Full Report
On March 4th 2025, Cork Protocol Beta was exploited for 3,761 wstETH. This article explains the exploit methods used in the real attack. The project had two audit contests from Sherlock and Cantina, two audits from Quantstamp and Spearbit, formal verification work done by Runtime Verification. It's interesting that this wasn't caught in earlier stages but it's hard to say whether this vulnerability was alive during the audits. The exploit contained two exploits to make his viable. The first vulnerability was a rollover pricing issue. The Cover Token Extraction involves a pricing mechanism tied to automation to determine the price of the Cover Tokens/Depeg Swaps. The mechanism for price computing for risk premium trades on DS trades (buy and sell) is calculated based upon the trade amount and expiry. For instance, 0.02 with 1 year to expiry is a 2% risk premium. When the market progresses towards the expiration, it should gain in value. The shorter timeframe poses less possibilities for a disaster to strike. The algorithm used to calculate this is (F/Pt)1^T, where T is time left. When the expiry time is very close to the end, this creates a crazy edge case. For instance, 0.02 price home hour before expiry creates a 17520% risk premium. This skyrocketed premium calculations at the end. The exploiter purchased 2.5 DS with 19 minutes prior to the expiry which resulted in a 1779.7% risk premium. When this price rolled over to the next step, it was highly skewed. In particular, the exploiter converted 0.0000029 wstETH to 3760.8813 CT. This drained the entire supply of the Cover Tokens from the AMM. The second vulnerability was a pretty deep access control issue. In UniswapV4, there are hooks that can be added to calls. The Cork hook functionality on the FlashSwapRouter contract contained an access control vulnerability. Although it contained some validation on the callback origins, it was bypassable via spoofing particular input parameters. The Cork article says this was highly sophisticated; the Rekt.news article said it was pretty standard. I find it interesting that these vulnerabilities were missed. According to the rekt.news article, it was out of scope for some of the audits.
Analysis Summary
# Incident Report: Cork Protocol Beta wstETH Vault Exploitation
## Executive Summary
On May 28, 2025, Cork Protocol was exploited for 3,761 wstETH (approximately $12M USD) via a sophisticated two-pronged attack targeting its wstETH:weETH Liquidity Vault. The attacker leveraged a pricing edge case in the protocol’s rollover logic and a missing access control check in a Uniswap V4 hook implementation. The project immediately paused all contracts, and $20M in other vaults remains secure while recovery efforts continue.
## Incident Details
- **Discovery Date:** May 28, 2025, 11:43 UTC
- **Incident Date:** May 28, 2025, 11:39 UTC
- **Affected Organization:** Cork Protocol
- **Sector:** Decentralized Finance (DeFi) / Yield & Risk Management
- **Geography:** Global / Ethereum Mainnet
## Timeline of Events
### Initial Access
- **Date/Time:** May 28, 2025, 11:39 UTC
- **Vector:** Exploitation of automated rollover pricing mechanics.
- **Details:** The attacker purchased 2.5 Depeg Swaps (DS) 19 minutes before expiry. Due to the $(\frac{F}{P_t})^{\frac{1}{T}}$ algorithm, the risk premium skyrocketed to 1779.7%. This skewed the subsequent rollover price, allowing the attacker to exchange a negligible 0.000002 wstETH for 3,760.88 Cover Tokens (CT), draining the AMM's CT supply.
### Lateral Movement
- **Vector:** Access Control Vulnerability in FlashSwapRouter.
- **Details:** The attacker deployed a malicious contract that mimicked a Uniswap V4 hook. By spoofing input parameters, the attacker bypassed authorization checks in the `Cork Hook` contract—which lacked a critical upstream security update—allowing them to unauthorizedly withdraw 3,761 Depeg Swaps.
### Data Exfiltration/Impact
- **Details:** With both the nearly-free CT and the unauthorized DS tokens in hand, the attacker called `returnRaWithCtDS` on the Peg Stability Module (PSM). This burned the tokens to withdraw 3,761 wstETH from the vault. The assets were swapped to ETH via 1inch.
### Detection & Response
- **Detection:** Alerted by Hypernative at 11:43 UTC (4 minutes post-exploit).
- **Response:** The team initiated a "War Room" with auditors (Spearbit, Quantstamp, etc.) and executed pause transactions on all Liquidity Vaults and protocol functions by 12:35 UTC.
## Attack Methodology
- **Initial Access:** Pricing manipulation via temporal edge cases (time-to-expiry decay).
- **Persistence:** N/A (Atomic transaction exploit).
- **Privilege Escalation:** Bypassing `BaseHook` authorization checks via malicious contract calls.
- **Defense Evasion:** Spoofing callback origins and input parameters to bypass `FlashSwapRouter` validation.
- **Impact:** Draining of the primary Liquidity Vault via symmetry of CT/DS token redemption.
## Impact Assessment
- **Financial:** Loss of 3,761 wstETH (approx. $12M); $20M remains locked/safe.
- **Data Breach:** No sensitive user PII breached; smart contract logic compromised.
- **Operational:** All protocol functions paused; redevelopment and migration required.
- **Reputational:** High; vulnerabilities existed despite multiple audits by top-tier firms (Quantstamp, Spearbit, Runtime Verification).
## Indicators of Compromise
- **Network Indicators:** hxxps://etherscan[.]io/address/0xea6f30e360192bae715599e15e2f765b49e4da98 (Attacker Address)
- **Behavioral Indicators:** Large-scale CT/DS redemption immediately following a vault rollover; 1inch aggregator swaps of wstETH to ETH.
## Response Actions
- **Containment:** Emergency pause of all protocol contracts via multisig.
- **Eradication:** Identification of the missing Uniswap V4 periphery security check and the rollover pricing flaw.
- **Recovery:** Ongoing collaboration with tracing firms to recover funds; planning redeployment to allow user withdrawals.
## Lessons Learned
- **Scope Limitations:** Audits may miss vulnerabilities if specific dependencies (like Uniswap periphery hooks) are considered out of scope.
- **Temporal Edge Cases:** Algorithmic pricing models involving time ($T$) must have safeguards as $T \to 0$.
- **Upstream Dependencies:** Protocols must actively track security updates in inherited or imported library code (e.g., Uniswap V4 `BaseHook` updates).
## Recommendations
- **Pricing Guards:** Implement "sanity bounds" on risk premiums to prevent astronomical pricing near expiry.
- **Enhanced Hooks:** Integrate the latest Uniswap V4 security patches, specifically explicit authorization checks on callback origins.
- **Invariant Monitoring:** Deploy real-time monitoring to auto-pause vaults if the CT/DS ratio deviates from expected collateralization math.