Saddle Finance: Flash Loan + LP Token Price Manipulation (Old MetaSwapUtils Library)
Saddle Finance lost $11M to the exact attack vector they had patched 5 months earlier — the fix existed in the codebase but was never applied to the vulnerable metapool.
Summary #
Saddle Finance suffered a DEX / Stableswap AMM on 2022-05-01, resulting in a loss of approximately $11M.
What happened #
Saddle Finance lost $11M to the exact attack vector they had patched 5 months earlier — the fix existed in the codebase but was never applied to the vulnerable metapool.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Flash loan activity; repeated sUSD/LP swap pattern in metapool]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — LP token price manipulation detectable as price deviation from VirtualPrice baseline]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — Curve Finance fork (extensively)]