1/ On November 4th at 05:45:11 AM UTC, the Moonwell protocol was exploited via a Chainlink oracle malfunction that reported secondary market prices, leading to a $1 million loss.
2/ The Chainlink wrsETH oracle should have reported 1.057; however, it reported 1.7m, a discrepancy of 7 orders of magnitude, enabling the attack.
3/ While we cannot confirm the Chainlink pricing methodology, because of the time proximity to the exploit, it looks like they were dependent on pools with depleted liquidity, post the Balancer exploit.
4/ Interesting to observe:
1) more nodes ≠ more security
2) quality of node operators matters.
The screenshot below shows that in this price round, the jury was split; some reported inflated values, while the minority reported the correct price.
5/ Chainlink’s oracle mispriced wrsETH at $5.8B
This was 1.7m times the real rate.
Clearly missing key guardrails, such as CAPO limiters or liquidity requirements on data sources.
A reminder: price feeds are risk systems.
6/ Price Oracle vs. Risk Oracle is a false dichotomy.
You can’t segregate price from risk.
Asset classes are exploding:
- wrapped assets
- RWAs
- derivatives
- etc.
As the sophistication of assets grows, “median of unvetted feeds” doesn’t cut it anymore.
7/ What should be the approach for pricing asset-backed collateral?
For wrapped assets, pricing usually follows the primary exchange rate.
However, Moonwell assumed the use of the Chainlink market oracle, a non-standard choice for a looping asset like wETH.
8/ Using a secondary market rate for a looping collateral is irregular - but it wasn’t the direct cause of the exploit.
The real problem is structural.
9/ This exploit highlights the missing link between Oracle design and risk intelligence.
Every data feed integrated into a market should undergo the same scrutiny as any collateral: it should be tested, monitored, and bounded by enforceable limits.
Oracles are risk systems.
10/ For anyone interested in possible mitigations
In this case, there are a few, from the selection of the feed to the implementation of it.
@aave has implemented the CAPO framework, which serves as an upper limit for exchange rate oracles to prevent manipulation.
92.88K
279
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.