On July 9th, the Texture team detected that the audited Texture Vaults contract was compromised. An attacker was able to exploit the rebalance feature of the Texture Vaults contract to trigger a transfer of approximately $2.2 million out of the contract and into the attacker’s own wallet. Upon discovery of this transaction, the texture UI and the contract were immediately stopped to prevent further loss of funds.

Within minutes, the Texture team contacted Certora to establish a war room and to investigate the root cause of the issue. The Texture Vaults contract was audited by Certora in October of 2024 with two security researchers, and while formal verification was used with other Texture contracts, the exploited Texture Vaults contract was not formally verified. The attacker was able to exploit a missed permissions check that was not caught during Certora’s manual audit of the contract and, in collaboration with the Texture team, we were able to identify the root cause of the exploit. After agreeing on a methodology for the fix, the Texture team then reproduced the exploit in a test environment, developed a fix, and validated the fix via multiple rounds of manual review and via the referenced test environment.

The fix developed by the Texture team defensively validates all accounts involved in the rebalance transaction to ensure that ownership for each account is correct prior to executing the rebalance. Both teams from Texture and Certora are confident that this fix properly addresses the exploit and that the contract can be redeployed safely. The Texture team has also added the same ownership checks to other functionality of the Texture Vaults contract to ensure that the protocol is safe.

Finally, due to the quick action of the Texture team, most of the stolen funds were recovered successfully, ensuring that the protocol remains well funded. A full, joint post-mortem will be available by the end of next week.