Zero-Signature Flaw: How Bonzo Lend Lost $9M to Oracle Validator Math Error
Key Takeaways
Bonzo Lend lost $9.05 million when a validator accepted a zero-signature proof as valid. Exploiting this math identity error, an attacker inflated SAUCE prices to borrow funds, leaving the protocol suspended and users unable to withdraw.
Woofun AI reports that Bonzo Lend suffered a $9.05 million loss due to a zero-signature vulnerability in its oracle validators, which failed to distinguish mathematical identities from valid approval proofs. This incident highlights a critical gap in DeFi infrastructure where protocol logic inadvertently facilitated fraud.
The attack vector began with Wallet A depositing 250 SAUCE tokens, an asset valued at merely a few dollars. At 00:51 UTC, the wallet submitted a manipulated update for the SAUCE/wHBAR price pair. Despite the actual market price hovering around 0.2 HBAR, the oracle recorded a value inflated by approximately 12 orders of magnitude. This drastic discrepancy set the stage for the subsequent exploit, leveraging the disparity between on-chain data and real-world valuation.
Within eight seconds of the manipulated price being stored on-chain, Wallet A executed the exploit. It first borrowed 6.63 million USDC, followed by a second loan of 34.5 million wrapped HBAR. Based on Bonzo’s reference price at the time, these transactions allowed the attacker to withdraw approximately $9.05 million. The speed and scale of the extraction underscored the immediate impact of the oracle failure on the lending protocol’s liquidity.
The technical root cause lay in a cryptographic failure within the validation process. The updates submitted by the validator lacked a valid oracle signature, featuring a signature field of [0, 0] and a public key also set to zero. In cryptography, this is known as the point at infinity. Supra’s validators transmitted these inputs to Hedera’s paired precompiled contracts. Because both points represent mathematical identities, the paired equations returned true as designed. The validator incorrectly interpreted this result as proof of a committee signature, failing to reject inputs containing zero values, identities, or non-subgroup elements beforehand.
Woofun AI data shows that Bonzo’s lending contract subsequently utilized the price already stored by the oracle and applied its programmed loan-to-value ratio rules. During the window of abnormal pricing, another entity, Wallet B, borrowed around $1 million. This wallet later contacted Bonzo, identifying itself as a white-hat responder and expressing an intention to return the funds. This secondary interaction added complexity to the recovery efforts, distinguishing malicious intent from potential good-faith actors.
Regarding recovery status, Bonzo reported that approximately $1 million has been recovered.
However, these funds have not yet been returned to the protocol, and the final amount remains uncertain. The ambiguity surrounding the recovered assets complicates the financial reconciliation process, leaving stakeholders in limbo regarding the total net loss and the viability of full restitution.
Supra has since fixed the validators, but the lending pool remains closed. Remaining technical questions include whether regression tests have confirmed that validators now reject identity inputs, whether Bonzo will implement price deviation checks, and if collateral requirements will be tightened. These unresolved issues highlight the ongoing challenges in securing decentralized finance infrastructure against sophisticated mathematical exploits.
As of July 13, Bonzo’s official status page lists the incident as unresolved. The latest update, released on July 11, confirmed that the protocol remains suspended. Bonzo Finance Labs and Bonzo Finance Foundation are working on a recovery path, but no compensation plans, reopening dates, or withdrawal terms for liquidity providers have been announced. This marks a significant disruption for users dependent on the platform’s liquidity.
Comments