{"id":1093,"date":"2025-08-04T14:30:10","date_gmt":"2025-08-04T12:30:10","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=1093"},"modified":"2025-08-04T14:31:12","modified_gmt":"2025-08-04T12:31:12","slug":"resupply-hack-analysis","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/","title":{"rendered":"ResupplyFi Hack Analysis"},"content":{"rendered":"<div>On June 26, 2025 a single integer division flaw cost <a href=\"https:\/\/resupply.fi\/\">Resupply<\/a> $9.56M. The attacker exploited an ERC4626 &#8220;first donation&#8221; vulnerability in the cvcrvUSD vault&#8217;s ResupplyPair contract (<a href=\"https:\/\/etherscan.io\/address\/0x6e90c85a495d54c6d7e1f3400fef1f6e59f86bd6#code\">0x6e90c<\/a>). They stole $10M through in one flash loan transaction (<a href=\"https:\/\/app.blocksec.com\/explorer\/tx\/eth\/0xffbbd492e0605a8bb6d490c3cd879e87ff60862b0684160d08fd5711e7a872d3\">0xffbbd<\/a>).<\/div>\n<h2>How did this happen?<\/h2>\n<div>The ResupplyFi protocol contains a vulnerability in its handling of ERC4626 vault collateral that allows attackers to manipulate exchange rates and bypass loan-to-value (LTV) checks, resulting in unauthorized borrowing. This vulnerability was successfully exploited in a real-world attack, resulting in $9.56 million in losses just hours after the protocol&#8217;s deployment.<\/div>\n<h3>Vulnerability Details<\/h3>\n<h4>1. Exchange rate calculation vulnerability<\/h4>\n<div>\n<p><strong>Location<\/strong>: <em>ResupplyPairCore.sol:573<\/em><\/p>\n<\/div>\n<div>\n<pre><code class=\"language-solidity\">_exchangeRate = 1e36 \/ IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));<\/code><\/pre>\n<\/div>\n<div><strong>Issue<\/strong>: Integer division without rounding protection causes the exchange rate to round down to zero when the oracle price becomes extremely large.<\/div>\n<h4>2. ERC4626 donation attack vector<\/h4>\n<div><strong>Location<\/strong>: <em>ResupplyPairCore.sol:155-156<\/em><\/div>\n<div>\n<pre><code class=\"language-solidity\">underlying = IERC20(IERC4626(_collateral).asset());<\/code><\/pre>\n<\/div>\n<div>The protocol accepts ERC4626 vaults as collateral, which are vulnerable to donation attacks. In the real-world exploit, the attacker targeted the cvcrvUSD vault which was nearly empty at deployment:<\/div>\n<div>&#8211; Attacker can donate assets directly to the vault<\/div>\n<div>&#8211; This inflates the price per share dramatically<\/div>\n<div>&#8211; Oracle reports the inflated price accurately<\/div>\n<div>&#8211; Exchange rate calculation breaks: `1e36 \/ extremely_large_number = 0`<\/div>\n<h4>3. Broken solvency check<\/h4>\n<div><strong>Location<\/strong>: <em>ResupplyPairCore.sol:282<\/em><\/div>\n<div>\n<pre><code class=\"language-solidity\">uint256 _ltv = ((_borrowerAmount * _exchangeRate * LTV_PRECISION) \/ EXCHANGE_PRECISION) \/ _collateralAmount;\nreturn _ltv &lt;= _maxLTV;<\/code><\/pre>\n<\/div>\n<div>When <em>_exchangeRate = 0<\/em><\/div>\n<div>\n<p>&#8211; LTV calculation:<\/p>\n<pre><code class=\"language-solidity\">(_borrowerAmount * 0 * LTV_PRECISION) \/ EXCHANGE_PRECISION \/ _collateralAmount = 0<\/code><\/pre>\n<\/div>\n<div>\n<p>&#8211; Check: <em>0 &lt;= _maxLTV<\/em>\u00a0always <strong>returns true<\/strong><\/p>\n<p><strong>Result<\/strong>: Any amount of collateral allows unlimited borrowing<\/p>\n<\/div>\n<h3>Attack scenario<\/h3>\n<div><strong>Target<\/strong>: cvcrvUSD ERC4626 vault (nearly empty at deployment)<\/div>\n<div><\/div>\n<div>1. <strong>Initial manipulation<\/strong>:<\/div>\n<div>The attacker deposited 1 wei into the empty cvcrvUSD vault, and then made a large donation to artificially inflate `pricePerShare`.<\/div>\n<div><\/div>\n<div>2. <strong>Exchange rate corruption<\/strong>:<\/div>\n<div>The attacker:<\/div>\n<div>&#8211; Called <em>borrow()<\/em> on newly deployed ResupplyPair<\/div>\n<div>&#8211; Triggered oracle price fetch: <em>getPrices(address(collateral))<\/em><\/div>\n<div>&#8211; Price extremely high due to donation inflation<\/div>\n<div>&#8211;<em>_exchangeRate = 1e36 \/ price<\/em>\u00a0computed to zero via Solidity floor division<\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/07\/issue-scaled.png\" width=\"1337\" height=\"926\" \/><\/div>\n<div><\/div>\n<div>3. <strong>Solvency bypass<\/strong>:<\/div>\n<div>&#8211; <em>_isSolvent()<\/em> check used corrupted <em>_exchangeRate = 0<\/em><\/div>\n<div>\n<p>&#8211; LTV calculation:<\/p>\n<pre><code class=\"language-solidity\">(_borrowAmount * 0 * LTV_PRECISION) \/ EXCHANGE_PRECISION \/ _collateralAmount = 0<\/code><\/pre>\n<\/div>\n<div>\n<p>&#8211; Check <em>0 &lt;= _maxLTV<\/em> always returns true<\/p>\n<\/div>\n<div>4. <strong>Mass borrowing<\/strong>:<\/div>\n<div><\/div>\n<div>The attacker borrowed $10 million worth of reUSD using just 1 wei of collateral, and swapped and redistributed the stolen funds. This led to a <strong>final profit of $9.56 million<\/strong> split across multiple addresses.