Sharwa.Finance

2024-06-17

Pashov Audit Group publishes security review of SharwaFinance/MarginTrading, identifying four critical-severity findings including C-01 Uniswap Spot Price Manipulation, explicitly warning that reliance on Uniswap V3 spot prices enables flash loan exploitation.

2025-10-02

Sharwa.Finance deploys a new version of the FacadeTradeRouter contract (18 days before the exploit), reportedly without re-applying the oracle fix recommended in the Pashov audit.

2025-10-20

Sharwa.Finance exploited on Arbitrum via flash loan price oracle manipulation. Attackers use a large USDC flash loan from Morpho to manipulate a Uniswap V3 pool and withdraw excess value through the FacadeTradeRouter contract. Total losses approximately $147,000.

2025-10-23

FailSafe publishes exploit analysis identifying two separate attackers, attributing approximately $61,000 and $85,000 in profits respectively to an absence of insolvency checks in the MarginTrading swap function.

2025-10-27

Sharwa.Finance team posts attack post-mortem on X, commits to 100% reimbursement of affected users, and implements Reduce-Only mode blocking new positions.

2025-10-27

Additional exploit transactions documented on Arbitrum network; $40,000 of stolen funds recovered.

2025-10-27

Verichains publishes vulnerability analysis of the Sharwa Finance exploit, confirming the oracle manipulation vector and noting the prior Pashov audit finding.

2026-05-01

Sharwa.Finance suffers a second security incident attributed to oracle price manipulation on Arbitrum, resulting in approximately $32,850 in losses according to DefiLlama protocol data.