Verify a decision

{"actor":"system:backfill","investigation_id":"b6075eb2-366b-46f4-8d71-dbe0f73034c8","kind":"publish","page_slug":"unilend-v2","published_at":"2026-05-29T16:47:22.950Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Unilend V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://unilend.medium.com/unilend-v2-is-now-live-5b3d76831bf6","type":"other","url":""},{"credibility":3,"name":"https://techbullion.com/unilend-v2-launched-on-mainnet-first-ever-permissionless-lending-borrowing-protocol-for-all-digital-assets/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/unilend/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/analysis-of-the-unilend-hack-90022fa35a54","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/how-a-200k-exploit-unfolded-at-unilend-04fb4918292d","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/defi-protocol-unilend-finance-exploited-for-197000/","type":"other","url":""},{"credibility":3,"name":"https://www.the-blockchain.com/2025/01/13/unilend-finance-losses-197-6k-to-a-redeem-process-vulnerability-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://unilend.medium.com/a-deep-dive-into-unilend-v2s-security-c1b95d2439f5","type":"other","url":""},{"credibility":3,"name":"https://www.scribd.com/document/860759163/PeckShield-Audit-UniLendV2","type":"other","url":""},{"credibility":3,"name":"https://unilend.gitbook.io/unilend-finance/audit-report","type":"other","url":""},{"credibility":3,"name":"https://www.vibraniumaudits.com/post/unilend-finance-exploited-for-nearly-200-000","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/UniLend_Finance/status/1878805205254340844","type":"other","url":""},{"credibility":3,"name":"https://www.coinspeaker.com/unilend-finance-suffers-196200-loss-vulnerability-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=unilend-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.the-blockchain.com/2025/01/13/unilend-finance-losses-197-6k-to-a-redeem-process-vulnerability-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/unilend-v2","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/unilend/","type":"other","url":""},{"credibility":3,"name":"https://www.gate.com/learn/articles/the-200k-dollars-uni-lend-hack-what-went-wrong-and-how-de-fi-can-do-better/5931","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/coinmonks/how-a-200k-exploit-unfolded-at-unilend-04fb4918292d","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/unilend-finance-hack-analysis-5ac7bb71850d","type":"other","url":""},{"credibility":3,"name":"https://olympix.security/biweekly-exploits/unilends-sequencing-bug-orange-finances-key-leak-and-labubus-transfer-logic-fail","type":"other","url":""},{"credibility":3,"name":"https://t.signalplus.com/crypto-news/detail/unilend-hack-contract-vulnerability-197k-loss","type":"other","url":""}]}],"sources_used":[],"summary":"UniLend V2 is a permissionless DeFi lending and borrowing protocol deployed on Ethereum mainnet in February 2024, designed to support all ERC-20 tokens via isolated dual-asset pools. On January 12, 2025, the protocol suffered a smart contract exploit that drained approximately $197,000 from its stETH pool due to a logic flaw in health factor calculations during the asset redemption process. Despite having been audited by PeckShield and SlowMist prior to launch, the exploited vulnerability was not caught or fully remediated, and as of the last available reporting the attacker's 20% bounty offer had not yielded a fund recovery.","timeline":[{"date":"2020-01-01","event":"UniLend Finance founded by Chandresh Aharwar, Tarun Malik, and Suryansh Kumar.","source":""},{"date":"2021-03-14","event":"UFT token reaches all-time high of approximately $3.77 USD.","source":""},{"date":"2024-02-12","event":"UniLend V2 launches on Ethereum mainnet as the first permissionless lending and borrowing protocol for all ERC-20 tokens, following audits by PeckShield and SlowMist.","source":""},{"date":"2025-01-12","event":"UniLend V2 exploited via flash loan attack exploiting stale health factor calculation logic, resulting in approximately $197,000 in losses from the stETH lending pool. Attacker address: 0x55f5f8058816d5376df310770ca3a2e294089c33.","source":""},{"date":"2025-01-13","event":"UniLend Finance posts official acknowledgment of the exploit on X, confirms $200K loss (~4% of $4.7M TVL), advises against V2 deposits, and confirms V1 funds are safe.","source":""},{"date":"2025-01-13","event":"SlowMist publishes technical post-mortem identifying stale balance reads in checkHealthFactorLtv0 and checkHealthFactorLtv1 as root cause.","source":""},{"date":"2025-01-13","event":"UniLend Finance offers the attacker a 20% bounty (~$40,000) for return of stolen funds; no public confirmation of recovery reported in subsequent sources.","source":""}]},"v":1}