Reproduced Exploit

Edel xStock — ERC4626 convertToAssets Donation Inflates Collateral and Drains Reserves

1. Edel markets treat wrapped xStock tokens (e.g. wGOOGLx) as collateral. Pricing goes through an AaveOracle path that ultimately depends on the wrapper's live convertToAssets() rate.

Jul 2026Ethereumdefi3 min read

Loss

204,215.57 USDC + multi-asset xStock wrappers (wSPYx/wQQQx/wMSTRx/wNVDAx/wTSLAx)

Chain

Ethereum

Category

defi

Date

Jul 2026

EVM Playground

Source-level debugger — step opcodes and Solidity in sync

The attack is replayed in an in-browser EVM preloaded with the exact dumped fork state. Step by Solidity line or by opcode across all call depths; the source line, Stack, Memory, Storage, Transient storage and Return value stay in sync. Click any opcode or source line to jump. No backend, no live RPC.

Loading fork state…

Source & credit. Exploit reproduction, trace data, and analysis adapted from DeFiHackLabs by SunWeb3Sec — an open registry of reproduced on-chain exploits. Standalone Foundry PoC and full write-up: 2026-07-edel-xstock_exp in the evm-hack-registry mirror. Upstream DeFiHackLabs PoC: src/test/…/edel-xstock_exp.sol.


Vulnerability classes: vuln/defi/donation-attack · vuln/oracle/price-manipulation · vuln/defi/flash-loan-attack

Reproduction: offline Foundry project at this folder. Trace: output.txt. Sources: AaveOracle, WrappedBackedToken (wGOOGLx), pool proxy 0x3EEeB3….


Key info#

Loss204,215.57 USDC + multi-asset xStock wrappers (wSPYx/wQQQx/wMSTRx/wNVDAx/wTSLAx)
Vulnerable surfaceEdel lending pool (Aave-style) + oracle that values wGOOGLx via ERC4626 convertToAssets()
Oracle0xBd497eE429D9D3E46446339286271b3714a83B29
wGOOGLx0x1630F08370917E79df0B7572395a5e907508bBBc
Attacker0x58428161bB55c14A413945f06cbDeC157F411C76
Attack tx0xe2320086b2815d21b0927839bd0e306466c29a68d38d5361e99dd21ec5472612
Chain / blockEthereum / 25,434,061 / July 2026
Bug classCollateral oracle trusts mutable ERC4626 exchange rate; direct GOOGLx donation into the wrapper inflates convertToAssets() and thus borrow power in the same transaction

TL;DR#

  1. Edel markets treat wrapped xStock tokens (e.g. wGOOGLx) as collateral. Pricing goes through an AaveOracle path that ultimately depends on the wrapper's live convertToAssets() rate.

  2. wGOOGLx is a standard ERC4626-style vault over GOOGLx. Donating GOOGLx to the vault increases assets without minting shares, so convertToAssets(shares) jumps.

  3. Attack:

    • Morpho-flash 180,000 USDC, supply as USDC collateral on Edel.
    • Loop 40×: borrow all wGOOGLx reserve → re-supply via a helper (recursive leverage of the wrapper reserve).
    • Final borrow of remaining wGOOGLx → redeem to GOOGLx → donate GOOGLx back to wGOOGLx.
    • Helper now has massively inflated collateral value → borrow remaining USDC + all other wrapped xStock reserves → repay Morpho.
  4. Reproduced balances after attack (output.txt):

    • USDC: 204,215.572188
    • wSPYx: 122.20, wQQQx: 62.97, wMSTRx: 293.12, wNVDAx: 99.85, wTSLAx: 37.59

Root cause#

TEXT
oracle price(wGOOGLx) ∝ convertToAssets(1 share)
convertToAssets ← totalAssets / totalSupply
totalAssets includes unsolicited GOOGLx transfers  ← donation inflates price

No virtual-offset / totalAssets accounting separation, no max rate change per block, no TWAP on the wrapper rate.


Attack flow#

sequenceDiagram participant A as Attacker participant H as CollateralHelper participant E as Edel Pool participant W as wGOOGLx A->>E: supply USDC (flash) loop 40x A->>E: borrow all wGOOGLx reserve A->>H: transfer + supplyWGooglx end A->>E: borrow final wGOOGLx A->>W: redeem → GOOGLx, donate GOOGLx to W Note over W: convertToAssets inflated H->>E: borrow USDC + all xStock reserves A->>A: repay Morpho, keep profit

Recommendation#

  1. Price ERC4626 collateral with a manipulation-resistant rate (internal accounting, virtual shares/assets, or rate capped per block / TWAP).
  2. Do not use raw convertToAssets after a same-block donation can move it.
  3. Limit recursive borrow/re-supply loops against a single reserve (utilization caps, single-block borrow caps).

References#


Sources & further analysis#

Reproductions & code

Alerts & third-party analyses

These dashboards index community alerts tweets, post-mortems, and independent write-ups. Reach them through the protocol name above to cross-check this reproduction against other analyses.