The decentralized finance ecosystem suffered another major blow on September 3, 2024, when Penpie, a yield farming protocol built atop Pendle Finance, was exploited for approximately $27 million through a carefully orchestrated reentrancy attack. The breach sent shockwaves through the DeFi community, highlighting persistent vulnerabilities in smart contract design even as the broader crypto market grappled with Bitcoin trading at $57,971 and Ethereum at $2,449.
The Exploit Mechanics
The attacker exploited a critical flaw in Penpie’s _harvestBatchMarketRewards function, which was responsible for managing staking reward distributions across the protocol. This function lacked a fundamental security measure: a reentrancy guard. Without this safeguard, the attacker was able to repeatedly call the function before the contract could update its internal state, essentially tricking the system into disbursing rewards multiple times for the same deposit.
The attack unfolded in three carefully sequenced transactions. First, the attacker deployed a malicious Pendle Market by creating a crafted Synthetic Yield (SY) contract specifically designed to exploit the reentrancy vulnerability. Because Penpie’s market registration was permissionless, the malicious contract was accepted without proper validation. The attacker then used flash loans to borrow substantial amounts of assets—including wstETH, sUSDe, egETH, and rswETH—which were deposited into the malicious SY contract to inflate token balances artificially.
Once the inflated balances were in place, the attacker initiated the reward harvesting process. During the reward calculation phase, the attacker re-entered the vulnerable function, depositing additional tokens to further exaggerate the perceived rewards. The contract, unable to distinguish between legitimate and manipulated balances, paid out far more than it should have—ultimately draining approximately $27.35 million from the protocol.
Affected Systems
The exploit directly impacted Penpie’s staking infrastructure and the liquidity pools tied to Pendle Finance’s ecosystem. The affected assets included wrapped staked ETH (wstETH), staked USDe (sUSDe), ether.fi staked ETH (egETH), and restaked swETH (rswETH). Pendle Finance, the parent protocol, acted swiftly after the attack was detected, implementing emergency measures that successfully safeguarded an additional $105 million in user funds that could have been at risk.
The incident also affected broader market sentiment. With Bitcoin already under pressure near the $58,000 level following significant ETF outflows, the Penpie exploit contributed to heightened anxiety among DeFi participants. Yield farming protocols across the ecosystem saw temporary outflows as users reevaluated risk exposure.
The Mitigation Strategy
In the immediate aftermath, Pendle Finance launched a comprehensive incident response. The protocol paused vulnerable contracts, conducted a thorough forensic analysis of the attack vector, and published a detailed post-mortem within hours. Pendle’s team emphasized that the core Pendle protocol itself was not compromised—the vulnerability was isolated to Penpie’s implementation.
The mitigating measures included revoking permissions for unverified market registrations, implementing mandatory reentrancy guards on all reward-distribution functions, and establishing a bug bounty program to incentivize white-hat security research. Penpie’s team also initiated negotiations with the attacker through on-chain messages, offering a bounty for the return of stolen funds.
Lessons Learned
The Penpie exploit reinforces several critical lessons for the DeFi ecosystem. First, permissionless market registration—while promoting decentralization—creates significant attack surface when combined with insufficient validation. Protocols must balance accessibility with rigorous security checks.
Second, reentrancy remains one of the most well-understood yet persistently exploited vulnerability classes in smart contract development. The fact that a missing reentrancy guard led to a $27 million loss in 2024 suggests that auditing practices and developer education still have considerable room for improvement.
Third, the use of flash loans in this attack demonstrates how attackers can amplify their impact without requiring significant upfront capital. Protocols that interact with externally controlled contracts should implement additional safeguards against flash-loan-enabled manipulation.
User Action Required
Users who had funds deposited in Penpie should immediately check their wallet balances and revoke any outstanding token approvals to the compromised contracts. Those affected by the exploit should follow Penpie’s official channels for updates on fund recovery efforts. All DeFi participants should review the protocols they interact with, prioritizing those that have undergone comprehensive security audits and implement established best practices like reentrancy guards and access controls.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
three sequenced transactions to drain 27M. whoever designed this attack knew the Penpie codebase better than the Penpie team
three txs means they probably found the bug just by reading the contracts on etherscan. no insider info needed when the code is public and the guard is missing
the attacker probably found the bug by reading the public source code. auditors missed what a motivated stranger caught
three sequenced txs means the attacker tested this on forked mainnet first. probably ran simulations for days before pulling the trigger
The lack of a reentrancy guard in 2024 is inexcusable. OpenZeppelin has had a template for this since 2018.
no reentrancy guard in 2024 is negligent. OZ has had ReentrancyGuard since solidity 0.5. theres no excuse for skipping it
openzeppelin has had reentrancyguard for years and projects still skip it to save gas on deployment. penny wise pound foolish
natspec_ skipping reentrancyguard to save gas is insane. the deployment cost difference is literally pennies. no excuse in 2024
Pendle survived but Penpie getting drained shows what happens when you build on top of a protocol without independent audits. composability cuts both ways
composability is the double edged sword here. Pendle is fine but every protocol built on top inherits risk from the base layer. independent audits should be mandatory not optional
forked mainnet testing is standard practice for exploits this size. the three-tx sequence means they rehearsed it multiple times before going live
penpie was built on pendle. wonder how many other derivatives on top of pendle had the same vulnerability and just got lucky nobody noticed