How Does Moonwell Work?

Lending|Risk C|7 mechanisms|6 interactions

A lending protocol on Base and Optimism where you deposit crypto to earn interest or borrow against it, managing $500M in deposits. It has been hacked four times in three years, including a $1M exploit in November 2025 caused by a faulty price feed. Its C- grade reflects this pattern of repeated security failures.

TVL

$48M

Sector

Lending

Risk Grade

C

Value Grade

D+

Core Mechanisms

Lending/Over-Collateralized

Compound v2 fork with borrow/supply caps and multi-chain deployment on Base, Optimism, Moonbeam

Standard over-collateralized lending model inherited from Compound v2. Users deposit assets as collateral and borrow against them. Supply and borrow caps added as risk management layer.

Lending/Interest-Rate-Curve

Kinked utilization curve inherited from Compound v2 with per-market rate parameters

Interest rates follow the standard Compound v2 kinked curve model, with rates jumping sharply above optimal utilization to incentivize repayment and prevent liquidity crises.

Lending/Liquidation

Fixed-spread liquidation with Compound v2 close factor and liquidation incentive

Underwater positions are liquidated by external bots receiving a fixed liquidation bonus. The October 2025 crash demonstrated that this mechanism can fail to prevent bad debt during rapid price declines.

Oracle/Chainlink

Chainlink price feeds for all collateral valuations across Base, Optimism, and Moonbeam

Full dependency on Chainlink oracle feeds for price data. The November 2025 exploit demonstrated that a faulty Chainlink feed (wrstETH/ETH reporting $5.8M per token) can be exploited to drain lending pools.

Staking/Safety-Module

WELL/MFAM staking safety module for protocol shortfall event backstop

Users stake WELL or MFAM tokens in the Safety Module to backstop against shortfall events (exploits, liquidation failures, oracle malfunctions). Stakers earn WELL rewards in exchange for slashing risk.

Governance/Token

Novel

WELL token governance with cross-chain execution via Wormhole on Moonbeam, Base, and Optimism

Cross-chain governance execution is relatively novel. Governance proposals can be executed across multiple L2 deployments, introducing bridge dependency risk from Wormhole messaging.

Incentives/Liquidity-Mining

Multi-token emissions (WELL + partner tokens) directed to lending markets

Standard liquidity mining emissions to incentivize deposits and borrowing across markets. Multiple reward tokens distributed simultaneously.

How the Pieces Interact

Chainlink oracle price feedsOver-collateralized lendingCritical

Oracle price feed errors directly enable borrowing against inflated collateral. The November 2025 exploit used a faulty wrstETH/ETH Chainlink feed to borrow 295 ETH ($1M) against worthless collateral, demonstrating the critical dependency.

Flash loan availabilityOracle price feed latencyCritical

Flash loans allow attackers to exploit the window between oracle price updates and market reality. Attackers can borrow, manipulate, and profit within a single transaction before the oracle corrects, as demonstrated in the December 2024 $320K exploit.

Fixed-spread liquidationCorrelated market crashesHigh

During rapid market-wide declines, the fixed liquidation incentive becomes insufficient to attract liquidators for smaller positions. Gas wars and network congestion delay liquidations, leading to bad debt accumulation as seen in October 2025.

Safety Module slashingWELL token priceHigh

If the Safety Module is slashed to cover bad debt, the resulting WELL token sell pressure can crash the token price, reducing the effective coverage for future shortfall events in a reflexive doom loop.

Multi-chain deploymentSecurity patchingHigh

Vulnerabilities must be patched across multiple chains simultaneously. A fix on one chain may not be deployed on others in time, leaving attack windows open. Cross-chain governance via Wormhole adds latency to emergency responses.

See all 6 interactions in the full risk report →

What Could Go Wrong

  1. Four major exploits in three years including a $1M Chainlink oracle manipulation in November 2025 and $1.7M bad debt from October 2025 crash
  2. Removed Immunefi bug bounty program in February 2025, eliminating white-hat financial incentives months before suffering $2.7M in exploits
  3. Compound v2 fork inherits known liquidation fragility during correlated market downturns with cascading bad debt risk

Oracle Manipulation Cascade

Moderate

Trigger: A Chainlink oracle price feed malfunctions or is manipulated, reporting grossly inflated collateral values for a supported asset

  1. 1.Chainlink feed reports incorrect price for a collateral asset (e.g., wrstETH at $5.8M instead of $3.5K) Attacker deposits minimal collateral that the protocol values at orders of magnitude above actual worth
  2. 2.Attacker borrows maximum available assets against inflated collateral Protocol lending pools are drained of high-value assets (ETH, USDC, wstETH)
  3. 3.Oracle corrects; attacker's collateral revalues to true price Protocol holds worthless collateral against millions in outstanding loans, creating bad debt
  4. 4.News of exploit spreads; depositors rush to withdraw remaining funds Bank run depletes remaining liquidity; late withdrawers face losses socialized across the pool
See all 3 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty2/15
Interaction Severity13/20
Oracle Surface3/10
Documentation Gaps3/10
Track Record12/15
Scale Exposure3/10
Regulatory Risk3/10
Vitality Risk7/10
C

Overall: C (46/100)

Lower score = safer

More on Moonwell

Is Moonwell Safe?

Safety analysis

Is Moonwell a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Lending Explainers

How Does Tapioca Work?D+How Does Abracadabra Work?D+How Does Radiant Capital Work?D+How Does YieldBlox Work?D+How Does Aave V3 Work?C-