NullTrace
DemoPayFeed
SA
MEDIUMBaseOracle MisconfigurationMONITORING

SingularityFinance.ai

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

Loss

~$413K

Risk

Oracle Misconfiguration / Share Inflation — AI-flagged

Confidence

88%

Instant Forensic Report · x402 on Solana

Unlock the full AI-generated breakdown

Pay once with SOL via x402 — the machine-to-machine payment protocol on Solana. Full wallet trace, fund flow graph, exploit PoC, and PDF export unlocked instantly.

HTTP 402 · x402 Protocol
Powered by Solana
Full wallet flow graph
Exploit PoC breakdown
Fund tracing report
PDF export + API
Free in 24h

x402 · HTTP 402 payment required · Solana Mainnet · Demo mode

AI Generated Breakdown

Reporter Agent synthesis with forensic confidence scoring

Attack explanation

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

Root cause analysis

Type: Oracle Misconfiguration / Share Inflation. See source analysis for full root-cause breakdown.

88

confidence score

Oracle Misconfiguration / Share Inflation — AI-flagged

Wallet Flow Visualization

Attacker path, bridge transfers, token drains, mixer usage

interactive graph

Technical Breakdown

Attack vector

Oracle Misconfiguration / Share Inflation

Vulnerability

Oracle Misconfiguration / Share Inflation

Affected contracts

https://basescan.org/tx/0x00b949bc3ed3edb58b04faedfbd8eb1db2edceae761382e80fe012919f8d3732https://basescan.org/address/0x67b93f6676bd1911c5fae7ffa90fff5f35e14dcdhttps://basescan.org/address/0x73b8c192bfc323c3ea224c88219d55dfc319e89f

Mitigation suggestions

Review all admin-configurable parameters before deployment
Add invariant checks and circuit breakers to critical vault functions
Use independent oracle validation with fallback and deviation checks

Emergency Bridge

Move funds off Base

Powered byLI.FI

If your assets are at risk on Base, bridge them to a safer chain immediately via LI.FI — the cross-chain aggregator covering 60+ chains and all major Solana bridges.

From (at risk)

Base

Bridge to

Best Route via LI.FI

BaseEthereum

Mayan Swift • Across • Glacis aggregated

Est. Fee

~$0.50

Open LI.FI Bridge

60+ chains · gasless swaps on Solana · Jito bundles

60+

Chains

$2B+

Volume

20+

Bridges

Exploit Timeline

2026-04-26

Incident detected

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

Related Tweets

Demo X/Twitter integration for researcher posts, warnings, and fake-info checks

related tweets demo scan

NullTrace links social posts to the incident by contract mentions, protocol name, researcher credibility, and fake-loss detection tags.

DefimonAlerts

@DefimonAlerts · 2026-04-26

Warning

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

DefimonAlerts

@DefimonAlerts · 2026-04-26

Warning

The dynBaseUSDCv3 vault on Base prices its non-USDC reserves via UniswapV3Oracle. On 2026-01-19 the protocol admin registered the six yield-token oracle routes with a Uniswap V3 fee tier of 42. Uniswap V3 only enables fee tiers 100/500/3000/10000, so factory.getPool(USDC, X, 42) returns address(0) for every token - silently killing the direct price path. The WETH-fallback pools that did exist had zero liquidity, as a result VaultTokensLib.totalAssets() only counted the ~$100 idle USDC.

AI Voice Briefing

Generated incident narration for security leadership

briefing ready · 00:58 · analyst-grade summary