🚨 @VenusProtocol Supply Cap Bypass via Direct ERC-20 Transfer A known Compound V2 flaw allowed an attacker to inflate the vTHE exchange rate 3.81× by simply transferring tokens directly to the vToken contract, bypassing the 14.5M THE supply cap entirely. 9 months of preparation. 50 attack transactions. $5M extracted. Here's what happened 👇

Root Cause getCashPrior() in VBep20.sol reads exchange rate from balanceOf(address(this)) Supply cap is only enforced inside mint() But a raw ERC-20 transfer() to the vToken address never calls mint() So: 1️⃣ Attacker transfers THE directly to vTHE contract 2️⃣ balanceOf() increases silently 3️⃣ exchangeRate inflates instantly 4️⃣ Same vTHE balance now claims 3.81× more collateral value 5️⃣ Borrow CAKE/BNB - swap to THE - transfer to vTHE - repeat 50 loops. 12.2M THE - 53.2M THE. 3.67× over the supply cap.