SlowMist: The core issue of Usual protocol being hacked stems from the Usual Vault system

Golden Finance reported that according to SlowMist Monitoring, the Usual protocol has encountered a complex arbitrage attack. Analysis shows that the attacker exploited the price difference between the internal mechanism of the protocol and the external market. The core issue stems from the usual vault system, which allows USD0++and USD0 tokens to be exchanged at a fixed 1:1 ratio, yet these same tokens are traded at different prices on external decentralized exchanges. The attacker cleverly created a custom liquidity pool and manipulated the transaction path, causing Vault to release USD0 tokens without receiving the expected sUSDS collateral. Subsequently, the attacker sold the obtained USD0 tokens in the external market at a price higher than the internal exchange rate, thereby gaining arbitrage profits.