<\/div>\n<h4>Generic attack pattern<\/h4>\n<div>1. Target newly deployed or low-liquidity ERC4626 vault<\/div>\n<div>2. Donate large amount of underlying assets to inflate share price<\/div>\n<div>3. Mint minimal vault shares (1 wei)<\/div>\n<div>4. Oracle price inflates to astronomical levels<\/div>\n<div>5. Exchange rate rounds to zero due to integer division<\/div>\n<div>6. Deposit minimal collateral and bypass LTV checks<\/div>\n<div>7. Borrow maximum available funds<\/div>\n<h3>Recommendations<\/h3>\n<h4>\u00a0Immediate mitigations<\/h4>\n<div>1. <strong>Add an exchange rate floor<\/strong><\/div>\n<div>\n<pre><code class=\"language-solidity\">_exchangeRate = 1e36 \/ IOracle(_exchangeRateInfo.oracle).getPrices(address(collateral));\nrequire(_exchangeRate &gt; 0, &quot;Invalid exchange rate&quot;);\n_exchangeRate = _exchangeRate == 0 ? 1 : _exchangeRate;<\/code><\/pre>\n<\/div>\n<div>\n<p>2. <strong>Add minimum collateral requirements<\/strong><\/p>\n<\/div>\n<div>Enforce minimum deposit amounts for ERC4626 vaults and implement share\/asset ratio sanity checks.<\/div>\n<h2>References<\/h2>\n<div>&#8211; ERC4626 Standard: https:\/\/eips.ethereum.org\/EIPS\/eip-4626<\/div>\n<div>&#8211; ResupplyFi Official Response: https:\/\/x.com\/ResupplyFi\/status\/1938092252431036491<\/div>\n<div>&#8211; Target Vault: <strong>cvcrvUSD ERC4626 vault<\/strong><\/div>\n<div><\/div>\n<div>\n<hr \/>\n<\/div>\n<div><\/div>\n<div>Want to learn more? Read our recent <a href=\"https:\/\/ackee.xyz\/blog\/gmx-hack-analysis-attack-scenarios-with-wake\/\">blog covering the 2025 GMX hack<\/a>.<\/div>\n<div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>On June 26, 2025 a single integer division flaw cost Resupply $9.56M. The attacker exploited an ERC4626 &#8220;first donation&#8221; vulnerability in the cvcrvUSD vault&#8217;s ResupplyPair contract (0x6e90c). They stole $10M through in one flash loan transaction (0xffbbd). How did this happen? The ResupplyFi protocol contains a vulnerability in its handling of ERC4626 vault collateral that allows attackers to manipulate exchange rates and&hellip;<\/p>\n","protected":false},"author":25,"featured_media":1016,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61,10,85,84],"tags":[24,14,86,64],"class_list":["post-1093","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education","category-ethereum","category-exploits","category-hacks","tag-ethereum","tag-exploit","tag-hack","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Dima Khimchenko\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Ackee Blockchain - Blog &amp; Research\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"ResupplyFi Hack Analysis - Ackee Blockchain\" \/>\n\t\t<meta property=\"og:description\" content=\"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-08-04T12:30:10+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-08-04T12:31:12+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"ResupplyFi Hack Analysis - Ackee Blockchain\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Read about the recent hack of Resupply, including a detailed analysis of the vulnerability and how you can prevent it in your project.\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/08\/resupply-hack.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#blogposting\",\"name\":\"ResupplyFi Hack Analysis - Ackee Blockchain\",\"headline\":\"ResupplyFi Hack Analysis\",\"author\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/dima-khimchenko\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/Cross-Function-Reentrancy-Attack.png\",\"width\":986,\"height\":680},\"datePublished\":\"2025-08-04T14:30:10+02:00\",\"dateModified\":\"2025-08-04T14:31:12+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#webpage\"},\"articleSection\":\"Education, Ethereum, Exploits, Hacks, Ethereum, exploit, Hack, security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ackee.xyz\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/#listItem\",\"name\":\"Hacks\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/#listItem\",\"position\":2,\"name\":\"Hacks\",\"item\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/exploits\\\/#listItem\",\"name\":\"Exploits\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/exploits\\\/#listItem\",\"position\":3,\"name\":\"Exploits\",\"item\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/exploits\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#listItem\",\"name\":\"ResupplyFi