Deus DAO (1st incident): Flash loan → spot price manipulation of Solidex USDC/DEI AMM pool (used as oracle) → user positions liquidated
Deus DAO's DEI lending contract lost ~$3M when an attacker flash-loaned from the very AMM pool the contract used as its price oracle — crashing the oracle price mid-transaction and liquidating all user positions at once.
Summary #
Deus DAO (1st incident) suffered a Algorithmic Stablecoin / Lending on 2022-03-15, resulting in a loss of approximately $3M.
What happened #
Deus DAO's DEI lending contract lost ~$3M when an attacker flash-loaned from the very AMM pool the contract used as its price oracle — crashing the oracle price mid-transaction and liquidating all user positions at once.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — DEI lending contract was newly launched]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None identified]
- RD-F-076 — related : Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: DEI lending contract was recently launched (weeks old at time of exploit)]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — the sAMM-USDC/DEI pool price was severely distorted mid-transaction; detectable as a sharp oracle deviation]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing (Y/N): Y — large DEI flash loan from the oracle pool itself]