Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 092Smart Contract Bug

Saddle Finance MetaSwap Virtual Price

Saddle's sUSDv2 metapool lost $11.9M when a known MetaSwapUtils bug was redeployed by mistake; BlockSec's bots front-ran $3.97M to safety, cutting the net loss.

Date
Victim
Saddle Finance
Chain(s)
Ethereum
Status
Partially Recovered

On April 30, 2022 at 07:40 UTC, the stable-asset AMM Saddle Finance lost approximately $11.9 million when an attacker exploited the sUSDv2 metapool through a vulnerability that had been patched in the canonical Saddle code months earlier — but that an older, vulnerable version of the MetaSwapUtils library had been mistakenly redeployed alongside the metapool.

What happened

Saddle's metapools used a shared MetaSwapUtils library to compute the virtual price of LP tokens during cross-pool swaps. An older version of that library contained a bug that prevented it from using virtual-price-based valuation correctly during metapool swaps — an attacker could manipulate the LP-token price by routing flash-loan-funded swaps through the pool.

The Saddle team had patched the bug and shipped a fixed MetaSwapUtils to the canonical Saddle repository. For reasons the team's post-mortem describes as "an unknown deployment error," the sUSDv2 metapool on Ethereum mainnet was deployed with the OLD, vulnerable library even after the patch was available.

The attack:

  1. Flash-borrowed funds and executed a sequence of swaps through the sUSDv2 metapool.
  2. Manipulated the metapool's LP-token virtual price via the buggy library.
  3. Swapped the artificially-priced LP tokens for sUSD and other underlying assets, walking with the value.

Initial drain: ~$14.8M in mixed assets.

Aftermath

  • BlockSec's whitehat bots detected the exploit pattern on-chain and, using an internal "front-run-the-exploit" service, rescued $3.97M by replaying the same exploit and routing the proceeds to a recovery address.
  • Saddle paused metapool swaps and migrated to a verified-correct deployment of MetaSwapUtils.
  • Net loss after BlockSec's rescue: ~$11.9M, never recovered from the original attacker.

Why it matters

Saddle is the textbook case for why deployment provenance must match the code repository, end-to-end. A patched bug fixed in source code is only fixed for users when the on-chain contract reflects the patched version. Every protocol-team's deployment pipeline must verify, automatically, that the bytecode of each live contract matches the bytecode produced by the audited source — and that the libraries it depends on are the audited versions, not stale copies.

The BlockSec rescue is also one of the cleaner examples of white-hat MEV doing real work — pattern-matching on the malicious transaction shape and front-running additional victims of the same exploit before they could be drained. The practice is now meaningfully institutionalised; firms like BlockSec, HYDN, and certain Flashbots operators run watcher infrastructure that has saved hundreds of millions in DeFi capital since.

Sources & on-chain evidence

  1. [01]blog.saddle.financehttps://blog.saddle.finance/4-30-2022-post-mortem-of-mainnet-susdv2-metapool-exploit/
  2. [02]medium.comhttps://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38
  3. [03]blocksecteam.medium.comhttps://blocksecteam.medium.com/how-to-exploit-the-same-vulnerability-of-metapool-in-two-different-ways-nerve-bridge-saddle-774c271c8243

Related filings