Security

Moonwell Lending Protocol Drained by Chainlink Oracle Price Manipulation on Base

A transient oracle malfunction on the Base L2 allowed collateral mispricing, exposing a critical systemic risk in the protocol's asset valuation logic.
November 28, 20253 min

The image presents a striking visual juxtaposition of a dark, snow-covered rock formation on the left and a luminous blue crystalline structure on the right, separated by a reflective vertical panel. White mist emanates from the base, spreading across a reflective surface
A central, transparent blue faceted structure forms the core, axially connected to a porous silver component and surrounded by blue discs and metallic elements. The intricate arrangement highlights the sophisticated internal mechanics of a complex system

Briefing

The Moonwell lending protocol on the Base L2 suffered a critical economic exploit, leveraging a transient malfunction in its external price oracle. This systemic failure resulted in the immediate accrual of significant bad debt and a rapid $55 million outflow from the protocol’s Total Value Locked (TVL) as users withdrew assets. The attack vector was predicated on the oracle incorrectly valuing a minimal 0.02 wrstETH deposit at $5.8 million, enabling the attacker to repeatedly borrow and net a total profit of approximately $1.01 million (292 ETH). The incident confirms that even minor oracle data errors present a major economic attack surface for collateralized lending platforms.

A close-up view presents a sophisticated metallic device, predominantly silver and blue, revealing intricate internal gears and components, some featuring striking red details, all situated on a deep blue backdrop. A central, brushed metal plate with a bright blue circular ring is partially lifted, exposing the complex mechanical workings beneath

Context

Lending protocols inherently face oracle dependency risk, where collateral valuation is outsourced to external data feeds, creating a single point of failure for economic security. This incident follows a known pattern of oracle-based exploits, particularly in forks of legacy protocols, which often lack robust, time-weighted average price (TWAP) mechanisms or circuit breakers to validate extreme price deviations. The protocol’s prior decision to eliminate its bug bounty program also signaled a reduced incentive for proactive, white-hat vulnerability disclosure, increasing the probability of a successful attack.

The image displays multiple glossy white spheres interconnected with faceted blue crystalline forms, all encircled by a smooth white ring. These elements are set against a dark, blurred background with subtle bokeh lights

Analysis

The compromise originated from a temporary data feed error in the Chainlink oracle for wrstETH , which inflated the asset’s value by several orders of magnitude. The attacker initiated a flash loan to acquire a negligible amount of the token, which was then deposited as collateral into the Moonwell contract. Due to the oracle’s erroneous $5.8 million valuation, the protocol’s internal logic permitted the attacker to borrow over 20 wstETH → far exceeding the true collateral value → before the oracle corrected its feed. This operation was successfully repeated across seven rapid transactions, exploiting the window of vulnerability and bypassing standard liquidation checks within a single block execution environment.

A close-up view reveals a highly detailed, translucent blue structure with a dynamic, fluid-like appearance, intricately surrounding and interacting with polished silver-toned metallic components. One prominent cylindrical metallic part features fine grooves and a central aperture, suggesting a precision-engineered mechanism

Parameters

  • Total Funds Lost (Attacker Profit) → ~$1.01 Million – The net profit extracted by the threat actor in ETH and other assets.
  • Collateral Misvaluation → $5.8 Million – The temporary, inflated price for 0.02 wrstETH reported by the compromised oracle.
  • Accrued Bad Debt → $3.7 Million – The total shortfall in collateral value left in the protocol’s reserves.
  • TVL Drop → $55 Million – The immediate capital flight from the protocol following the disclosure.

A high-resolution close-up showcases a futuristic, metallic lens system integrated into an organic, textured blue casing, adorned with translucent patterns and small bubbles. Ancillary metallic components and a white slotted structure are visible on the periphery, highlighting intricate design details

Outlook

Immediate mitigation requires all lending protocols utilizing external price feeds for volatile or low-liquidity assets to implement robust circuit breakers and sanity checks against extreme price divergence. The contagion risk is moderate, primarily affecting other Compound V2 forks or protocols relying on similar single-source oracle architectures without TWAP or decentralized validation layers. This incident reinforces the emerging standard that protocol solvency must be protected by internal, decentralized risk parameters that cannot be unilaterally overridden by a single external data feed, regardless of its reputation.

The image displays an abstract arrangement centered on a large, irregular, deep blue translucent form, resembling a crystalline or icy structure. Several elongated, sharp-edged white elements are embedded within this blue mass, while a frothy white substance spreads outwards from its base, topped by a white sphere and a cloud-like puff

Verdict

This exploit serves as a definitive validation that even industry-leading oracle infrastructure is susceptible to transient data errors, necessitating a mandatory shift toward multi-layered, on-chain risk mitigation checks within all lending protocol smart contracts.

DeFi lending protocol, oracle price feed, collateral misvaluation, flash loan attack, Base Layer Two, smart contract exploit, systemic risk, asset valuation logic, wrapped staked ETH, bad debt accrual, single block transaction, token price manipulation, decentralized finance, L2 blockchain security, Chainlink oracle, protocol solvency, risk parameter tuning, multi-chain protocol, liquidation mechanism, external dependency failure Signal Acquired from → ambcrypto.com

Micro Crypto News Feeds

lending protocol

Definition ∞ A lending protocol is a decentralized application that facilitates the borrowing and lending of digital assets without intermediaries.

external data

Definition ∞ External data refers to information originating from outside a blockchain network that is required for smart contract execution.

chainlink oracle

Definition ∞ A Chainlink oracle is a decentralized service that provides external data to blockchain-based smart contracts.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

collateral misvaluation

Definition ∞ Collateral misvaluation occurs when the value assigned to an asset pledged as security in a financial transaction is inaccurate.

collateral

Definition ∞ Collateral refers to an asset pledged by a borrower to a lender as security for a loan.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

protocol solvency

Definition ∞ Protocol solvency refers to a decentralized protocol's ability to meet its financial obligations and maintain the integrity of its asset reserves.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

Tags:

Tags: