Warp Finance: Flash loan + Uniswap V2 LP token spot oracle manipulation → inflated collateral → over-borrow drain

Summary #

Warp Finance suffered a Lending / Stablecoin Vault on 2020-12-17, resulting in a loss of approximately $8M.

What happened #

Warp Finance lost $7.8M when an attacker used $231M in flash loans to double the WETH-DAI LP token spot price and borrow far beyond real collateral value — but left their own LP tokens locked in the vault, enabling partial recovery via liquidation.

Linked factors #

• RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
• RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown; attacker left collateral locked creating a natural bounty for liquidation]
• RD-F-053 — causal : ★ Spot DEX pool oracle without TWAP — root cause [via realtime_signals/Oracle anomaly: Y — Uniswap V2 WETH-DAI LP spot price doubled mid-transaction; observable if monitoring oracle price deviation]
• RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y — Uniswap V2 WETH-DAI LP spot price doubled mid-transaction; observable if monitoring oracle price deviation]