Home
News
Details

HypurrFi Discloses Rounding Error Vulnerability in Aave V3, Pauses XAUT0 and UBTC Markets

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
AAVE
$83.1513.05%
AI summary iconSummary

expand icon
HypurrFi, a non-custodial lending protocol on HyperEVM, disclosed a vulnerability involving a "rounding error" in Aave V3 versions prior to 3.5. Attackers could exploit this flaw by repeatedly executing supply/withdraw and borrow/repay actions to drain tokens. The XAUT0 and UBTC markets on HypurrFi Pooled are affected. User funds remain secure, and new supply and lending have been paused, while withdrawals and repayments remain enabled. Through its on-chain monitoring system, the issue was detected promptly, and the affected markets were frozen. HypurrFi is collaborating with other Aave deployers and security researchers. On-chain updates highlight the ongoing partnership with security experts and other Aave forks to secure the protocol.

ChainCatcher report: HypurrFi, HyperEVM’s native non-custodial lending protocol, posted on X that versions of Aave V3 prior to 3.5 contain a "rounding error" vulnerability. Under specific conditions, attackers could exploit this by repeatedly executing supply/withdraw and borrow/repay cycles to extract underlying tokens. The affected markets are XAUT0 and UBTC within HypurrFi Pooled. User funds are currently not at risk; for safety, new deposits and borrowing have been paused in these markets, while withdrawals and repayments remain fully functional. All other markets are operating normally. HypurrFi added that it swiftly detected the issue on-chain via its internal monitoring system and promptly froze the affected markets. The team is currently collaborating with other Aave deployers and security researchers to resolve the issue and invites other Aave fork projects to reach out for additional security information.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.