Hack Analysis\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/#listItem\",\"name\":\"Hacks\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#listItem\",\"position\":4,\"name\":\"ResupplyFi Hack Analysis\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/hacks\\\/exploits\\\/#listItem\",\"name\":\"Exploits\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\",\"name\":\"Ackee Blockchain\",\"description\":\"Blog & Research\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/cropped-ABCH_Logo_blue-black.png\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#organizationLogo\",\"width\":5268,\"height\":825},\"image\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/dima-khimchenko\\\/#author\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/dima-khimchenko\\\/\",\"name\":\"Dima Khimchenko\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#authorImage\",\"url\":\"https:\\\/\\\/abchprod.wpengine.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/Dima-Kimcenko-96x96.png\",\"width\":96,\"height\":96,\"caption\":\"Dima Khimchenko\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#webpage\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/\",\"name\":\"ResupplyFi Hack Analysis - Ackee Blockchain\",\"description\":\"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/dima-khimchenko\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/dima-khimchenko\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/Cross-Function-Reentrancy-Attack.png\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#mainImage\",\"width\":986,\"height\":680},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/resupply-hack-analysis\\\/#mainImage\"},\"datePublished\":\"2025-08-04T14:30:10+02:00\",\"dateModified\":\"2025-08-04T14:31:12+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/\",\"name\":\"Ackee Blockchain\",\"description\":\"Blog & Research\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"ResupplyFi Hack Analysis - Ackee Blockchain","description":"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.","canonical_url":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#blogposting","name":"ResupplyFi Hack Analysis - Ackee Blockchain","headline":"ResupplyFi Hack Analysis","author":{"@id":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/#author"},"publisher":{"@id":"https:\/\/ackee.xyz\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack.png","width":986,"height":680},"datePublished":"2025-08-04T14:30:10+02:00","dateModified":"2025-08-04T14:31:12+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#webpage"},"isPartOf":{"@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#webpage"},"articleSection":"Education, Ethereum, Exploits, Hacks, Ethereum, exploit, Hack, security"},{"@type":"BreadcrumbList","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog#listItem","position":1,"name":"Home","item":"https:\/\/ackee.xyz\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/#listItem","name":"Hacks"}},{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/#listItem","position":2,"name":"Hacks","item":"https:\/\/ackee.xyz\/blog\/category\/hacks\/","nextItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/#listItem","name":"Exploits"},"previousItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/#listItem","position":3,"name":"Exploits","item":"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/","nextItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#listItem","name":"ResupplyFi Hack Analysis"},"previousItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/#listItem","name":"Hacks"}},{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#listItem","position":4,"name":"ResupplyFi Hack Analysis","previousItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/#listItem","name":"Exploits"}}]},{"@type":"Organization","@id":"https:\/\/ackee.xyz\/blog\/#organization","name":"Ackee Blockchain","description":"Blog & Research","url":"https:\/\/ackee.xyz\/blog\/","logo":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#organizationLogo","width":5268,"height":825},"image":{"@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/#author","url":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/","name":"Dima Khimchenko","image":{"@type":"ImageObject","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#authorImage","url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2024\/08\/Dima-Kimcenko-96x96.png","width":96,"height":96,"caption":"Dima Khimchenko"}},{"@type":"WebPage","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#webpage","url":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/","name":"ResupplyFi Hack Analysis - Ackee Blockchain","description":"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/ackee.xyz\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#breadcrumblist"},"author":{"@id":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/#author"},"creator":{"@id":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack.png","@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#mainImage","width":986,"height":680},"primaryImageOfPage":{"@id":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/#mainImage"},"datePublished":"2025-08-04T14:30:10+02:00","dateModified":"2025-08-04T14:31:12+02:00"},{"@type":"WebSite","@id":"https:\/\/ackee.xyz\/blog\/#website","url":"https:\/\/ackee.xyz\/blog\/","name":"Ackee Blockchain","description":"Blog & Research","inLanguage":"en-US","publisher":{"@id":"https:\/\/ackee.xyz\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Ackee Blockchain - Blog &amp; Research","og:type":"article","og:title":"ResupplyFi Hack Analysis - Ackee Blockchain","og:description":"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.","og:url":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/","og:image":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","og:image:secure_url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","article:published_time":"2025-08-04T12:30:10+00:00","article:modified_time":"2025-08-04T12:31:12+00:00","twitter:card":"summary_large_image","twitter:title":"ResupplyFi Hack Analysis - Ackee Blockchain","twitter:description":"Read about the recent hack of Resupply, including a detailed analysis of the vulnerability and how you can prevent it in your project.","twitter:image":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/08\/resupply-hack.png"},"aioseo_meta_data":{"post_id":"1093","title":null,"description":"Read about the 2025 hack of Resupply Finance, including a detailed analysis of the attack vectors and how to prevent such exploits in your project.","keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"summary_large_image","twitter_image_type":"custom_image","twitter_image_url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/08\/resupply-hack.png","twitter_image_custom_url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/08\/resupply-hack.png","twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":"Read about the recent hack of Resupply, including a detailed analysis of the vulnerability and how you can prevent it in your project.","schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2025-07-31 10:09:43","updated":"2025-08-04 12:39:11","breadcrumb_settings":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ackee.xyz\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ackee.xyz\/blog\/category\/hacks\/\" title=\"Hacks\">Hacks<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/\" title=\"Exploits\">Exploits<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tResupplyFi Hack Analysis\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/ackee.xyz\/blog"},{"label":"Hacks","link":"https:\/\/ackee.xyz\/blog\/category\/hacks\/"},{"label":"Exploits","link":"https:\/\/ackee.xyz\/blog\/category\/hacks\/exploits\/"},{"label":"ResupplyFi Hack Analysis","link":"https:\/\/ackee.xyz\/blog\/resupply-hack-analysis\/"}],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack-600x600.png","author_info":{"display_name":"Dima Khimchenko","author_link":"https:\/\/ackee.xyz\/blog\/author\/dima-khimchenko\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=1093"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1093\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/1016"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=1093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=1093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=1093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}