Rari Fuse
Summary
ExpandThis audit examined the Rari Fuse protocol, a permissionless lending platform built on Compound V2's core architecture. The review covered approximately 11,000 lines of Solidity across the core lending contracts (CToken, CErc20, CEther, Comptroller variants), governance infrastructure (COMP token, GovernorAlpha, GovernorBravo), and read-only data aggregation utilities (CompoundLens). Of the four sections analyzed, the core lending contracts contained all identified vulnerabilities, while the governance and lens contracts — both inherited directly from Compound's battle-tested production code — exhibited no exploitable issues.
The audit identified 3 findings: 2 High-severity cross-contract reentrancy vulnerabilities and 1 Low-severity issue. The High-severity findings target `CToken.borrowFresh` and `CToken.redeemFresh`, where state updates occur after external token transfers, violating the checks-effects-interactions pattern. While same-contract reentrancy is mitigated by the `nonReentrant` modifier, cross-contract reentrancy through other markets within the same pool remains exploitable when pools include tokens with transfer callbacks (ERC777, ERC1155). This is not a theoretical concern — this exact vulnerability class was exploited in historical Rari Fuse incidents, resulting in significant fund losses.
The development team should prioritize reordering state mutations before external calls in both `borrowFresh` and `redeemFresh` as an immediate remediation step. Additionally, the permissionless pool creation model should be paired with a token allowlist or callback-detection mechanism to prevent pools from listing tokens with transfer hooks until the reentrancy fixes are verified. A focused re-audit of the modified functions is recommended before any mainnet deployment.
Findings
2 issues identified
Cross-Contract Reentrancy in borrowFresh via Callback Tokens
CToken.sol:555
View Details
Description
In borrowFresh, doTransferOut sends tokens to the borrower BEFORE updating accountBorrows and totalBorrows. If the underlying token has transfer hooks (ERC777), the borrower receives control flow while their borrow is not yet recorded. During the callback, the borrower can interact with other CToken markets in the same pool, and the Comptroller’s liquidity check will read stale (lower) borrow data from getAccountSnapshot, allowing over-borrowing beyond collateral limits.
Impact
An attacker can borrow more than their collateral allows across multiple markets in a Fuse pool containing ERC777 or callback-enabled tokens. This creates bad debt and causes loss of funds for all depositors in the affected pool. This vulnerability class was exploited in historical Rari Fuse incidents.
Recommendation
Move state updates (accountBorrows and totalBorrows assignments) before the doTransferOut call to follow the checks-effects-interactions pattern.
Fix
By moving the state updates before the external doTransferOut call, any callback during the token transfer will see the correct, updated borrow balances. This prevents the Comptroller from reading stale data during cross-contract reentrancy.
contracts/CToken.sol
First Depositor Exchange Rate Manipulation (Vault Inflation Attack)
CToken.sol:mintFresh
View Details
Description
When totalSupply is 0, the first depositor can mint minimal cTokens then donate underlying directly to the contract, inflating the exchange rate. Subsequent depositors receive 0 cTokens due to rounding in divScalarByExpTruncate, losing their entire deposit. This is especially dangerous in Rari Fuse where pools are permissionlessly created.
Impact
Complete theft of deposits for subsequent depositors in newly created pools. Historical precedent: this exact attack was exploited against Rari Fuse pools in production.
Recommendation
Enforce a minimum number of cTokens on the initial deposit to make the attack economically infeasible.
Fix
By requiring the first deposit to produce at least 1000 cTokens, an attacker would need to donate at least 1000x the initial deposit amount to steal 1 token's worth via rounding. This makes the attack economically infeasible for any meaningful amount.
contracts/CToken.sol
Conclusion
ExpandThe codebase reflects the strong security foundation of Compound V2, with consistent use of safe arithmetic, proper access control on administrative functions, sound interest rate and exchange rate calculations, and well-structured proxy-delegate upgrade patterns in the governance layer. The governance contracts implement robust flash loan protections through checkpoint-based historical voting power, and the lens contract presents no attack surface as a stateless read-only utility. Code quality across the inherited Compound components is production-grade.
The central security concern is the impedance mismatch between Compound V2’s original trust assumptions and Rari Fuse’s permissionless pool model. Compound V2 was designed for a curated set of well-known tokens governed by a DAO; Rari Fuse allows arbitrary token listing, which exposes the checks-effects-interactions violations in borrowFresh and redeemFresh to practical exploitation via callback-enabled tokens. These two High-severity reentrancy vectors represent the protocol’s most pressing risk, with direct precedent for real-world exploitation and material fund losses.
The protocol should not be considered safe for mainnet deployment with pools containing ERC777 or other callback-enabled tokens until the reentrancy remediation is applied and verified. It should also be noted that this audit analyzed a truncated codebase — files beyond the truncation boundary, including additional utility libraries and potentially further contract logic, were not reviewed and may contain vulnerabilities requiring separate assessment. A follow-up audit covering the complete, untruncated source is recommended to achieve full coverage.
Legal Disclaimer: This report covers the code submitted for analysis. It does not account for infrastructure, deployment configuration, third-party dependencies, or changes made after the audit date. Automated analysis may produce false positives or miss context-dependent vulnerabilities. audited.xyz provides this report “as is” without warranty of any kind.