# ResupplyFi Exploit: From 1Wei to $ 10M

## Summary [On June 25th, Resupply Finance suffered a devastating exploit](https://x.com/ResupplyFi/status/1938092252431036491) that leveraged a simple one-wei collateral deposit to manipulate its exchange rate calculations, bypass loan-to-value (LTV) checks, and drain the full $9.8 million borrow limit in a single transaction. This incident once again highlights how classic DeFi vulnerabilities can turn a small oversight into a protocol-ending event within hours. [Resupply Finance](https://resupply.fi/) is a decentralized lending and borrowing protocol designed to provide users with access to on-chain liquidity through a system of collateralized vaults and[ **ERC-4626**](https://ethereum.org/en/developers/docs/standards/tokens/erc-4626/) yield-bearing strategies. It operates alongside multiple Curve-based pools and newer vault pairs under its ecosystem umbrella, with integrations into well-known liquidity layers like [Morpho](https://x.com/MorphoLabs?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) and [Curve ](https://www.curve.finance/dex/ethereum/pools/)Vaults, extending its reach within the broader DeFi landscape. [The first public alarm on the exploit was raised by BlockSec Phalcon](https://x.com/Phalcon_xyz/status/1938061381288530243), with early confirmations and damage assessments from [PeckShield](https://x.com/peckshield/status/1938061948647817647), [Slowmist](https://x.com/SlowMist_Team/status/1938073225503908072), and other prominent security firms. [Blockscope was among the first forensic teams to initiate deep on-chain tracing](https://x.com/BlockscopeCo/status/1938263643025449178), investigating suspicious flows, contract interactions, and fund laundering pathways within hours of the event.

### **Addresses & Transactions** * **Main Exploiter Address:** `0x6D9f6E900ac2CE6770Fd9f04f98B7B0fc355E2EA` * **Main Exploiter Contract:** `0x151aa63dbb7c605e7b0a173ab7375e1450e79238` * **Exploiter Contract (ETH Receiver):** `0xf90da523a7c19a0a3d8d4606242c46f1ee459dc7` * **Target Resupply Pair Contract:** `0x6e90c85a495d54c6d7e1f3400fef1f6e59f86bd6` * **Exploiter Wallet:** `0x31129a5c13306A48E827e851D44E19Ca07d4928A` * **Exploiter Wallet:** `0x886f786618623ffFB2be59830A47661Ae6492E16` * **Exploit Transaction :** `0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3` ## **Decoding the Exploit** The exploit was a sophisticated yet textbook **ERC4626 donation attack**, executed with surgical precision using two purpose-built contracts. The first **Exploiter Contract (ETH Receiver)** `0xf90da523a7c19a0a3d8d4606242c46f1ee459dc7`, acted purely as a simple ETH receiver, ensuring that any wrapped ETH (wETH) collected during the process could be unwrapped and sent out cleanly. The second, the **Main Exploit Contract** `0x151aa63dbb7c605e7b0a173ab7375e1450e7923`, embedded all the core logic needed to interact with the Morpho flash loan system, perform token swaps through **Curve**, and ultimately drain funds from **Resupply’s lending vault**.

Transaction logs confirms Flash loan from Morpho.

The exploiter’s sequence began with a deliberate but tiny **one-wei collateral deposit** into the freshly launched vault — just enough to bypass the vault’s non-zero collateral check. Next, the contract leveraged Morpho’s `FashLoan()` function to draw USDC in temporary liquidity. With this flash-borrowed capital, the exploiter immediately executed a swap on Curve’s StableSwap, converting the USDC into crvUSD, setting the stage for the core of the donation attack.

Trace Call shows Exploiter swapping USDC to crvUSD, and then staging the exploit on Resupply Pair, then swapping the reUSD back to crvUSD, then USDC and finally wETH.

Inside the same transaction, the exploiter exploited a flaw in Resupply’s share pricing logic. They minted a single share worth **1 wei** while simultaneously donating **2,000 crvUSD** to the vault controller. This combination inflated the vault’s apparent collateral value to an extreme, pushing the on-chain oracle’s price feed to report an artificially high collateral price. Ironically, due to Resupply’s flawed rounding formula, specifically, dividing `1e36` by the oracle’s new price, the system produced an exchange rate of zero. With the manipulated exchange rate effectively set to zero, Resupply’s **loan-to-value (LTV) check** always returned an LTV of **0**, no matter how much was borrowed. The system, therefore, treated the borrower as perfectly solvent. At the same time, the protocol’s calculation `totalDebtAvailable` failed to factor in the missing real collateral. As a result, the attacker could instantly access the protocol’s **entire borrow limit**, securing a loan of **10 million reUSD** backed by a deposit worth a single wei.

