Overview
On March 13, 2023, Euler Finance was exploited for approximately $197M through a sophisticated flash loan attack that abused the protocol’s donation mechanism.
Root Cause
Euler’s donateToReserves() function allowed users to donate eTokens to the protocol reserves without a corresponding health check. This enabled attackers to manipulate their debt-to-collateral ratio.
Attack Flow
- Flash loan large amount of DAI from Aave
- Deposit into Euler → receive eDAI
- Mint maximum dDAI (debt tokens) through leveraged borrowing
- Call
donateToReserves()with eDAI — reduces collateral without repaying debt - Account is now underwater → trigger self-liquidation at a profit
- Repay flash loan, keep the difference
Vulnerable Code
function donateToReserves(uint subAccountId, uint amount) external {
// Missing: health check after donation
// The function reduces the sender's eToken balance
// without verifying they remain solvent
reserves += amount;
balanceOf[sender] -= amount;
}
Key Takeaway
Any state-changing function that modifies a user’s collateral or debt position must include a health factor check afterward. The donateToReserves() function was audited but the edge case of self-donation leading to insolvency was missed.