On January 12, 2025, UniLend Finance lost approximately $200,000 to a flash loan exploit that targeted a subtle vulnerability in the protocol’s health factor validation logic. For experienced DeFi users and developers, this incident provides a valuable case study in how seemingly minor smart contract flaws can cascade into significant financial losses. This advanced tutorial dissects the UniLend V2 exploit in technical detail, explaining the attack mechanics, the underlying vulnerability, and the defensive patterns that could have prevented it.
The Objective
This tutorial aims to provide a comprehensive technical understanding of flash loan exploits in lending protocols. By the end, you will understand how flash loans work as an attack tool, why health factor validation is critical in lending protocols, how the UniLend V2 vulnerability allowed an attacker to inflate collateral calculations, and what design patterns can protect against similar attacks. This guide assumes familiarity with Solidity, DeFi concepts like lending and borrowing, and basic understanding of smart contract security.
Prerequisites
Before diving into the exploit analysis, ensure you understand the following concepts. Flash loans are uncollateralized loans that must be borrowed and repaid within a single atomic transaction. If the borrower cannot repay by the end of the transaction, the entire transaction reverts as if it never happened. Health factor is a metric used by lending protocols to determine whether a borrower’s collateral sufficiently covers their debt. A health factor below 1.0 typically triggers liquidation. LP shares represent a user’s proportional claim on a lending pool’s assets, calculated based on the ratio of deposited assets to total pool size.
You will also need access to Etherscan for examining the attack transaction (0x44037ffc0993327176975e08789b71c1058318f48ddeff25890a577d6555b6ba), the attacker’s contract (0x3f814e5fae74cd73a70a0ea38d85971dfa6fda21), and the vulnerable UniLend V2 core contract (0x7f2e24d2394f2bdabb464b888cb02eba6d15b958).
Step-by-Step Walkthrough
Step 1: Flash Loan Acquisition. The attacker borrowed 60 million USDC and 5 wstETH from Morpho Blue, a decentralized lending protocol that offers flash loan capabilities. The borrowed wstETH was converted to approximately 6 stETH through a token swap. At this point, the attacker holds significant temporary capital that must be repaid by the end of the transaction.
Step 2: Collateral Deposit. The attacker called the lend() function twice on UniLend V2’s core contract, depositing the 60 million USDC and 6 stETH as lending pool contributions. In return, the attacker received LP shares representing their proportional claim on the pool’s assets. The deposit appeared legitimate because the tokens were actually transferred to the UniLend contract.
Step 3: The Borrow Operation. With the massive USDC deposit serving as apparent collateral, the attacker called borrow() to take out 60.67 stETH, worth approximately $200,000 at the time with ETH trading at $3,266. The health factor check initially passed because the 60 million USDC deposit far exceeded the required collateralization ratio for a 60.67 stETH borrow.
Step 4: The Vulnerability Trigger. The critical flaw was in the redeemUnderlying() function, which burns LP positions and verifies the health factor of the corresponding NFT position ID before transferring tokens to the user. The health factor checks in checkHealthFactorLtv0 and checkHealthFactorLtv1 relied on userBalanceOftoken functions that returned inflated values.
The inflation occurred because userBalanceOftoken calculated user balances using LP share ratios, but the calculation did not account for the fact that the attacker’s deposit was part of the same transaction. The _lendBalance0 value was inflated because the tokens had not yet been properly accounted for in the pool’s internal balance tracking. This meant the system believed the attacker still had significant collateral even after withdrawing borrowed funds.
Step 5: Loan Repayment and Profit Extraction. After extracting the 60.67 stETH, the attacker repaid the 60 million USDC and 5 wstETH flash loan to Morpho Blue. The attacker’s profit was approximately $200,000 worth of stETH, net of gas fees and any slippage from token conversions. The entire operation completed in a single transaction, making it impossible to interrupt once initiated.
Troubleshooting
When auditing lending protocols for similar vulnerabilities, focus on three key areas. First, verify that all balance calculations reflect actual token transfers completed within the same transaction, not stale pool states. Second, ensure that health factor checks use the most recent balance data available, not cached values from before the current operation began. Third, implement invariant checks that verify the protocol’s total locked value is consistent before and after complex multi-step operations.
A common pattern for preventing flash loan exploits is to introduce a delay mechanism that separates deposit and borrow operations across multiple blocks. While this reduces capital efficiency, it eliminates the atomic transaction property that makes flash loan exploits possible. Another effective pattern is to use time-weighted average balances rather than spot balances for collateral calculations, making it impossible to manipulate apparent collateral levels within a single transaction.
Mastering the Skill
Flash loan exploit analysis requires deep understanding of smart contract state management and the subtle interactions between multiple DeFi protocols within a single transaction. To build this expertise, practice reading exploit post-mortems from security firms like QuillAudits, Trail of Bits, and OpenZeppelin. Set up a local fork of the Ethereum mainnet using tools like Foundry or Hardhat, and practice reproducing known exploits in a controlled environment.
Study the evolving landscape of DeFi attack vectors by following resources like Rekt News, which documents major exploits with technical detail. Contribute to open-source audit initiatives and participate in bug bounty programs to gain hands-on experience identifying vulnerabilities before they can be exploited in production.
Disclaimer: This article is for educational and informational purposes only. The techniques described are meant to help developers build more secure protocols, not to facilitate attacks. Unauthorized exploitation of smart contract vulnerabilities is illegal.
solid writeup. the health factor check using stale balances after borrow is a pattern ive seen in at least 3 other exploits on smaller protocols
stale balance after borrow is such a subtle bug. you can pass every standard audit and still miss it if youre not specifically modeling flash loan attack paths
kernel_drift_ ive seen this stale balance pattern in at least 5 audits. should be in every lending protocol checklist by now
the flash loan attack chain is elegant in a twisted way. borrow, manipulate collateral ratio, drain, repay, profit. all in one tx
for anyone building lending protocols: use reentrancy guards AND snapshot balances before state changes. this exact bug class becomes impossible
good point on the defensive patterns. wish more audits actually tested flash loan scenarios instead of just checking standard reentrancy
snapshot before state changes + reentrancy guard should be table stakes for any lending protocol in 2025. the fact that this shipped without both is negligence
audit_maximalist agree. $200k loss is small compared to what it could have been. the stale balance after borrow is a known vulnerability class that keeps getting missed