Saddle Finance
HackedDeFi · ✝ 2022
A swap-math flaw let a flash loan extract ~$11M.
Saddle Finance was an Ethereum stableswap AMM exploited in April 2022 for roughly $11M. The attacker used flash loans to abuse a flaw in the metapool swap logic, draining liquidity from the pools.
- Peak
- ~$11M stolen
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
A bug in the pool's swap math let an attacker repeatedly swap at incorrect rates within flash-loaned transactions, draining the pools.
📓 Lessons left behind
- —Stableswap invariant math must be formally verified.
- —Metapool composition can introduce subtle pricing bugs.
- —Flash loans expose every rounding and logic error at scale.
🌱 The idea that survived
Formal AMM verification
Drove formal verification and invariant testing of stableswap swap-math implementations.
#defi#flash-loan#amm