Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 197Oracle Manipulation

UwULend sUSDe Oracle Manipulation

UwULend lost $19.4M after an attacker manipulated 5 of 11 sUSDe oracles via Curve swaps, borrowing at $0.99 then liquidating at $1.03. A $3.7M follow-up hit.

Date
Victim
UwU Lend
Chain(s)
Ethereum
Status
Funds Stolen

On June 10, 2024, the lending protocol UwULend lost approximately $19.4 million after an attacker manipulated the sUSDe price oracle via large swaps in the relevant Curve Finance pool. A second, smaller exploit ($3.7M) hit UwULend the same week during reimbursement efforts.

What happened

UwULend's price oracle for sUSDe (Ethena's staked USDe) was constructed by sampling 11 different USDe prices across Curve and Uniswap v3 pools and using the median as the canonical price. 5 of those 11 sources used the Curve pool's instantaneous spot price via get_p — readable and writable in the same transaction.

The attacker realised that if they could move 5 of the 11 source prices in the same block, the median would shift — but the manipulation only needed to be momentary, just enough to bracket a borrow-then-liquidate cycle.

The attack:

  1. Flash-borrowed a large amount of stables and USDe.
  2. Swapped USDe in the Curve pool to suppress sUSDe's spot price.
  3. With the median oracle reading now ~4% below peg ($0.99), the attacker borrowed massive amounts of sUSDe from UwULend at the depressed price.
  4. Reversed the Curve manipulation by swapping back, pushing the sUSDe oracle reading back up to ~$1.03.
  5. With UwULend's view of sUSDe collateral values now elevated, other positions became under-collateralised at the new pricing. Liquidations executed — and the attacker, who had set up positions to profit on the upswing, collected the liquidation rewards.

Net profit: ~$19.4M after flash-loan repayments.

Aftermath

  • UwULend paused operations and entered on-chain negotiation with the attacker.
  • During the same week, a second exploit (different attacker, different vector) drained another ~$3.7M before the team could complete its fixes.
  • Reimbursement plans were rolled out gradually; the protocol's standing was meaningfully damaged.

Why it matters

UwULend is one of the strongest demonstrations that median-of-N oracle aggregation is only as resistant as its worst single source. Mixing TWAP-derived feeds with instantaneous spot prices in the same median produces a system that looks robust on paper but reduces to "the cheapest sources to manipulate" in practice.

The defensive answer — well-documented but unevenly adopted:

  • Every oracle source in a median must be flash-loan-resistant individually, not just on average.
  • Spot-price reads from manipulable pools belong in TWAP aggregators, not directly in price functions.
  • Per-asset oracle audits should treat the median calculation as part of the oracle, not as an isolating layer that fixes weak sources.

UwULend's $19.4M is the recurring cost of underestimating these subtleties in lending-protocol oracle design.

Sources & on-chain evidence

  1. [01]quillaudits.comhttps://www.quillaudits.com/blog/hack-analysis/uwu-lend-hack
  2. [02]slowmist.medium.comhttps://slowmist.medium.com/analysis-of-the-uwu-lend-hack-9502b2c06dbe
  3. [03]rekt.newshttps://rekt.news/uwulend-rekt

Related filings