How Does Euler Finance Work?

Lending|Risk C|7 mechanisms|5 interactions

Updated April 21, 2026

A lending protocol rebuilt from scratch after losing $197M in a 2023 hack (funds were later recovered). It holds $300M in deposits with a modular vault system that lets developers create custom lending markets. Its C+ grade reflects strong security spending against a proven track record of vulnerability.

TVL

$337M

Sector

Lending

Risk Grade

Value Grade

C+

Core Mechanisms

Lending/Modular-Vault

Novel

Euler Vault Kit (EVK) for customizable lending vault deployment

V2 meta-lending protocol enabling permissionless creation of tailored lending vaults. Developers configure collateral types, risk parameters, and oracles per vault.

Vault/Connector

Novel

Ethereum Vault Connector (EVC) linking ERC-4626 vaults with smart contracts

EVC allows vaults to use each other as collateral and interact with arbitrary smart contracts. Creates composable credit layers but also cross-vault dependency chains.

Lending/Interest-Rate

Reactive interest rate model adjusting to utilization with kink-based curves

Interest rates respond to utilization with configurable kink points. V2 allows each vault to define its own rate model parameters.

Oracle/Multi-Source

Per-vault oracle configuration supporting Chainlink, Uniswap TWAP, and custom feeds

Each vault independently configures its oracle source. Flexibility enables niche markets but requires careful oracle selection per vault.

Liquidation/Soft

Soft liquidation mechanism with Dutch auction-style discount

Liquidations use a discount mechanism that increases over time, incentivizing timely liquidation while reducing penalty severity for borrowers.

Governance/DAO

EUL token governance with on-chain voting for protocol parameters

Standard DAO governance model. $4M spent on security audits pre-relaunch with 31 audit reports from 12 firms and $1.25M bug bounty.

Lending/Sub-Account

Multi-collateral sub-accounts for portfolio isolation within a single address

Users can create sub-accounts to isolate different collateral positions, preventing cross-position liquidation cascades within their portfolio.

How the Pieces Interact

Euler Vault Kit (EVK)↔Ethereum Vault Connector (EVC)High

Permissionless vault creation via EVK combined with cross-vault linking via EVC could create unintended dependency chains where one vulnerable vault drains collateral from connected vaults.

Per-vault oracle configuration↔Permissionless vault creationHigh

Custom vaults with poorly configured or manipulable oracles could be used as collateral through EVC, introducing toxic collateral into the broader vault ecosystem.

EVC cross-vault collateral↔Soft liquidation mechanismHigh

Cascading liquidations across EVC-connected vaults where liquidation in one vault triggers margin calls in vaults using it as collateral, amplifying systemic stress.

Modular interest rate models↔Low-liquidity custom vaultsMedium

Custom rate models in niche vaults could produce extreme rate spikes trapping borrowers, especially in markets with thin liquidity and concentrated lender positions.

EUL governance↔EVK vault parameter controlMedium

Governance attacks could modify global parameters affecting all EVK-created vaults simultaneously, unlike isolated governance in per-vault models.

What Could Go Wrong

History of $197M flash loan exploit in March 2023 (funds recovered) demonstrates protocol-level vulnerability precedent
Modular Euler Vault Kit allows permissionless vault creation, expanding smart contract attack surface
Ethereum Vault Connector linking arbitrary ERC-4626 vaults introduces cross-vault contagion vectors

Cross-Vault Contagion via EVC Dependency Chain

Elevated

Trigger: A permissionlessly-created EVK vault with a manipulable oracle is used as collateral by 3+ other vaults through EVC, and the oracle is exploited

1.Attacker deploys EVK vault with manipulable low-liquidity oracle feed — Vault appears legitimate and accumulates deposits used as EVC collateral
2.Attacker manipulates oracle to inflate collateral value in the malicious vault — Borrows far exceed true collateral value; attacker extracts funds from connected vaults
3.Connected vaults detect bad debt as malicious vault becomes insolvent — Soft liquidation mechanisms activate but cannot recover funds already extracted
4.Cascading insolvency propagates through EVC dependency chain — 3+ connected vaults accumulate bad debt; depositors in legitimate vaults suffer losses
5.Market panic triggers withdrawal runs across all Euler V2 vaults — Protocol TVL drops 50%+; confidence in permissionless vault model collapses

See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty3/15

Interaction Severity8/20

Oracle Surface3/10

Documentation Gaps2/10

Track Record12/15

Scale Exposure5/10

Regulatory Risk3/10

Vitality Risk9/10

Overall: C (45/100)

Lower score = safer

More on Euler Finance

Is Euler Finance Safe?

Safety analysis

Is Euler Finance a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Lending Explainers

How Does Tapioca Work?D+How Does Abracadabra Work?D+How Does Radiant Capital Work?D+How Does YieldBlox Work?D+How Does Aave V3 Work?C-