sDOLA-crvUSD Curve LLAMMA Pool Flash Loan Exploit
- DeFi Protocol
- Security
- Lending

An attacker used a ~$30M flash loan to manipulate the oracle price in a sDOLA-crvUSD Curve LLAMMA (LlamaLend) pool, enabling the liquidation of 27 user positions for ~$240K profit. The exploit targeted an improperly configured oracle in an external pool using Inverse Finance's DOLA/sDOLA tokens. Security firms CertiK and BlockSec confirmed that Inverse Finance's core contracts were not affected—the root cause was a spot price oracle vulnerability in the Curve pool that allowed atomic manipulation through flash-loan-funded redemption and restaking donations.
Incident Details
- Type
- PROTOCOL EXPLOIT
- Funds Lost
- $240K
- Status
- Total loss
Security firms clarified Inverse Finance core contracts unaffected. Exploit targeted external Curve LLAMMA pool with misconfigured spot price oracle.