On June 26, 2025, Resupply, a decentralized lending protocol operating as a sub-DAO of Convex and Yearn Finance, lost $9.56 million in a devastating attack that unfolded in just 90 minutes. The exploit targeted a newly deployed cvcrvUSD vault, leveraging a classic donation attack to manipulate exchange rates and drain the protocol's entire treasury.

Timeline of the Attack

12:18 AM - New crcrvUSD vault deployed with ERC-4626 vault contracts
1:53 AM - Attacker executes exploit, stealing $9.56 million
2:53 AM - Protocol initiates emergency response, setting borrow limits to zero

How the Attack Unfolded

Step 1: Flash Loan Setup

The attacker began by borrowing $4,000 USDC from Morpho through a flash loan, converting it to 4,000 crvUSD to fund the manipulation.

Step 2: The Donation Manipulation

With the flash loan in hand, the attacker executed a classic ERC-4626 donation attack:

• Donated 2,000 crvUSD directly to the newly deployed, empty vault contract
• Deposited 2 crvUSD to mint just 1 wei of cvcrvUSD shares

This single wei now represented the entire donated amount in the vault's accounting system, creating a massively inflated share price of 2,000,000,000,000,000,001,998,001,998,001,998.

Step 3: Exchange Rate Manipulation

When the ResupplyPair contract's _updateExchangeRate() function calculated the exchange rate, it used the following formula:

_exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));

With the inflated oracle price exceeding 1e36, Solidity's integer division caused the exchange rate to round down to zero.

Critically, the contract lacked any validation such as require(_exchangeRate > 0), allowing this invalid value to be written to storage.

Step 4: Bypassing Solvency Checks

The zero exchange rate then flowed into the _isSolvent() function, which calculates a borrower's Loan-to-Value (LTV) ratio:

_ltv = ((_borrowAmount * _exchangeRate * LTV_PRECISION) / EXCHANGE_PRECISION) / _collateralAmount;

With _exchangeRate = 0, the entire LTV calculation collapsed to zero, causing the solvency check to always return true regardless of the loan amount.

Step 5: Draining the Protocol

Using just 1 wei of worthless collateral, the attacker borrowed 10 million reUSD tokens—the protocol's entire borrow limit. The funds were then:

• Swapped for stablecoins and ETH via Curve and Uniswap
• Split across multiple addresses (0x6D9f6 and 0x31129)
• Laundered through Tornado Cash

The Immediate Impact

The consequences were swift and severe:

• reUSD depegged to $0.98 immediately
• Total Value Locked (TVL) plummeted as users lost confidence
• Emergency governance actions were required to freeze borrowing and prevent further losses

What Olympix Found

Olympix's internal audit agent identified this exact vulnerability. Our audit agent flagged a High severity finding in the ResupplyPairCore contract:

[High] exchange_rate_manipulation

Vulnerable Function: ResupplyPairCore.sol: _updateExchangeRate()

Vulnerability Details: The contract calculates the collateral exchange rate using 1e36 / IOracle(...).getPrices(...). This calculation uses integer division and lacks protection against price manipulation. An attacker can exploit a low-liquidity ERC4626 collateral vault via a donation attack to inflate the price reported by the oracle. If the reported price exceeds 1e36, the calculated _exchangeRate rounds down to zero.

Critical Impact: A zero exchange rate causes _isSolvent() to always return true, effectively disabling all LTV checks and allowing an attacker to borrow unlimited funds against negligible collateral, draining the pair contract.

Recommended Mitigation: Add a zero-check on the calculated exchange rate and ensure newly created markets are properly initialized to prevent price manipulation.

How Olympix Could Have Prevented This Exploit

1. Audit Agent Detection

Olympix's internal audit agent autonomously analyzes smart contracts to identify complex logic errors and economic attack vectors. Our audit agent identified the exact vulnerability that led to the $9.56 million loss:

• Missing validation checks on the exchange rate calculation
• Integer division vulnerability that could result in zero values
• Solvency bypass risk through LTV calculation manipulation

By running Olympix's audit agent during the development or pre-deployment phase, the Resupply team would have been alerted to this critical flaw before deploying the vault to mainnet.

2. Automated Unit Testing

Olympix generates comprehensive unit tests that cover edge cases and attack scenarios. For this vulnerability, our automated testing would have created test cases including:

• Exchange rate calculations with inflated oracle prices
• Donation attacks on empty or low-liquidity vaults
• Solvency checks with zero or near-zero exchange rates
• Borrowing attempts with negligible collateral

These tests would have immediately exposed the flawed logic in the _updateExchangeRate() and _isSolvent() functions.

3. Mutation Testing for Logic Validation

Olympix's mutation testing systematically modifies code to ensure test suites catch real bugs. For the Resupply vulnerability, mutation testing would have:

• Removed or modified the exchange rate calculation to verify proper validation
• Tested boundary conditions where division results in zero
• Validated that the test suite catches missing sanity checks

This would have revealed that existing tests failed to catch the integer division edge case.

4. Continuous Security Integration

Unlike traditional audits that provide a one-time snapshot, Olympix integrates directly into the development workflow:

• Real-time feedback as developers write code
• Automated security checks on every commit
• Pre-deployment verification before mainnet launch

This shift-left security approach means vulnerabilities are caught and fixed during development, not discovered in production by attackers.

The Core Problem: Empty Vault Deployment

ERC-4626 vaults calculate share prices based on the ratio of assets to shares. In empty or near-empty vaults, this creates a dangerous scenario:

Normal vault: 1,000 shares represent 1,000 tokens = 1:1 ratio
Empty vault after donation: 1 share represents 2,000 tokens = 1:2,000 ratio

This inflated ratio breaks price calculations, enabling the exploit. The vulnerability was entirely preventable through proper initialization practices.

Key Takeaways

This exploit demonstrates a fundamental truth about DeFi security: 90% of exploited smart contracts were previously audited. Traditional point-in-time audits are insufficient to protect against well-known attack patterns like donation attacks.

The Resupply hack was entirely preventable through:

1. Proper vault initialization - Seeding new vaults with initial liquidity makes donation attacks economically unfeasible
2. Exchange rate validation - Adding simple sanity checks like require(_exchangeRate > 0) would have blocked the exploit
3. Virtual shares implementation - Using virtual shares prevents empty vault manipulation from deployment
4. Continuous security monitoring - Automated tools that catch vulnerabilities before deployment, not after exploitation

How to Protect Your Protocol

The difference between a $9.56 million loss and a secure deployment comes down to integrating security throughout the development lifecycle:

• Automated audit agents to identify logic errors and economic vulnerabilities
• Automated unit testing to validate edge cases and attack scenarios
• Mutation testing to ensure test suites actually catch bugs
• Pre-deployment validation to verify security before mainnet launch

A $4,000 flash loan became a $9.56 million theft because of missing validation checks and improper vault initialization. With Olympix's proactive security tools integrated into the development process, this vulnerability would have been identified and fixed before the vault ever went live, saving Resupply and its users from a devastating loss.

In DeFi, security isn't just about reviewing code after it's written. It's about building security into every step of the development process, catching vulnerabilities before attackers do.

Get Started with Olympix

Explore Olympix's suite of smart contract tools and learn more about the Olympix-led automated smart contract audit process. Empower your team to take control of your smart contract security from the start. Get your first scan FREE!