Table of contents
With the emergence of the ERC-4626 standard, its growing adoption since mid-2022 has positively influenced the use of tokenized vaults across DeFi protocols. However, its unique characteristics and exchange rate functionalities introduce inherent risks for protocols that are not adequately prepared to handle tokens capable of organic inflation.
This article explains the risks involved in integrating ERC-4626 tokens into various protocols and demonstrates how their built-in features—while not vulnerabilities in themselves—can still lead to critical exploits if not properly managed.
Before diving into ERC-4626, it is essential to understand how yield-bearing vaults work.
Yield-bearing vaults are smart contracts designed to optimize and maximize returns from deposited tokens. These vaults have an underlying asset, such as USDT, which users can deposit to start earning yield.
The generated yields come from multiple strategies executed across various DeFi protocols, including lending, borrowing, liquidity provisioning, staking, and arbitrage.
Each vault's profit strategy depends on its specific smart contract implementation. Typically, a yield-bearing vault ranks different protocols according to their profitability, allocating portions of the pooled assets to the most profitable protocols while maintaining reserves for withdrawals.
Users depositing assets into a vault receive shares—tokens representing their proportional ownership of the vault. These shares can later be redeemed for the initial deposit + any earned returns.
A simplified representation of a yield-bearing vault would look like this:
ERC-4626 is an extension of the ERC-20 standard and was introduced to standardize the creation of tokenized vaults, which can be used, for example, to create the yield-bearing vaults explained above. However, its utility extends beyond just yield-bearing vaults, and it also supports other token structures like liquid staking tokens (LSTs) or rebasing tokens in order to facilitate integration with other DeFi protocols. The standard establishes a universal interface facilitating consistent methods for deposits and withdrawals with accrued interest or yields.
However, it is crucial to emphasize that ERC-4626 vaults themselves do not execute yield strategies. Their functionality focuses solely on managing deposits and redemptions, allowing users to retrieve more tokens for the same amount of shares as the vault's underlying asset balance increases.
When creating an ERC-4626 vault, developers must define an underlying asset token address (e.g., USDT). Users then deposit this asset into the ERC-4626 vault contract, receiving shares in return. The amount of shares received represents a user's proportional stake in the vault.
As the vault accumulates more assets—whether from yield farming, investments, or donations—the shares appreciate proportionally. Users redeem their shares to receive their original tokens plus their share of any additional gains accumulated by the vault.
In ERC-4626, the functions for depositing assets (deposit/mint) and redeeming assets (withdraw/redeem) utilize internal conversion functions (convertToShares and convertToAssets). These functions handle conversions between the underlying asset and shares, ensuring accurate proportional distribution.
Though it may seem complex at first, the exchange calculation between assets and shares is relatively simple, resembling a basic rule of three:
In other words, user profitability from shares is strictly tied to the organic growth of the vault's total assets, not from subsequent deposits by other users.
Note: In conversion calculations, the _decimalsOffset() function is used to determine virtual share rates as a safety measure to mitigate the impact and profitability of vault inflation attacks. For more details about this specific attack type, please refer to our blog post: A Novel Defense Against ERC-4626 Inflation Attacks.
Due to the inherent functionality of ERC-4626 vaults, protocols integrating these tokens typically use the vault's internal exchange rate (assets per share) as a reference for pricing the tokens.
For example, consider a protocol that integrates a tokenized vault such as wUSDM (an ERC-4626 token). To price wUSDM in USD, the protocol:
However, relying on internal exchange rates exposes protocols to a specific form of price manipulation known as the "Direct Donation Attack." In this scenario, a malicious actor inflates the vault’s totalAssets by directly donating assets. This is fundamentally different from a typical deposit because no new shares are created during this direct donation process.
Consequently, while a regular deposit would proportionally increase both the totalAssets and totalSupply (the number of shares), thereby preserving the share's value, a direct donation exclusively increases the totalAssets. This results in an immediate increase in the value represented by each existing share, creating significant risks for protocols unprepared for such rapid and unpredictable price movements.
In the context of lending protocols, when the exchange rate is determined directly from the vault contract and the ERC-4626 tokens are used as base assets (assets available for borrowing), inflation via donation attacks presents two major risks:
Consider a lending protocol utilizing wUSDM as its base asset, and observe the following scenario:
Next, exploiting the relatively low liquidity of the vault:
This clearly illustrates how lending protocols can suffer from bad debt if they fail to adequately handle ERC-4626 token inflation risks.
