Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 069Reentrancy

Grim Finance 5x Reentrancy

Grim Finance vaults on Fantom lost $30M to a 5-loop reentrancy in depositFor that faked extra deposits mid-call. TVL collapsed from $98.9M to $4.2M.

Date
Victim
Grim Finance
Chain(s)
Fantom
Status
Funds Stolen

On December 19, 2021, the Fantom-based yield aggregator Grim Finance lost approximately $30 million to a 5-loop reentrancy attack on its vault's depositFor() function. By the time the team paused the protocol, Grim's TVL had collapsed from $98.9M to $4.2M — a 96% drop.

What happened

Grim Finance's vaults used a depositFor() function to credit a user with vault shares in exchange for their deposit. The function followed the typical pattern: pull the user's tokens via transferFrom, then mint vault shares to the user based on the current share-price calculation.

The fatal flaw: depositFor() lacked proper reentrancy protection. When the deposited token's transferFrom triggered a callback (as could happen with ERC-777 or fee-on-transfer tokens, or — more directly — when the attacker controlled the deposited "token" contract entirely), the attacker's callback could re-enter Grim's depositFor() while the first call was still mid-execution.

The attack:

  1. Deployed a malicious "token" contract whose transferFrom function called back into Grim's depositFor().
  2. Called Grim's depositFor() with the malicious token.
  3. The first call read the current share price and prepared to mint shares.
  4. Before the first call's mint completed, the callback re-entered depositFor() — and read the same pre-mint share price, preparing to mint more shares against what should have been the same deposit.
  5. Looped 5 times before the call stack unwound.
  6. Walked away with 5x the legitimate vault-share allocation for a single underlying deposit.

Net drain: ~$30M across Grim's affected vaults, denominated in BTC, ETH, FTM, USDC and other assets.

Aftermath

  • Grim paused all vault operations within hours.
  • The team contacted Circle (USDC issuer), AnySwap, and MakerDAO to freeze assets linked to the attacker's addresses.
  • TVL fell from $98.9M to $4.2M — a 96% drop driven by both the realised theft and panicked depositor withdrawals from unaffected vaults.
  • The protocol never recovered its pre-incident standing among Fantom yield aggregators.
  • The stolen funds were laundered through cross-chain bridges and mixers; no public recovery.

Why it matters

Grim Finance is one of a recurring series of vault-contract reentrancy incidents that cluster around yield aggregators forking the same base patterns. The class of bug — "external token transfer in the deposit path lacks reentrancy guard" — recurs across:

  • Pickle Finance (Nov 2020) — fake-Jar injection through swap.
  • Cream Finance (Aug 2021) — ERC-777 tokensReceived reentrancy.
  • Grim Finance (Dec 2021) — depositFor 5-loop reentrancy.
  • Visor Finance (Dec 2021) — delegateTransferERC20 reentrancy.
  • Fei/Rari (Apr 2022) — exitMarket left unprotected.
  • Penpie (Sep 2024) — Pendle plugin reentrancy.

The defensive pattern — OpenZeppelin's ReentrancyGuard applied to every state-mutating external-call path, without exceptions — is well-documented and freely available. Every protocol that ships any deposit path without the guard is one carefully-constructed token contract away from Grim Finance's outcome. The $30M cost is the recurring tuition for skipping the guard.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/tech/2021/12/20/fantom-defi-project-grim-finance-exploited-for-30m
  2. [02]cryptobriefing.comhttps://cryptobriefing.com/fantom-defi-project-grim-finance-suffers-30m-hack/
  3. [03]decrypt.cohttps://decrypt.co/88727/grim-finance-hacked-30-million-fantom-tokens

Related filings