Prior exploit count
Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
1 confirmed smart-contract exploit: May 27, 2025 Sky Vault USD0++ → USD0 boundary-condition logic bug (~$42,800 loss). Attacker exploited a permissionless 1:1 swap in the USD0++ unwrap/deposit path during Sky Vault integration, capturing the price-difference arbitrage (~$0.97 market vs $1.00 unwrap rate) using flash loans. Detected by BlockSec Phalcon. Affected vault paused automatically. Exploit count = 1. Scored yellow: single exploit at small scale (~$43K), after Spearbit + Halborn + Cantina pre-audit coverage; not zero, but does not rise to red for a single incident at this loss scale. January 2025 USD0++ floor-price event is NOT an SC exploit and is not counted (governance/economic classification unchanged). Hacksdatabase has no usual-rekt.md — coverage gap flagged for curator.
Sources #
- URLUsual Blog — Sky Vault Arbitrage Recap: Contained and ControlledUsual official blog — Sky Vault Arbitrage Recap: Contained and Controlled — primary post-mortem for May 27, 2025 exploitretrieved 2026-05-17
- Cryptopolitan — Usual Protocol pauses contract after USD0 exploitUsual Protocol pauses contract after USD0 exploit — Cryptopolitan news coverage confirming $43K, 1:1 swap bug, May 2025retrieved 2026-05-17
- CoinFomania — BlockSec Phalcon system stops potential attack on UsualMoney vaultBlockSec Phalcon system detection of exploit — vault paused; protocol logic vulnerability; Ethereum; $43K; May 27 2025retrieved 2026-05-17
- Binance Square — Usual Protocol pauses contract after USD0 exploitBinance Square aggregation — Usual Protocol pauses contract after USD0 exploit; within one hour Usual clarified no liquidity drainedretrieved 2026-05-17
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →