Documentation Index
Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
Use this file to discover all available pages before exploring further.
The Vault Incidents page is a curated timeline of exploits, depegs, and governance failures that affected DeFi yield vaults — protocols where users deposit stablecoins to earn yield. Unlike the real-time risk score, this is a historical record with root-cause analysis.
Event categories
| Category | Description |
|---|
| Vault contract | Exploit or vulnerability in the vault’s own smart contract code. |
| Strategy / protocol | The underlying yield strategy or protocol (e.g. Aave, Compound, Curve) had an incident. |
| Infrastructure | Bridge exploit, oracle manipulation, or cross-chain infrastructure failure affecting vault TVL. |
| Stablecoin | The stablecoin held in the vault depegged, causing vault share value to fall. |
| Governance / admin | Multisig compromise, malicious upgrade, or governance attack on the protocol. |
Attack mechanisms
| Mechanism | Description |
|---|
| Oracle manipulation | Price feed manipulated to allow under-collateralised borrows or inflated vault share prices. |
| Flash loan | Single-transaction loan used to temporarily distort pool prices or drain reserves. |
| Reentrancy | Contract called back before state is updated, allowing multiple withdrawals against one deposit. |
| Logic error | Bug in accounting, share calculation, or reward distribution. |
| Donation attack | Sending tokens directly to a contract manipulates share price calculations. |
| Collateral mispricing | LST or illiquid collateral mispriced relative to the underlying, creating exploitable spread. |
| Insolvency cascade | Undercollateralised positions trigger liquidations that propagate across protocols. |
| Liquidity freeze | Withdrawals blocked due to governance action, regulatory intervention, or protocol pause. |
| Bridge exploit | Validator compromise or logic error in a cross-chain bridge draining bridged stablecoin TVL. |
Event type badges
| Badge | Meaning |
|---|
| Exploit / Hack | Active smart contract exploit — funds lost or at immediate risk. |
| Rug / Drain | Insider-initiated fund drain or exit scam. |
| Depeg | Stablecoin held by the vault lost its peg, reducing vault NAV. |
| Oracle | Oracle manipulation — not necessarily an exploit but abnormal price feed. |
| Incident | Other category: governance issue, pause, admin action. |
