How Term Labs Lost $1.5M Due to Poor Protocol Logic?
Term Labs is a fixed-rate lending and borrowing protocol that recently lost around $1.5M due to a poor protocol upgrade. It wasn’t a smart contract hack but a missed check by the team.
On April 26, 2025, 14:31 UTC, the first incident occurred, followed by another on 14:32 UTC. The analysis covers the incident details, how it happened, and the funds lost.
Loss Analysis and Its Impact
The root cause of the incident was the bad protocol upgrade to the pricing mechanism of the Treehouse tETH oracle. In the upgrade, there was a mismatch in the decimals.
The Term Labs price feed is derived from Chainlink, but during the upgrade, the decimals data for the tETH oracle was incorrect, which led to unintended liquidation.
During the time window when this update was live, the liquidator (0x416bcE754903a57b1Ed2E771025Db8521b8dfc54) followed the normal protocol conditions and liquidated the positions, as there was a huge mismatch in the price, gaining access to the funds of the users. The positions that were liquidated were not meant to be liquidated according to the market price.
The incident affected about 18 term lab users as their position was the one which got affected by the incident.
The attack impacted the following positions as per the Term post-mortem analysis:
0x4cab233548f729f23b9db55315a6660328d2a430 [wETH/ tETH maturing May 2, 2025]
0xa96ea908137c4fcc4ad40cefc416b22e6847f85b [ wETH/tETH maturing May 09, 2025]
Flow of Funds Post Attack
After the incident, the funds were returned to the Term Finance Smart Contract (0x8f0ea6dc39336edb3e538718c16df0308ea69a22) through negotiations between the team and the liquidator.
0x0ddf030a567809018358961930c4f4c279b80ec61c252bfa423546863f7a2327
Relevant Transactions
0x8da015d7c362a082fd23736b08dc17d3a9794086b713590273c9535a4c47a7e2
0xaa10cc076f27fcf7fc0b0a83ad170983e6791f5349d097ef4db0592a55d64048
Team Response
The team has worked with the liquidator and their partners to create a reimbursement plan for the users. They have secured a total of 695 wETH and have started the distribution to the affected users according to their tweet.
How the Loss Could Have Been Prevented?
Understanding how this attack could have been avoided is key for any DeFi project looking to stay secure. We’ve broken down the preventive measures and smart contract insights in detail in our detailed breakdown of how Term Labs lost $1.5M due to poor protocol logic.
It is important to involve a third party to validate the code before deploying the code to the mainnet.
At QuillAudits, with our 7+ years of experience, 1400+ audits, and $ 30b+ secured, we make sure a proper review of code is done with our multi-layered auditing approach.
