Attacker Drains All the Funds from a Rari Capital’s Fuse Pool

Table of Contents

Rari Capital, a defi lending protocol, has reported an oracle manipulation incident in one of its Fuse pools, resulting in the loss of all the funds from the attacked pool.

Rari Capital’s official Twitter account reported the incident on Tuesday, November 2nd. According to Rari Capital, on Tuesday morning, pool number 23 on its Fuse platform suffered an oracle manipulation attack and the attacker was able to drain all the funds from the pool. Rari Capital said:

“This morning there was an isolated incident of oracle manipulation on Fuse Pool #23.

The attacker manipulated the price of VUSD (one of the assets) on Uniswap V3.

Once the attacker adjusted the price of VUSD, the pool was drained.”

Fuse is a protocol by Rari Capital that supports isolated interest rate pools. Each Rari Capital’s Fuse pool is isolated from other pools and pools creators can create fully customized pools for lending and borrowing assets of their choice. They can set every pool parameter like interest rate curves, oracles, and collateral factors, according to their preferences. Each pool has a specific set of assets that can be supplied to earn lending interest or be used as collateral.

But these pools are not always safe. Rari Capital wrote:

“Fuse is a powerful platform with unlimited customizability.

Even if the core protocol is sound, oracles and other features can make it insecure when used improperly, like in low liquidity environments.”

Rari Capital already cautioned about some danger associated with these pools. A blog post, explaining Fuse protocol, reads:

“If a pool creator adds an unknown asset with little liquidity, they may be able to manipulate the price of that asset to return a large supply position for a bloated collateral amount and use that to borrow funds with no intention of repaying the loan, since the supplied position was in a manipulated asset.”

It seems this is now actually has happened with this Fuse pool. Pool number 23 is still there on Fuse in the Rari Capital app. The pool exists by the name of ‘Vesper Pool’. The pool supports 9 nine assets that include VCRED, DAI, SPC, WBTC, USDC, VUSD, ETH, VVSP, and VSP. Initial investigations say that it is Vesper V-Dollar (VUSD)’s price that was manipulated.

In-depth details about this incident are yet to come. Rari Capital concluded:

“We continue to urge caution to pool creators to ensure that Uniswap V3 pools have enough liquidity to prevent future exploits like this.

The situation is still under investigation and we will be continually updating the community as we learn more.”


If you found this article interesting, here you can find more Blockchain and cryptocurrency news

RELATED POSTS

Follow us on Social Networks

Crypto Tutorials

Crypto Reviews

Ads