The issues previously described concerning the manipulation of ERC-4626 token valuations become particularly pronounced in protocols that use Time-Weighted Average Price (TWAP) oracles from Automated Market Makers (AMMs). Typically, TWAP oracles help prevent sudden price manipulations by averaging token prices over extended periods.
However, ERC-4626 tokens are fundamentally different. When an attacker inflates the total asset count of an ERC-4626 vault, the increase is permanent. This permanence means that arbitrageurs, who would normally restore equilibrium by correcting token prices for standard ERC-20 assets, are unable to correct the ERC-4626 token price inflation. Instead, the attacker themselves captures the arbitrage immediately, locking the AMM price into alignment with the inflated vault price.
This results in an unavoidable gradual increase in the TWAP over its averaging period (commonly 30 minutes). An attacker who anticipates this predictable rise in price can exploit protocols that rely on AMM TWAP oracles initially recording lower token valuations.
As this price inflation occurs organically and irreversibly, usual market corrective actions like additional minting or redeeming by other users have no effect. Consequently, stopping the attack requires impractical measures such as:
Thus, protocols integrating ERC-4626 tokens with AMM TWAP oracles must recognize this unique risk of arbitrary manipulations.
Historically, there have been multiple critical exploits involving the price manipulation of ERC-4626 tokens, most notable being the 2021 attack against CREAM Finance. More recently, in February 2025, the Venus protocol experienced a similar attack on the zkSync network, resulting in an attacker profiting approximately 86 WETH while leaving the protocol with significant bad debt. The attacker’s transaction can be found here.
Several factors enabled this exploitation:
To clearly illustrate how this exploit unfolded, we'll break it down into four key phases.
Initially, the attacker borrowed 2100 WETH via a flash loan from AAVE, subsequently depositing these tokens into the Venus protocol to enhance borrowing capabilities.
Utilizing two separate accounts (Account A and Account B), the attacker performed multiple loops of borrowing and redepositing wUSDM:
By repeatedly conducting these borrowing and redeposit cycles, Account A reached its maximum borrowing limit (collateral factor), while Account B amassed a considerable supply record.
In the final leverage loop, Account B minted 303,000 wUSDM, transferring 107,000 wUSDM back to Account A, retaining 55,000 wUSDM.
Account A then borrowed an additional 303,000 wUSDM, totaling 411,000 wUSDM, and redeemed these for 439,000 USDM.
These USDM tokens were donated directly to the vault, inflating the wUSDM price approximately 1.7 times due to low vault liquidity.
Following the inflation, Account A’s loan became severely undercollateralized, allowing Account B to initiate liquidations:
At the liquidation's conclusion, Account B retrieved approximately 1498 WETH and still maintained additional borrowing power due to the inflated deposit value. This allowed Account B to borrow an additional 162 WETH from the protocol. All WETH was subsequently transferred back to Account A.
Ultimately, the attacker netted approximately 2186 WETH (1498 WETH from liquidation, 526 WETH unused from initial collateral, and 162 WETH borrowed post-liquidation), resulting in a profit of about 86 WETH and substantial bad debt for the Venus protocol.
To effectively mitigate the risks outlined above, protocols integrating with ERC-4626 tokens must implement robust security measures. These may include adopting a Correlated-Assets Price Oracle (CAPO) to prevent rapid and excessive price inflation, as well as a rapid-response Kill-Switch mechanism to swiftly address severe volatility and manipulation attempts.
A CAPO helps prevent sudden and aggressive asset price inflation by limiting how quickly an asset's exchange rate can increase over a specified timeframe. CAPO sets predefined constraints, including:
The CAPO logic is straightforward:
This strategy ensures that price manipulation via donation or other aggressive inflation tactics can be effectively controlled.
A kill-switch function, similar to the mechanism employed by AAVE, offers a rapid-response safeguard against extreme market volatility or manipulation. Unlike manual or governance-based emergency measures that can be slow and inefficient, a kill switch can immediately pause market activities when severe anomalies are detected, significantly reducing the risk of catastrophic outcomes.
This rapid-response mechanism can be implemented through:
This article explored the inherent risks associated with integrating ERC-4626 tokens into DeFi protocols, highlighting key vulnerabilities related to exchange rate manipulation via donation-based inflation attacks. Real-world cases, including the recent incident involving the Venus protocol, were analyzed to illustrate these risks clearly. Strategic defense measures, such as the implementation of a Correlated-Assets Price Oracle (CAPO) and a rapid-response Kill Switch, were also discussed. By proactively implementing robust protective measures, protocols can significantly reduce their exposure to manipulation risks and contribute to a more secure and stable DeFi ecosystem for all participants.