Raft: Flash loan + collateral inflation via position liquidation → infinite R mint → stablecoin dump
The Raft attacker executed a sophisticated $3.3M exploit to mint 6.7M R stablecoin — then accidentally sent all profits to the Ethereum burn address due to an uninitialized delegatecall storage slot, ending up $8K out of pocket.
Summary #
Raft suffered a CDP / Algorithmic Stablecoin (R stablecoin) on 2023-11-10, resulting in a loss of approximately $3M.
What happened #
The Raft attacker executed a sophisticated $3.3M exploit to mint 6.7M R stablecoin — then accidentally sent all profits to the Ethereum burn address due to an uninitialized delegatecall storage slot, ending up $8K out of pocket.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-008 — illustrative : Bug survived review (RD-F-008 = ignored disclosure; closest semantic match for audit-missed-bug) [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Audited — bug survived Trail of Bits review]
- RD-F-012 — causal : delegatecall with user-controlled target [via cross-hack: Factor 22: Delegatecall-to-Proxy in Handler Registry] || delegatecall with user-controlled target [via cross-hack: Factor 45: Delegatecall Uninitialized Storage Slot]
- RD-F-039 — related : ★ delegatecall in proposal execution path [via cross-hack: Factor 22: Delegatecall-to-Proxy in Handler Registry]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing (Y/N): Y — 6.7M R minted in a single transaction against flash-loan-inflated collateral]
- RD-F-143 — related : ★ Reinitializable implementation [via cross-hack: Factor 45: Delegatecall Uninitialized Storage Slot]