Transaction Decoder showing all the token transfers that happened during the exploit transcation. Tx. hash:`0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3`

After draining the vault, the attacker’s contract routed the stolen reUSD back through Curve, swapped it into more liquid tokens, repaid the original Morpho flash loan to close the loop cleanly, and converted the final profits back into ETH. In a final step, the **Exploiter** **Contract (ETH Receiver)** unwrapped the remaining wETH and distributed funds to the validator for priority inclusion and split the bulk of the stolen assets across two wallets. ### 🤖 **Blockscope AI Assist** Investigators and law enforcement agents work on multiple cases, and having access to the best tools is everyone’s right. With Blockscope’s advanced suite of forensics and monitoring tools, users can trace and analyze all on-chain activities in detail. But what if something is too technical or unclear? **Blockscope AI Assist** has their back. For example, in the **ResupplyFi Exploit**, the technical manipulation, multiple swaps, and flash loan logic can be challenging to follow. Using Blockscope AI Assist, users can easily break down trace calls and transactions, understand the flow, the entities involved, and see clear summaries — all in plain language. The best part? Users can **interact with our AI**, ask follow-up questions, and dig deeper for full clarity. No stuck points, no confusion — Blockscope AI Assist makes even the most complex exploits clear and actionable.

Trace Call Analysis of the Exploit Transcation using Blockscope AI Assist

## **On-Chain Activity** Using the **Tracer Tool,** we were able to visually clarify the exploit mechanics. Tracer 1 shows a clear graph depicting every ERC-20 transfer between various addresses controlled by the Exploiter.

Tracer 2 graphs the whole exploit, from Tornado Cash funding to post-exploit swaps. These visuals provide undeniable proof of each step and will be presented as annotated images in this report.

## **Breakdown and Timeline** ### **June 25, 2025 at 00:18 UTC:** **Resupply’s new wstUSR market** with $10 M debt limit goes live, just nearly 1.5 hours before the exploit. Tx. hash: `0x852eca15a9fd352817346915f7bc8817d46de349bd7a8fc6ee73c7b66ec9ab41` ### **June 25, 2025 at 1:50 UTC:** Exploiter funds the Main Wallet through Tornado Cash. Tx. hash: `0x1962eb353a37ca816a6d967279dfdb005a640fe3b22ccb9e00939fe5810d8fb5`

Exploiter received $2.40 K woth of ETH from Tornado Cash 1 ETH Pool

### **June 25, 2025 at 1:53 UTC** The **Main Exploiter Wallet** creates the **Exploiter Contract (ETH Receiver)** and begins the exploit. Everything happens in the same transaction. *Flash loan initiated → Curve swap → vault donation → exploit executed → funds split across multiple wallets.* Tx. hash: `0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3`

As of **July 2nd**, the two **Exploiter Wallets**, `0x31129a5c13306A48E827e851D44E19Ca07d4928A` and `0x886f786618623ffFB2be59830A47661Ae6492E16` are holding the stolen assets.

## **Ongoing Monitoring** Blockscope has deployed its public **Watchtower** to continue monitoring any suspicious flows related to the stolen funds and subsequent laundering paths. These dashboards will be updated in real-time to track fund movement across mixers, bridges, and centralized exchanges. Link: ## **Conclusion & ResupplyFi Response** The Resupply Finance exploit stands as a cautionary tale of how predictable vulnerabilities — like ERC4626 donation attacks and empty vault rounding bugs — can still slip through audits if deployment safeguards aren’t enforced. In the aftermath, ResupplyFi has paused affected markets, issued a detailed post-mortem, and started compensating affected users through an insurance pool with personal contributions from key contributors like **C2tP**. Community discussions continue around the **scope gap in audits**, the role of **Oracle price protections**, and governance best practices for safe vault deployment. Whether this exploit will push more protocols to adopt real-time solvency checks, more robust oracle integrations, or new anti-donation measures remains to be seen. ResupplyFi’s tragedy reminds everyone: in DeFi, a few hours is all it takes for unprotected math to cost millions. **Post Mortem & Recovery Plan by ResupplyFi:** **Written by**: [Tushar Tiwari](https://in.linkedin.com/in/tushar-tiwari-1380271b7), Forensics Analyst @ Blockscope For more information, please reach out to us at ****

Disclaimer: Best Effort Report This article and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations: * The data used in this article may contain inaccuracies, omissions, or errors. * Information sources may be incomplete or subject to change. * New evidence may emerge that could alter the conclusions. * Analysis and interpretations are based on current understanding and may evolve. We have made every reasonable attempt to ensure accuracy, but we cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://research.blockscope.co/resupplyfi-exploit/resupplyfi-exploit-from-1wei-to-usd-10m.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.