Inverse Finance: SushiSwap TWAP Oracle Manipulation — Thin Liquidity Governance Token

Summary #

Inverse Finance suffered a Lending Protocol on 2022-04-02, resulting in a loss of approximately $16M.

What happened #

An MEV-sophisticated attacker inflated INV's price 50x on a thin SushiSwap pool, blocked arbitrage bots from correcting it across multiple blocks, then borrowed $15.6M from Inverse Finance against $644k of real collateral.

Linked factors #

• RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
• RD-F-007 — causal : Direct: bug bounty presence + max payout [via cross-hack: Factor 9: No Bug Bounty Program] || Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
• RD-F-053 — causal : ★ Oracle source = spot DEX pool (no TWAP, no fallback) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering] || ★ Oracle source = spot DEX pool [via cross-hack: Factor 25: Single-Source TWAP Oracle From Low-Liquidity Pool Used as Lending Collateral]
• RD-F-055 — related : Underlying oracle pool depth (USD) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering] || Underlying oracle pool depth [via cross-hack: Factor 25: Single-Source TWAP Oracle From Low-Liquidity Pool Used as Lending Collateral]
• RD-F-056 — related : Single-pool oracle (no medianization) [via cross-hack: Factor 16: Single-Source VWAP / Thin-Liquidity Oracle Without Flash Swap Filtering]
• RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Tornado Cash withdrawal; 500 ETH buy of INV on thin SushiSwap pool causing 50x price spike]
• RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — INV price spiked 50x on SushiSwap; visible on-chain immediately]