Agave & Hundred Finance Reentrancy

On March 15, 2022, Agave ($5.5M) and Hundred Finance ($5.5M) — Aave/Compound forks on Gnosis Chain — were drained in a joint reentrancy exploit totalling approximately $11 million. Both protocols accepted a token (wXDAI/wETH on Gnosis) with an ERC-677-style transfer callback; the callback enabled reentrancy into the borrow path before debt was recorded.

What happened

On Gnosis Chain, the canonical wrapped token implements a transferAndCall-style callback. Agave and Hundred — forking Ethereum lending code that assumed plain-ERC-20 transfer semantics — released borrowed tokens before recording debt. The callback re-entered borrow against still-unencumbered collateral, looping to drain both protocols.

Why it matters

Agave/Hundred is one of the clearest "forking EVM code to a chain whose tokens have different transfer semantics" lessons. The fork inherited Ethereum-mainnet assumptions ("ERC-20 transfers don't call back"); on Gnosis, the native wrapped token does. The catalogue's recurring rule: a fork inherits the upstream's logic but not its environment's assumptions — token standards, precompiles, gas semantics, and reentrancy surfaces differ per chain, and every cross-chain fork must re-audit against the destination's actual primitives. This is the same root family as Voltage Finance (ERC-677 on Fuse) and Cream AMP (ERC-777 on Ethereum) — callback-enabled tokens breaking borrow-path reentrancy assumptions, three times, three chains, one lesson. (This is also the Hundred Finance protocol's first major incident; it was exploited again in 2023.)