Root Cause
Edel Finance is a DeFi lending protocol accepting tokenized real-world assets as collateral, including GOOGLx (tokenized Alphabet/Google stock). The protocol wraps these into wGOOGLx for use as collateral. The critical vulnerability was in the wrapper's exchange rate derivation: the wGOOGLx → GOOGLx conversion used a spot pool, not a time-weighted average price (TWAP), making it trivially manipulable within a single flash-loan transaction.
// Simplified vulnerable wGOOGLx wrapper (spot-pool rate — not TWAP)
contract WGOOGLxWrapper {
ISpotPool public pool; // <- manipulable within a single transaction
function wGOOGLxToGOOGLx(uint256 amount) public view returns (uint256) {
// Spot price: trivially moved by a large flash-loan trade
uint256 spotPrice = pool.getSpotPrice(address(wGOOGLx), address(GOOGLx));
return amount * spotPrice / 1e18; // <- 78x inflatable
}
}
// Lending protocol collateral valuation: two-hop oracle path
function getCollateralValue(uint256 wGOOGLxAmount) external view returns (uint256) {
// Hop 1: wGOOGLx -> GOOGLx via manipulable spot pool
uint256 GOOGLxAmount = wrapper.wGOOGLxToGOOGLx(wGOOGLxAmount);
// Hop 2: GOOGLx -> USD via Chainlink (correct, but hop 1 was already inflated)
return GOOGLxAmount * chainlinkGOOGLxUsdPrice / 1e8;
}
Chainlink price feeds for Alphabet stock (GOOGL/USD) were correctly implemented and were not at fault. The vulnerability was exclusively in the wrapper layer between wGOOGLx and GOOGLx.
Attack Steps
| Step | Action | Detail |
|---|---|---|
| 1 | Flash loan | Borrowed 180,000 USDC from Morpho Blue |
| 2 | Manipulate spot pool | Executed large wGOOGLx/GOOGLx trade to skew spot price ~78× (7,700%) |
| 3 | Collateral overvalued | Edel Finance read the inflated wGOOGLx→GOOGLx spot rate; collateral valued at 78× real worth |
| 4 | Borrow real assets | Deposited minimal real wGOOGLx; borrowed real assets against 78× phantom collateral value |
| 5 | Repay flash loan | Returned the 180,000 USDC + fees |
| 6 | Launder | Moved stolen funds to Tornado Cash |
| 7 | Protocol response | Edel paused all V1 contracts; committed to covering losses from own reserves |
Impact
- Loss: $403,000 from Edel Finance on Ethereum
- Attack capital: $180,000 Morpho Blue flash loan
- Oracle note: Chainlink GOOGL/USD price feeds were NOT compromised — the bug was in the custom
wGOOGLxwrapper layer - Funds: Moved to Tornado Cash
- Protocol response: All V1 contracts paused; Edel committed to covering losses from its own reserves
Lessons for Auditors
- Never use spot prices for collateral valuation: Any exchange rate used to compute collateral value must use a TWAP over a sufficient observation window (typically 30+ minutes on Uniswap v3, using
observe()) to resist flash-loan manipulation. Spot prices are trivially moved within a single transaction. - Wrapper layers introduce independent attack surface: When wrapping RWA or yield-bearing tokens, the wrapper's exchange rate mechanism is a first-class security concern — audit it as carefully as the underlying oracle. A correct Chainlink feed does not protect against a manipulable wrapper rate sitting between the feed and the lending contract.
- Multi-hop oracle paths: Protocols computing
wToken → Token (spot pool) → USD (Chainlink)have a two-hop oracle path. Each hop must be independently validated for manipulation resistance — one secure hop does not guarantee the other. - Flash loan invariant checks: Consider adding per-block price change circuit breakers or requiring TWAP/spot price consistency checks before accepting collateral valuations derived from any AMM pool.