Wault WUSD Minting Attack Root Cause Analysis

An economic attack rooted in the design of WUSD

The Exploit

At around 2 AM UTC on Aug 4, Wault’s WUSD on BSC was exploited and drained $800k (370 ETH) out of the WUSD/BUSD LP.

How?

  1. Borrow 16.8M WUSD of flash loan and redeemed into 15M USDT and 106M WEX.
  2. Borrowed 40M USDT of flash loan.
  3. Swapped 518M WEX with USDT. (At a rather cheap price.)
  4. Minted 250K WUSD with 250K USDT. Repeated many times. Passivity bought $25K WEX each time, pushing the price higher.
  5. Dumped 624M WEX (from step 1 and step 3) at a higher avg price.
  6. Dumped WUSD through WUSD/BUSD LP. Repaid the flash loans.

Why?

We believe this is an economic attack rooted in the design of WUSD.

About Us

WatchPug is a smart contract security team with the goal of elevating the security, privacy, and usability of the current DeFi ecosystem. For the need for smart contract auditing, please contact us at Twitter or Telegram.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store