On June 26, 2025, the decentralized lending protocol Resupply suffered a devastating $9.56 million exploit that exposed critical vulnerabilities in how newly deployed ERC-4626 vaults handle exchange rate calculations. The attack, executed in a single flash loan transaction, drained the protocol’s wstUSR market just 90 minutes after deployment — a stark reminder that even well-audited DeFi contracts can harbor fatal flaws in their mathematical logic.
The Exploit Mechanics
The attack targeted Resupply’s cvcrvUSD vault, a newly deployed ERC-4626 compliant vault that serves as collateral within the protocol’s lending system. Resupply operates as a sub-DAO of Convex and Yearn Finance, using Collateralized Debt Positions to back its stablecoin reUSD. The vulnerability lay in an integer division flaw within the exchange rate calculation at ResupplyPairCore.sol:573, where the code computed _exchangeRate = 1e36 / IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral)).
The attacker recognized that this newly deployed vault contained virtually no liquidity. They borrowed approximately $4,000 USDC from Morpho and converted it to crvUSD. Then came the critical manipulation: they donated 2,000 crvUSD directly to the empty vault contract and deposited just 2 crvUSD to mint a single wei of cvcrvUSD shares. Because the vault was nearly empty, this tiny deposit — representing just one quadrillionth of a token — controlled the entirety of the donated funds in the vault’s accounting. The oracle dutifully reported this inflated value, causing the exchange rate calculation to round down to zero through Solidity’s floor division.
Affected Systems
Only the wstUSR market was affected. The protocol’s other markets remained intact because they had sufficient liquidity, preventing the same donation manipulation from inflating share prices to catastrophic levels. When the exchange rate computed to zero, the protocol’s solvency check at ResupplyPairCore.sol:282 became meaningless: the loan-to-value calculation returned zero regardless of borrow amount, since multiplying by a zero exchange rate always produces zero. The check 0 <= _maxLTV always evaluated to true, granting the attacker unlimited borrowing power against their single wei of worthless collateral.
With this bypass in place, the attacker borrowed the entire $10 million reUSD debt limit in one transaction. They then swapped reUSD for stablecoins and ETH through Curve and Uniswap, splitting the proceeds across multiple addresses and laundering funds through Tornado Cash. Bitcoin traded near $106,960 and Ethereum at $2,416 at the time of the attack, providing deep liquidity for the attacker's exit.
The Mitigation Strategy
Within approximately 90 minutes of the initial exploit, Resupply's emergency response team set all borrow limits to zero, effectively freezing the protocol. The reUSD stablecoin briefly depegged to $0.98 as confidence evaporated, and the protocol's total value locked plummeted. The team identified the affected market and confirmed that other markets remained secure.
The vulnerability itself is well-documented in ERC-4626 security considerations. The fix involves implementing virtual shares and offsets — a baseline mechanism that prevents empty vault manipulation by pretending the vault already holds assets and shares. OpenZeppelin's ERC4626 implementation includes this protection by default, adding 1 to both the asset and share calculations during conversion. This seemingly trivial addition prevents the astronomical price-per-share inflation that enabled the Resupply attack.
Lessons Learned
The Resupply exploit underscores several critical lessons for DeFi developers and users. First, never deploy vault contracts with zero liquidity. An initialization deposit — even a nominal one — fundamentally changes the math and prevents donation attacks. Second, integer division in Solidity always rounds down, which means extremely large denominators can silently truncate to zero. Developers must add explicit checks for zero results from division operations, especially when those values feed into solvency calculations. Third, ERC-4626 vaults require careful implementation of virtual shares to prevent the exact class of attack that struck Resupply.
The broader context is equally sobering: June 2025 saw $114.8 million lost across 11 exploits in the Web3 space, with the Nobitex exchange breach alone accounting for $82 million. Resupply's $9.56 million loss ranks as the third-largest incident of the month, following Nobitex and the $16.1 million AlexLab exploit. None of the stolen funds were recovered, highlighting the persistent challenge of remediation in decentralized systems.
User Action Required
Users who interacted with Resupply's wstUSR market should monitor official protocol channels for recovery plans. All DeFi users should verify that any protocol they interact with implements proper ERC-4626 vault initialization with virtual shares. Protocols that deploy new vaults or markets should be treated with heightened caution until they demonstrate sufficient liquidity and tested security measures. If a protocol offers newly deployed vaults as collateral, users should wait for independent security reviews before depositing significant funds.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
90 minutes after deployment and already exploited. the attacker was probably watching the deploy tx in real time
vault_skeptic the attacker probably had the tx ready before deploy. any new vault with no liquidity and an integer division bug is basically a honeypot with a sign that says free money
It’s wild that donation attacks are still hitting protocols using the ERC-4626 standard. You’d think by now everyone would be using internal accounting or virtual shares to prevent these share price manipulations. Nearly $10M gone because of a known vector is a tough pill for the Resupply team to swallow.
Another day, another exploit. This is exactly why I keep most of my stack in cold storage and only play with ‘fun money’ in these newer DeFi vaults. No matter how many audits they claim to have, there’s always a risk when you’re dealing with complex smart contract interactions. Stay safe out there, guys.
Man, RIP to the LPs who got caught in this. $9.5M is a massive hit for a protocol like Resupply. Hopefully they have a treasury or some insurance fund to make users whole, but usually these ‘donation’ exploits leave everyone holding the bag. DeFi is definitely not for the faint of heart today.
Bit_Lord_LFG resupply is a sub-DAO of convex and yearn. if they dont have a treasury to cover $9.5M then the parent orgs will let it die. seen this movie before
I’ve been reading up on vault standards and I thought ERC-4626 was supposed to make things safer by standardizing the interface? It seems like the issue is always in the implementation details rather than the standard itself. Does anyone know if there’s a post-mortem available yet to see exactly how they bypassed the slippage checks?
marcus the ERC-4626 standard defines the interface not the implementation. the integer division at line 573 was a custom bug not a standard flaw