dForce Network: Read-Only Reentrancy (Curve wstETH/ETH LP Oracle Manipulation)
dForce lost $3.65M on two L2 chains simultaneously to a Curve read-only reentrancy attack that was publicly documented and had already hit another protocol the previous month — before the exploiter returned all funds.
Summary #
dForce Network suffered a Lending on 2023-02-13, resulting in a loss of approximately $4M.
What happened #
dForce lost $3.65M on two L2 chains simultaneously to a Curve read-only reentrancy attack that was publicly documented and had already hit another protocol the previous month — before the exploiter returned all funds.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-053 — causal : ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — virtual price spike during reentrancy window is detectable post-hoc; the `get_virtual_price` manipulation is the core exploitable signal]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — virtual price spike during reentrancy window is detectable post-hoc; the `get_virtual_price` manipulation is the core exploitable signal]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Compound fork (dForce lending is Compound-inspired)]
- RD-F-127 — related : Upstream Compound has patches that may not be merged here [via dashboard_risk_factors/Forked?: Compound fork (dForce lending is Compound-inspired)]