Why the Rari Capital Exploit Was a Specification Ambiguity Failure

Rari's Fuse pools allowed any asset as collateral, assuming all integrations were safe. The attacker exploited the ERC-4626 tokenized vault standard by depositing a malicious vault that reported false values.

• Ambiguous Spec: ERC-4626's previewMint function was a 'view' function, not a guarantee of execution.
• Systemic Risk: Fuse's risk engine trusted the vault's reported price without independent validation.
• Result: Attacker minted vast Fuse debt against worthless collateral.

Protocols must move beyond 'it compiles, it works' to rigorous, testable integration specs. This requires:

• Oracle Mandates: All collateral must be priced by a designated, time-tested oracle (e.g., Chainlink).
• Behavioral Guarantees: View functions must be paired with slippage tolerances and execution-time checks.
• Composability Audits: Treat new asset integrations with the scrutiny of a core protocol upgrade.

Contrast Rari's failure with Aave V3's proactive design. Aave isolates new, unproven assets to contain failure.

• Explicit Boundaries: High-risk assets operate in a siloed pool with dedicated collateral.
• Contagion Firewall: A malicious asset cannot drain the entire protocol's treasury.
• Design Philosophy: Assumes integrations will fail and architects accordingly. This is the standard for Compound, MakerDAO.

The industry treated ERC-4626 as a security guarantee rather than a convenience interface. This is a category error.

• Standard ≠ Safety: A token standard ensures compatibility, not economic security.
• Lazy Integration: Protocols used the standard as a substitute for due diligence.
• Lesson: Every DeFi primitive must validate economic state changes independently, a principle ignored by Yearn Finance v1 and other early vault systems.

The Rari Fuse protocol's specification for its Chainlink oracle integration was fatally vague. It defined what to call but not when or how to validate the result.\n- Critical Ambiguity: No specification for handling stale prices or verifying the oracle's heartbeat.\n- Assumption of Safety: Relied on Chainlink's reputation, not a formalized on-chain liveness check.\n- Attack Vector: Exploiter manipulated a deprecated oracle to report a stale, incorrect price for a wrapped asset.

A rigorous specification transforms an external dependency into a verifiable on-chain component. This is the approach of protocols like MakerDAO and Aave.\n- Explicit Liveness Checks: Mandate checking the oracle's updatedAt timestamp against a max age (e.g., 1 hour).\n- Boundary Validation: Enforce price sanity bounds (e.g., min/max deviation from a moving average).\n- Circuit Breakers: Halt borrowing/liquidation if oracle data is deemed invalid, as seen in Compound's Pause Guardian.

Rari Fuse's modular design allowed pools to compose any asset, but the base specification failed to mandate security parameters for all composable elements.\n- Delegated Risk: Pool creators, not the core protocol, were responsible for configuring oracle safety.\n- Incomplete Abstraction: The protocol abstracted pool creation but not the security model, violating the principle of least privilege.\n- Contrast with Uniswap V3: Its concentrated liquidity is a tightly specified primitive; deviation from its math is impossible, not just discouraged.

Post-exploit, the entire DeFi stack is moving towards verifiable execution and intent-based architectures that bake specifications into the protocol layer.\n- Formal Verification: Projects like Dedaub and Certora audit specifications, not just code.\n- ZK Circuits: Protocols like zkSync and StarkNet use proofs to verify state transitions comply with rules.\n- Intent Paradigm: Systems like UniswapX and CowSwap specify what users want, not how to achieve it, reducing granular attack surfaces.

The Fuse pool's logic for handling borrow and repay events was underspecified. The attacker exploited the ambiguous ordering of internal accounting updates, allowing a single transaction to manipulate collateral and debt states to mint infinite fTokens.

• Key Flaw: The spec didn't define a strict, atomic state machine for core actions.
• Result: The code's implementation became the de facto spec, which was wrong.

Ambiguity is eliminated by writing a formal specification (e.g., in TLA+, Certora, or Foundry's invariant tests) before implementation. This defines allowed state transitions as mathematical properties.

• Key Practice: Use tools like Certora or Foundry fuzzing to prove invariants (e.g., "total assets = sum of all balances") hold.
• Result: The exploit's state manipulation becomes a provably impossible transition.

Rari's Fuse was designed for simple interactions. The attacker composed borrow and repay via a flash loan in a way the original spec didn't anticipate. This is a classic DeFi composability risk.

• Key Insight: Specifications must model the system as a permissionless composable primitive, not an isolated contract.
• Action: Stress-test specs with adversarial agent-based simulation (e.g., Chaos Engineering).

This was not traditional reentrancy (callback-based). It was logical reentrancy—re-entering the same state-changing function in a single transaction through a different, allowed path, causing internal ledger corruption.

• Key Difference: Standard checks (nonReentrant modifier) don't stop this. It requires invariant checks that hold across the entire transaction.
• Tooling: Use Echidna or Manticore to find broken invariants across complex multi-contract flows.