{"id":22497072,"url":"https://github.com/anajuliabit/euler_hack_poc","last_synced_at":"2026-05-18T06:04:22.076Z","repository":{"id":204687743,"uuid":"711218357","full_name":"anajuliabit/euler_hack_poc","owner":"anajuliabit","description":"Euler Incident POC ","archived":false,"fork":false,"pushed_at":"2023-12-11T14:34:36.000Z","size":560,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-27T21:32:50.725Z","etag":null,"topics":["ethereum","evm","exploit","foundry","invariants","solidity"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anajuliabit.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-28T15:09:18.000Z","updated_at":"2025-03-07T20:08:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"a4bfb024-e12f-4d43-80dc-63f2c94b0ede","html_url":"https://github.com/anajuliabit/euler_hack_poc","commit_stats":null,"previous_names":["anajuliabit/euler_hack_poc"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/anajuliabit/euler_hack_poc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anajuliabit%2Feuler_hack_poc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anajuliabit%2Feuler_hack_poc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anajuliabit%2Feuler_hack_poc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anajuliabit%2Feuler_hack_poc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anajuliabit","download_url":"https://codeload.github.com/anajuliabit/euler_hack_poc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anajuliabit%2Feuler_hack_poc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274852110,"owners_count":25361741,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethereum","evm","exploit","foundry","invariants","solidity"],"created_at":"2024-12-06T20:16:07.128Z","updated_at":"2026-05-18T06:04:17.058Z","avatar_url":"https://github.com/anajuliabit.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"* Euler Finance Incident POC\n** Overview\nAfter the hack, the protocol's TVL plummeted by around 75%, causing it to lose over $200 million. As a result, the protocol became rekt, with its current TVL standing at a mere $77k. This event had a ripple effect on other protocols, including Balance and Angle Protocol, as reported on [[https://rekt.news/euler-rekt/][rekt news]]. This repository contains a POC showcasing the hack, which was executed using reverse engineering techniques.\n\n** The [[https://etherscan.io/tx/0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d][attack transaction]] step-by-step:\n1. Call flahsloan on AaveV2 - although I did the POC using AaveV3\n2. Transfer the full loan balance to the violator contract\n3. Deposit 2/3 to Euler eDAI\n4. Create a 10x artificial eDAI leverage\n5. Repay half of the DAI violator’s position, causing dDAI balance to decrease\n6. Create another 10x artificial eDAI leverage\n7. Donate half of eDAI leveraged balance to the reserve of the eDAI\n8. Liquidates the violator position\n\n** Running\n- Clone this repo\n- =cp .env.example .env= and update the MAINNET_RPC_URL\n- If you have Nix installed, running =nix develop= will give you access to a shell with Foundry. Otherwise, ensure you have it installed\n- Run exploit POC: =make exploit=\n- Run invariant test: =make invariant=\n\n** Best Practices Recommendation\nUpon reviewing Euler Finance, it appears that [[https://github.com/euler-xyz/euler-contracts/blob/master/docs/invariants.md][invariants.md]] contains the missing invariant checks, since there are no tests written for those invariants in [[https://github.com/euler-xyz/euler-contracts/blob/master/contracts/test/InvariantChecker.sol][InvariantsChecker.sol]].\n\nOne of the invariants is as follows:\n    /No protocol action should be able to result in an account with risk adjusted liability \u003e risk adjusted assets (checkLiquidity failing)/\n\nThe root cause of the vulnerability was the lack of a health check in the account of the =donateToReserves= method caller. The situation could have been avoided if the aforementioned invariant test had been conducted.\n\nTo demonstrate an example of an invariant test, I've provided [[file:test/Invariant.t.sol][Invariant.t.sol]]. You can execute the test by running =make invariant=.\nPlease note that the test intentionally fails to exhibit the violation of the invariant.\n\nYou can comment out line 52 on [[file:test/Handler.t.sol][Handler.t.sol]] to verify that the =donateToReserves= call is responsible for the invariant violation.\n\n** References\n- [[https://medium.com/@omniscia.io/euler-finance-incident-post-mortem-1ce077c28454][Omniscia Euler Finance Incident Post-Mortem]]\n- [[https://rekt.news/euler-rekt/][Rekt News]]\n- [[https://defillama.com/protocol/euler][Defi Llama]]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanajuliabit%2Feuler_hack_poc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanajuliabit%2Feuler_hack_poc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanajuliabit%2Feuler_hack_poc/lists"}