Rari Capital ibETH Reentrancy

On May 8, 2021, the yield-aggregation protocol Rari Capital lost 2,600 ETH — approximately $10 million, representing 60% of all user funds in its Ethereum Pool — through a reentrancy exploit enabled by its integration with Alpha Finance's ibETH vault token. This was a separate incident from the larger Fei/Rari Fuse exploit a year later.

What happened

Rari Capital's Ethereum Pool deployed user ETH across yield strategies, one of which used Alpha Finance's ibETH (interest-bearing ETH). Rari's integration relied on two assumptions about ibETH that turned out to be false:

1. The ibETH value calculation could be manipulated within a single transaction.
2. Alpha Finance's ibETH.work() function let the caller invoke arbitrary external contracts from inside its execution — which meant a caller could re-enter Rari Capital's deposit and withdraw functions in the middle of an ibETH operation.

The attack:

1. Flash-borrowed ETH from dYdX.
2. Called Alpha Finance's ibETH.work() in a way that triggered a callback to attacker-controlled code.
3. From inside the callback — before Rari's accounting had settled — re-entered Rari's Ethereum Pool deposit and withdraw functions, manipulating the share-price calculation.
4. Repeatedly deposited and withdrew through the reentrancy window, draining the pool of 2,600 ETH.
5. Repaid the flash loan and walked.

Aftermath

• Rari Capital published a detailed post-mortem attributing the root cause to the undocumented behaviour of Alpha Finance's ibETH.work().
• Rari founder Jai Bhavani announced the developers would return 2M RGT (Rari Governance Tokens) earmarked for developer incentives to compensate victims — a reimbursement package valued at over $26M at the prices of the time.
• The incident contributed to a spate of related exploits in the same week affecting Rari and Saddle Finance for combined nine-figure sums.

Why it matters

Rari Capital's May 2021 incident is a canonical case for the danger of integrating with composable DeFi primitives whose full behaviour is undocumented. Rari's own code was not obviously buggy — the vulnerability emerged from the interaction between Rari's accounting and Alpha Finance's permissive work() function, which allowed arbitrary external calls that Rari's developers did not know about.

The structural lessons:

1. Integration risk is inherited risk. Every external protocol a contract calls into becomes part of its attack surface. The integrating team must understand the full behaviour — including undocumented or "unusual" capabilities — of every primitive they compose with.

2. Reentrancy guards must protect every state-mutating path, not just the obvious ones. Rari's deposit/withdraw were re-enterable specifically because the reentrancy could come from an external integration the team didn't anticipate as a reentry vector.

3. The same protocol can be exploited twice through different mechanisms. Rari Capital was exploited here in May 2021 and again — much larger — in the Fei/Rari Fuse incident in April 2022. The recurring pattern: a protocol survives the first incident, but the systemic causes (composability assumptions, reentrancy discipline) aren't fully addressed, and a second incident follows.

The Rari developers' decision to return their own incentive tokens to victims was an unusually direct form of accountability for the 2021 era, and was cited positively even as the protocol's longer-term trajectory deteriorated.