FEATURED POST

September 17, 2025

Vulnerability Analysis: Numa Price Manipulation (August 2025)

On August 10th, 2025, Numa was exploited through a price manipulation in its synthetic minting logic. Our postmortem explains how the attack unfolded, the technical root cause, and lessons for builders.

On August 10th, 2025, the Numa protocol experienced a price manipulation attack. Numa is a Synthetix-style protocol where users can mint synthetic assets using the protocol’s native token, NUMA. It also includes a Compound-fork lending market, where users can supply NUMA to borrow SONIC, or supply SONIC to borrow NUMA.

The attacker made use of the synthetic minting contract’s pricing logic, which allowed them to artificially decrease the price of NUMA. This manipulation enabled them to profit through a combination of borrowing and self-liquidation.

Sherlock audited portions of this code in December 2024. Lending markets are inherently complex and require constant calibration of liquidity, fee parameters, and other mechanisms to keep markets healthy and resistant to manipulation. The Sherlock team and security researchers spent considerable time studying this attack, and we noticed many different opinions on the root cause online, so we are sharing our analysis here.



Credit to Jokr as the lead author of the analysis, and to Juan for assisting with research and review. 

Attack flow

  1. The attacker minted cNUMA and used it as collateral in the lending market.
  2. They borrowed stSONIC against their cNUMA collateral.
  3. Using the synthetics module, they minted nuBTC in a way that drove down the price of NUMA, sharply reducing the value of their collateral.
  4. With the collateral devalued, their borrow position became liquidatable (fully underwater).
  5. The attacker then liquidated their own position via a second contract they controlled.
  6. During liquidation, they repaid only part of the borrow but seized all of their collateral. Because the NUMA price had been heavily decreased, this partial repayment was enough to recover the full collateral.
  7. The attacker walked away with the seized collateral plus the borrowed SONIC that remained unpaid, effectively gaining those assets for free from the protocol.

How Numa pricing works

For example, if there are 1000 SONIC in the protocol and 800 SONIC worth of synthetic assets minted, with 1000 NUMA tokens in supply, the price of NUMA will be:

Minting a synthetic asset

When a user mints synthetic assets, the NUMA price usually stays the same as the equivalent amount of Numa will be burned and synth will be minted.

  • Suppose a user mints X SONIC worth of nuAssets.
  • Then, X SONIC worth of NUMA is burned from supply.
  • At the same time, X SONIC is added to the SYNTH amount.

As long as the actual vault NUMA price is used to mint new synthetics, the NUMA price will always remain stable (or increase slightly due to the minting fee). If a different price is used, for example the pool NUMA price instead of the vault NUMA price, the system becomes unbalanced and the NUMA price may increase or decrease incorrectly.

In this attack, the synthetic minter contract used the pool NUMA price (12.43 SONIC) to mint synthetics while the vault NUMA price was only 8.22 SONIC. As a result, more synthetics were minted than should have been according to the vault price, which caused the NUMA price to drop significantly.

Reason behind using the pool price

The NUMA protocol is designed to use the market price when minting and burning synthetics, rather than the vault’s nominal price. This ensures that NUMA is valued based on the actual market rather than the vault’s internal accounting. To achieve this, the protocol uses the NUMA/USDC pool price (converted to NUMA/SONIC) for minting, while bounding it by the vault buy price to prevent pool price manipulation.

  • Vault Price = 8.22 SONIC
  • Vault Buy Price = 12.65 SONIC
  • Pool Price = 12.43 SONIC

The vault buy price is the price at which users can mint NUMA in the vault. It normally includes a small buy fee, so it is expected to be slightly higher (about 5–6%) than the vault price. However, in this case the protocol team configured the mint fee at 30%, which increased to about 40% after including dynamic fees. As a result, the vault buy price became significantly higher than the vault price.

Since the upper bound (vault buy price) was significantly inflated due to the high buy fee, both the vault buy price and the pool price were much higher than the actual NUMA price. As a result, the protocol used the pool price (min(vault buy price, pool price)), which was slightly lower than the vault buy price, for minting synthetics. This led to excessive minting and caused the NUMA price to drop significantly.

Attack steps

  1. The attacker took a flashloan of 120,034 NUMA and 1,200,000 SONIC.
  2. They supplied 19,205 NUMA to the cNUMA contract as collateral, giving them a borrowing capacity of 138,290 SONIC.
  3. Using this borrowing power, the attacker borrowed 138,290 SONIC.
  4. The attacker then burned 100,828 NUMA to mint 1.77 nuBTC, which caused the NUMA price to decrease from 8.22 SONIC to 2.29 SONIC.
  5. As a result of the sharp price drop, the attacker’s collateral value collapsed, leaving their borrow position from step 3 fully underwater.
  6. The attacker transferred 1,338,290 SONIC (the 1,200,000 SONIC from the flashloan plus the 138,290 SONIC borrowed) to a secondary contract, referred to as Attacker 2.
  7. The Attacker 2 contract used the transferred SONIC to liquidate several normal users’ positions, collecting liquidation bonuses in the process.
  8. Attacker 2 then liquidated the attacker’s own underwater position (self-liquidation) by repaying 39,829 SONIC of the attacker’s debt and receiving all of the attacker’s supplied collateral (19,205 NUMA).
  9. Through this liquidation, the attacker only repaid part of their borrow but recovered their entire collateral at a heavily reduced price, while also keeping the majority of the borrowed SONIC, making a large profit at the protocol’s expense.

MORE BLOG POSTS

Want to read more?

August 5, 2025

5 Steps to Becoming a Top-Level Smart Contract Auditor

A proven, five-step blueprint from Sherlock’s top auditors on how to start earning money as a smart contract auditor in under a month. Learn how to master codebases, build your checklist, think like an attacker, and accelerate your growth through fast feedback.

July 17, 2025

GMX Exchange Hack Explained

GMX Exchange Hack Explained: $42M Drained via Re-Entrancy Exploit. Written in collaboration with Blackthorn Lead Security Partner, Panprog.

June 2, 2025

Why Careful Validation Matters: A Vulnerability Originating in Inline Assembly

At Sherlock, one of the top Lead Senior Watsons, recently uncovered and helped to resolve a vulnerability related to the lack of overflow protection in Solidity's inline assembly. Read on for the details behind the vulnerability that was detected, allowing the arbitrary call of functions from a vulnerable smart contract.

CONTACT US

Need help figuring out what’s right for you?

Tell us a bit about your project, and we’ll help you figure out the best way to secure it—whether that’s an audit, contest, bounty, or something else.

Thank you for reaching out
We’ve received your message and will get back to you shortly. In the meantime, feel free to explore more about our services.
💔 Oops, something went wrong