Seeing the onekey boss protecting his rights with Resupply, losing several million in assets, I can't help but sigh that DeFi is really too fragile. After looking around, it seems that no one has explained clearly how the hacker attacked, so I did some research myself and want to share it with everyone: The main character of the story is ResupplyPair, where users can borrow by staking assets. The isSolvent modifier in the contract is responsible for checking whether the user is eligible to borrow the requested assets, and the specific code logic is as follows: You can see the calculation of ltv on line 282. If we can set _exchangeRate to 0, then the check will always pass, right? Continuing to read the code: You can see that this variable comes from the oracle's getPrices call, and it is in the denominator. In other words, we need to make the price of collateral extremely high. By reading the oracle's code, we can see that getPrices is just a layer of forwarding, and it actually calls the convertToAssets interface of the staked asset (i.e., the vault). Continuing to read the code: You can see that this result consists of very complex mathematical operations. Here, the hacker amplified the numerator, further affecting total_assets, completing the attack. By checking the implementation of the _total_assets function, we can find that: This value is related to the borrowed_token held by the controller contract of this vault, which is crvUSD. At this point in the analysis, it becomes clear that ResupplyPair was created using an empty vault. The hacker transferred a certain amount of borrowed_token to the controller contract of the vault, ultimately causing _exchangeRate to drop to zero, thereby infinitely amplifying the value of their staked assets and borrowing up to 10 million reUSD at a very low cost. Attack transaction: ResupplyPair contract address: Vault controller contract address: Vault contract address: Oracle contract address: