Fortress Protocol Oracle + Governance

On May 9, 2022, the BNB Chain lending protocol Fortress Protocol lost approximately $3 million through a combined oracle manipulation + governance attack. The attacker manipulated the FTS token price via its thin Chainlink-less oracle path, then passed a governance proposal granting arbitrary collateral parameters, and borrowed out the protocol's reserves.

What happened

Fortress was a Compound-style lending market. Two weaknesses combined:

1. The FTS price feed was manipulable — derived from a low-liquidity source the attacker could move.
2. Fortress governance could set collateral factors, and the governance threshold was low enough for the attacker to pass a self-serving proposal.

The attacker pumped FTS's reported price, used governance to set favourable collateral parameters for FTS, deposited the over-valued FTS, and borrowed all available reserves (~$3M in BNB and stablecoins) against it.

Aftermath

• Fortress effectively ceased operations after the drain.
• Funds were laundered through Tornado Cash; no recovery.

Why it matters

Fortress combines the catalogue's two most-repeated lending-protocol failures — manipulable oracle (Cream, Vee, Moola) and capturable governance (Beanstalk, Atlantis Loans) — in a single transaction. When a protocol's price feed and its risk parameters are both attacker-controllable, the protocol is not a lending market; it is an open vault with extra steps. Fortress is a small but textbook demonstration that these two weaknesses are individually fatal and jointly trivial.