Bonzo Lend Loses $9M in Oracle Exploit as Fake SAUCE Price Drains Protocol
- An attacker borrowed about US$9.05 million (AU$13 million) from the Hedera lending protocol on July 11 after a price update carrying a zeroed signature passed Supra’s third-party oracle verifier.
- The fake update inflated SAUCE’s price by roughly twelve orders of magnitude; a second wallet that took about US$1 million (AU$1.44 million) identified itself as a white-hat and committed to returning the funds.
- Hedera said the incident was isolated to the external oracle verifier, and Supra acknowledged the flaw and deployed a fix on Hedera mainnet.
Bonzo Lend, a lending protocol on the Hedera network, lost about US$9.05 million (AU$13 million) on July 11 after an attacker pushed a fake price update through a flaw in Supra’s third-party oracle verifier, inflating the price of the SAUCE token and borrowing against collateral worth a fraction of the loans taken.
The attack began at about 00:51 UTC, according to Bonzo’s incident report. A wallet, which the team labels Wallet A, submitted a price update signed with a zeroed signature, which Supra’s verifier accepted as valid.
The update set SAUCE’s price at one followed by thirty zeroes, against an actual market price of about 0.2 HBAR, inflating the token’s value by roughly twelve orders of magnitude. With SAUCE collateral priced at that level, the wallet drained the protocol’s lending pools.
A second wallet took about US$1 million (AU$1.44 million) using the same flaw. That wallet has since contacted the team, identified itself as a white-hat responder and committed to returning the funds, Bonzo said, so the team excludes it from the headline loss.
Related: DeFi Portfolio Tracker Zapper to Shut Down After Seven Years
A Zeroed Signature Passed the Verifier
Bonzo’s report traces the failure to how Supra’s verifier checked signatures. “The pairing precompile was asked whether a specific equation held, and it correctly answered yes. Supra’s verifier then treated that ‘yes’ as proof of a valid committee signature, which it never was,” the report states.
The team stressed that its own contracts priced collateral and computed borrowing capacity exactly as coded: “At no point did Bonzo Lend’s contracts malfunction.”
Hedera backed that account, stating the failure occurred upstream in the oracle layer and that the network’s consensus and core services were not compromised. Supra acknowledged the verification exploit and deployed a fix to the affected contract on Hedera mainnet, and is working with security researchers to analyse the attack.
Bonzo paused its Lend and Points products after the exploit, while its Vaults, Bridge and staking products continue operating. Total value locked in the protocol fell from about US$14.3 million (AU$20.6 million) on July 10 to about US$3.2 million (AU$4.6 million) by July 12, a drop of roughly 78 per cent, according to DefiLlama data.
The team said it is coordinating with the white-hat responder on the return of funds and working out conditions for lifting the pause and reopening withdrawals for liquidity providers.
Read more: Zcash Jumps 12% as Developers Near Proof Against Hidden Counterfeit Bug