**Astera Lending Post-Mortem Report:

Liquidity Index Inflation Attack**

đź“… Executive Summary

On October 9, 2025, the Astera lending protocol was exploited through a liquidity index inflation attack, resulting in a loss of approximately $821,856 (8% of TVL) across three separate Minipools.

The vulnerability was an economic exploit combining the protocol's novel Minipool unwrapping mechanism and the flash loan fee mechanism to inflate the USDT liquidity index. All of these mechanics had previously been audited by top firms.

Following the exploit, $440,000 (54% of stolen funds) was rescued in collaboration with the Etherex and Linea teams and a further $380,000 (46% of stolen funds) was frozen by Linea’s security team.

We are currently planning a staged unwind of the protocol, wherein borrows can repay their loans and withdraw collateral.

Metric Details
Date/Time of Attack October 9, 2025,  16:55 AEST / 06:55 UTC (Initial Detection)
Protocol Astera Lending Protocol
Vulnerability Type Liquidity Index Inflation (via Flash Loans and Minipool structure)
Assets Lost ($442,856 asUSD, $297,000 LINEA, $82,000 WETH)
Affected Minipool Addresses 0x52280ea8979d52033e14df086f4df555a258beb4
0x65559abecd1227cc1779f500453da1f9fcadd928
0x0bafb30b72925e6d53f4d0a089be1cefbb5e3401

⚙️ Attack Flow Breakdown

The attack was a three-phase operation targeting the asUSDT Core Pool and collateral valuation across multiple Mini pools.

Phase 1: Borrow/Collateral Setup (Transaction 0x5868)

The attacker prepared the environment for inflation by shrinking the effective supply of the Main Pool's share token.

  1. Supply & Debt: The attacker supplied USDT as collateral (via 0xcd...AB4) and then borrowed USDT (via 0x51...Fec) using the Minipools.
  2. Supply Reduction (Crucial Step): The borrow action included unwrap == true, which burned asUSDT from the Main lending pool and reduced the asUSDT.totalSupply to a critical low of 97 $USDT.
  3. Collateral Link: The attacker’s collateral, though not tied to the shrunken asUSDT supply, was priced using the liquidity index of the main pool, as dictated by Oracle.sol.

Phase 2: Inflation of the Liquidity Index (Blocks 24321061 to 24321895)

The attacker exploited the flash loan fee logic against the small supply pool to inflate the index.

  1. The attacker executed 5,600 flash loans over 112 transactions.
  2. The flash loan fee (9 bps) was applied to the extremely small asUSDT.totalSupply within the _handleFlashLoanRepayment function (FlashLoanLogic.sol).