deposited this small amount, which the lending contract’s logic accepted at the erroneous, highly inflated valuation, thereby establishing a massive borrowing capacity. They then proceeded to borrow large amounts of liquid assets like wstETH repeatedly against this synthetic collateral, effectively draining the pool. The speed of the attack, executed within a few blocks, was critical to preventing timely detection and liquidation, confirming the exploit was a technical arbitrage of a transient data-layer failure.

A spherical object is vertically split, showcasing a smooth, light blue left half with several circular indentations, and a translucent, darker blue right half containing swirling white cloud-like forms and internal structures. A dark, circular opening is visible at the center of the split line, acting as a focal point between the two distinct halves

Parameters

  • Total Funds Stolen → $1.1 Million (The approximate net profit secured by the attacker in ETH)
  • Collateral Misvaluation → $5.8 Million (The temporary, erroneous value assigned to the small initial collateral deposit)
  • Vulnerable Asset → wrstETH (The wrapped liquid staking token whose oracle price feed was compromised)
  • Affected Blockchain → Base Network (The Layer 2 environment where the lending protocol operates)

A white, glossy sphere with silver metallic accents is encircled by a smooth white ring, set against a dark grey background. Dynamic, translucent blue fluid-like structures surround and interact with the central sphere and ring, suggesting energetic movement

Outlook

Immediate mitigation for users requires revoking approvals for any transaction executed during the compromise window and moving assets to secure, non-affected vaults. For protocol developers, this incident necessitates an immediate review of all oracle integration points to implement a robust secondary validation layer. New security best practices will mandate that lending protocols employ time-weighted average price (TWAP) feeds or implement strict, multi-source price sanity checks to prevent single-point-of-failure data anomalies from triggering catastrophic logic flows. Contagion risk is elevated for other protocols on Base and similar L2s that utilize LSTs with single-source oracle feeds.

The exploit confirms that even protocols using industry-standard oracles remain systemically vulnerable to transient data glitches if core smart contract logic lacks independent price validation and extreme delta checks.

oracle price manipulation, lending protocol risk, asset misvaluation, collateralized debt, external dependency failure, smart contract solvency, liquidity pool drain, decentralized finance exploit, Base network vulnerability, multi-chain protocol risk, flash loan attack, price feed integrity, wrapped liquid staking, protocol security audit, risk management failure, on-chain forensics, transaction monitoring, systemic market risk, token collateralization, liquidation mechanism Signal Acquired from → coingabbar.com

Micro Crypto News Feeds

liquid staking token

Definition ∞ A Liquid Staking Token (LST) is a derivative token that represents staked cryptocurrency on a proof-of-stake blockchain.

smart contract logic

Definition ∞ Smart contract logic refers to the predefined, self-executing code embedded within a smart contract that dictates its behavior and conditions for execution.

chainlink oracle

Definition ∞ A Chainlink oracle is a decentralized service that provides external data to blockchain-based smart contracts.

collateral

Definition ∞ Collateral refers to an asset pledged by a borrower to a lender as security for a loan.

liquid staking

Definition ∞ Liquid Staking is a DeFi mechanism that allows users to stake their cryptocurrency holdings while retaining liquidity.

lending protocol

Definition ∞ A lending protocol is a decentralized application that facilitates the borrowing and lending of digital assets without intermediaries.

lending protocols

Definition ∞ Lending Protocols are decentralized applications (dApps) built on blockchain networks that facilitate the borrowing and lending of digital assets without traditional financial intermediaries.

Tags:

Tags: