Curve Finance, a leading decentralized exchange protocol, has initiated a formal investigation into a recent exploit targeting the sDOLA LlamaLend market. The security breach, which occurred on March 3, 2026, involved a sophisticated manipulation of the price oracle and market liquidity. While the attacker managed to extract a relatively small profit, the incident has prompted a rigorous review of how vault collateral is handled within the ecosystem to prevent future vulnerabilities.
Mechanism of the sDOLA Market Exploit
Preliminary data suggests the attacker leveraged a specific vulnerability related to the price oracle utilized by sDOLA, combined with the presence of sDOLA amounts in the market that exceeded its underlying collateral. This structural weakness allowed for a "donation attack", a method where an actor artificially inflates the value of a vault's assets to manipulate lending parameters.
Technical analysis indicates that the breach primarily impacted the internal accounting of the sDOLA vault rather than the broader Curve protocol liquidity pools.
The consequences of the attack were distributed across different user groups within the LlamaLend ecosystem:
- Borrowers: Those who used sDOLA as collateral faced liquidations as the oracle manipulation triggered automated safety protocols.
- Lenders: The Curve team confirmed that lenders remained unaffected, with their principal capital secured.
- sDOLA Holders: Interestingly, standard holders of the token realized minor gains due to the nature of the asset rebalancing during the incident.
Security Enhancements and LlamaLend V2
In response to the exploit, the Curve Finance development team is conducting a comprehensive audit of similar markets to identify potential risks. A primary focus of the investigation is ensuring the robustness of LlamaLend V2. The upcoming iteration of the lending platform is designed to remain resilient against donation attacks, regardless of market size or the specific type of vault collateral used.
The team is further investigating the possibility of other similar existing markets being affected and ensuring that LlamaLend V2 remains secure even when facing vault collateral susceptible to "donation attacks" across all market sizes.
This incident highlights the ongoing challenges of DeFi composability, where the interaction between different yield-bearing tokens and lending markets can create unforeseen attack vectors. Curve Finance continues to monitor the situation, prioritizing the security of its Ethereum-based smart contracts and maintaining transparency with its community regarding the technical remediation steps being taken.
Frequently Asked Questions
Quick answers to the most common questions about this topic.