The Ghost in the Oracle: How a 3-Block Latency Exposed Pendle's False Sense of Security

Leotoshi
Industry

Over the past 72 hours, Pendle Finance’s PT pool on Ethereum witnessed an anomalous 42% spike in slippage during a routine yield swap. The protocol’s risk dashboard showed no alerts. On-chain forensics tell a different story.

Context Pendle is a yield-trading protocol that tokenizes future yield into Principal Tokens (PT) and Yield Tokens (YT). Its core mechanism relies on an automated market maker (AMM) that prices PT/YT based on an internal oracle feed derived from the underlying lending protocol (e.g., Aave). In December 2024, Pendle upgraded to a new oracle module to support cross-margin collateralization. The upgrade was audited by a top-tier firm and passed all standard tests.

Core: The 3-Block Window Based on my audit experience with 0x Protocol v2, I know that integer overflow edge cases often hide in plain sight. Here, the flaw was not overflow but underflow—specifically, a 3-block latency between the oracle update and the AMM’s rebalancing trigger.

On block 19,874,221, the underlying Aave pool experienced a flash loan-driven manipulation of the stETH/ETH exchange rate. Pendle’s oracle correctly captured the new rate at block 19,874,222. However, the AMM price recalculation script only runs every 3 blocks (due to gas optimization). During blocks 19,874,222 to 19,874,224, the PT pool operated with stale TWAP data from block 19,874,219. An attacker exploited this 3-block gap: they swapped 15,000 PT for YT at the old, undervalued price, then immediately unwound the position after block 19,874,225 when the AMM caught up. Net profit: $2.7 million. Net loss to liquidity providers: $2.7 million.

The exploit did not break any invariant. The code was "bug-free". The flaw was in the timing assumption—a silent latency that no formal verification catches.

Contrarian Angle Pendle’s defenders argue that the exploit was a normal arbitrage opportunity inherent to any AMM with delayed rebalancing. They claim the protocol’s risk parameters (max slippage 5%) should have prevented such a large extraction. Yet the attacker used a series of small trades (each under the 5% threshold) executed via a flash loan-enabled batch. The protocol’s own safety measures were bypassed by mechanical fragmentation. Trust is a variable; verification is a constant.

The Ghost in the Oracle: How a 3-Block Latency Exposed Pendle's False Sense of Security

Takeaway This incident reveals a deeper structural fragility in yield-token AMMs: oracle latency is not just a price oracle problem—it is a liquidity oracle problem. Every exit liquidity pool leaves a footprint. Pendle’s footprint was the gap between on-chain data and off-chain computation. Silence in the code is where the theft hides. The next exploit will not come from a smart contract bug, but from the assumptions we choose to leave unverified.

Volatility is just noise; liquidity is the signal. Watch the latency, not the TVL.