Verify a decision

{"actor":"system:backfill","investigation_id":"6d01acda-4f82-4c2b-98f8-b25fa7e458d3","kind":"publish","page_slug":"tender-finance","published_at":"2026-05-28T16:12:49.235Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Tender Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2023/03/10/defi-protocol-tenderfi-hacker-returns-16m-following-chainlink-oracle-glitch","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-lender-tender-fi-suffers-exploit-white-hat-hacker-suspected","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/tender-finance-hack-analysis-improper-oracle-price-calculation-408f424d8548","type":"other","url":""},{"credibility":3,"name":"https://smartcontractshacking.com/hacks/tender-finance-hack-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2023/03/10/defi-protocol-tenderfi-hacker-returns-16m-following-chainlink-oracle-glitch","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/217823/tender-fi-hacker-returns-stolen-funds-gets-bounty-reward","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/hacker-returns-stolen-funds-defi-lending-tender-fi/","type":"other","url":""},{"credibility":3,"name":"https://www.bitdegree.org/crypto/news/white-hat-hacker-exploits-defi-lending-platform-tender-fi-for-1-59-million","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Tender-v1.0.pdf","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/tender-finance-hack-analysis-improper-oracle-price-calculation-408f424d8548","type":"other","url":""},{"credibility":3,"name":"https://smartcontractshacking.com/hacks/tender-finance-hack-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://gemachlend.medium.com/unlocking-value-gemach-lends-token-migration-and-bonus-overhaul-91ad0579dcfa","type":"other","url":""},{"credibility":3,"name":"https://forum.arbitrum.foundation/t/tender-finance-draft-stip-round-2/19042","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/tender-finance","type":"other","url":""},{"credibility":3,"name":"https://docs.gemach.io/gemach-dao/products/glend","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/glend-by-gemach-dao","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/tender-finance","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/tender-fi/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/headlines/news/tender-fi-hacker-returns-stolen-funds-gets-bounty-reward/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[{"credibility":1,"name":"CoinDesk: DeFi Protocol Tender.fi Hacker Returns $1.6M Following Chainlink Oracle Glitch","type":"news_article","url":"https://www.coindesk.com/business/2023/03/10/defi-protocol-tenderfi-hacker-returns-16m-following-chainlink-oracle-glitch"},{"credibility":1,"name":"CoinTelegraph: DeFi lender Tender.fi suffers exploit, white hat hacker suspected","type":"news_article","url":"https://cointelegraph.com/news/defi-lender-tender-fi-suffers-exploit-white-hat-hacker-suspected"},{"credibility":1,"name":"The Block: Tender.fi hacker returns stolen funds, gets bounty reward","type":"news_article","url":"https://www.theblock.co/post/217823/tender-fi-hacker-returns-stolen-funds-gets-bounty-reward"},{"credibility":2,"name":"BeInCrypto: Hacker Returns Stolen Funds to DeFi Lending Platform Tender.fi","type":"news_article","url":"https://beincrypto.com/hacker-returns-stolen-funds-defi-lending-tender-fi/"},{"credibility":2,"name":"SolidityScan: Tender Finance Hack Analysis — Improper Oracle Price Calculation","type":"research","url":"https://blog.solidityscan.com/tender-finance-hack-analysis-improper-oracle-price-calculation-408f424d8548"},{"credibility":2,"name":"Smart Contract Hacking: Tender Finance Hack (2023)","type":"research","url":"https://smartcontractshacking.com/hacks/tender-finance-hack-2023"},{"credibility":2,"name":"DeFi Llama: Tender Finance TVL Stats & Charts","type":"on_chain","url":"https://defillama.com/protocol/tender-finance"},{"credibility":1,"name":"PeckShield Audit Report for Tender Finance","type":"research","url":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Tender-v1.0.pdf"},{"credibility":2,"name":"Arbitrum Foundation: Tender Finance STIP Round 2 Application","type":"official","url":"https://forum.arbitrum.foundation/t/tender-finance-draft-stip-round-2/19042"},{"credibility":3,"name":"GLend Medium: Unlocking Value — Gemach Lend Token Migration","type":"other","url":"https://gemachlend.medium.com/unlocking-value-gemach-lends-token-migration-and-bonus-overhaul-91ad0579dcfa"},{"credibility":3,"name":"IQ.wiki: GLend by Gemach DAO","type":"other","url":"https://iq.wiki/wiki/glend-by-gemach-dao"},{"credibility":2,"name":"CoinMarketCap: Tender.fi (TND) Price","type":"other","url":"https://coinmarketcap.com/currencies/tender-fi/"},{"credibility":2,"name":"BitDegree: White Hat Hacker Exploits DeFi Lending Platform Tender.fi for $1.59M","type":"news_article","url":"https://www.bitdegree.org/crypto/news/white-hat-hacker-exploits-defi-lending-platform-tender-fi-for-1-59-million"}],"summary":"Tender Finance (tender.fi) was an Arbitrum-based decentralized lending and borrowing protocol that suffered a $1.59 million oracle misconfiguration exploit on March 7, 2023. A white hat hacker exploited a decimal precision error in the GMX price oracle, depositing one GMX token worth approximately $71 to borrow nearly $1.6 million in assets. The hacker returned funds in exchange for a $97,000 bounty, and the project subsequently rebranded to GLend under the Gemach DAO umbrella, migrating its TND token to GLEND and later to GMAC.","timeline":[{"date":"2022-01-01","event":"Tender Finance launches on Arbitrum as a decentralized lending and borrowing protocol focused on GMX and GLP collateral.","source":""},{"date":"2023-02-20","event":"TND token reaches its all-time high price of approximately $7.60.","source":""},{"date":"2023-03-07","event":"Oracle misconfiguration exploit: white hat hacker deposits 1 GMX token (~$71) and borrows $1.59 million due to a 38-decimal-place price error in the GMXPriceOracle contract. Tender Finance halts lending operations.","source":""},{"date":"2023-03-07","event":"Hacker leaves on-chain message: 'It looks like your oracle was misconfigured. Contact me to sort this out.' Protocol contacts hacker and negotiates fund return.","source":""},{"date":"2023-03-08","event":"White hat hacker returns all $1.59 million in funds to the protocol. Tender Finance confirms funds are safe and pays 62.16 ETH (~$97,000) bounty. CoinDesk and The Block report on the resolution.","source":""},{"date":"2023-10-01","event":"Tender Finance submits application for Arbitrum STIP Round 2 under the 'Gemach DAO' name.","source":""},{"date":"2023-10-19","event":"@Tender_fi announces token migration from TND to GLEND (Gemach Lend) on a 1:1 basis.","source":""},{"date":"2024-01-15","event":"GLend (formerly Tender Finance) announces further token migration from GLEND to GMAC as part of the Gemach DAO ecosystem expansion.","source":""}]},"v":1}