Is dForce Safe?
Risk Grade: B- (35/100)
dForce is rated as moderate risk — some novel mechanisms, generally well-understood.
High risk — hacked twice with the same bug class and the multi-chain deployment multiplies every vulnerability across 7+ chains
A lending and stablecoin protocol deployed across 7+ blockchains including Ethereum, Arbitrum, and BSC, managing about $100M in deposits. Its D+ grade reflects two separate hacks ($25M in 2020, $3.64M in 2025) and the amplified risk of running the same code on many chains.
TVL
$1M
Mechanisms
7
Interactions
5
Value Grade
D+
Key Risks for dForce Users
dForce has been hacked twice. The same type of bug (reentrancy) was exploited both times, five years apart. A pattern of repeated exploits suggests deeper code quality issues
The same code runs on 7+ chains. When the 2025 hack hit Arbitrum, the identical bug existed on Optimism too. One vulnerability means simultaneous losses on every chain
The USX stablecoin depends on liquidation bots that vary in quality across chains. On smaller chains like KAVA, bots are slow or absent, so bad debt piles up and USX can lose its peg
Top Risk Factors
- •Two separate exploit incidents (2020 reentrancy for $25M, 2025 read-only reentrancy for $3.64M) demonstrate persistent smart contract security weaknesses
- •Multi-chain deployment across 7+ chains creates a vast attack surface where a single vulnerability can be exploited across all deployments
- •USX stablecoin depends on liquidation infrastructure quality that varies dramatically across smaller chains with thin DEX liquidity
Risk Score Breakdown
dForce's highest risk area is Track Record (10/15). Here's how each dimension contributes to the overall 35/100 score:
Read the Full dForce Risk Report
This protocol has 2 collapse scenarios. 2 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Considering an investment?