Is Resupply Safe?
Risk Grade: C (45/100)
Resupply is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Resupply offers an interesting yield-stacking model backed by two established DeFi teams, but the recent $9.6M exploit raises serious concerns about smart contract security for new vault deployments. The protocol's dependency on Curve and Frax lending markets creates layered risk. Approach with caution and monitor for post-exploit security improvements.
Resupply is a stablecoin protocol built by Convex Finance and Yearn Finance that lets you borrow reUSD against yield-bearing stablecoin positions from Curve Lend and Fraxlend. It was exploited for $9.6M in June 2025 via a donation attack on an empty vault.
TVL
$39M
Mechanisms
7
Interactions
5
Value Grade
C-
Key Risks for Resupply Users
Was exploited for $9.6M in June 2025 through a donation attack on an empty vault
reUSD depends on Curve Lend and Fraxlend remaining solvent — problems there affect your collateral
RSUP token has no supply cap and inflates perpetually, which can dilute your holdings over time
Top Risk Factors
- •Resupply suffered a $9.6M donation-attack exploit in June 2025 on a newly deployed wstUSR vault, demonstrating that empty-pool vulnerabilities in freshly launched markets remain a critical attack vector.
- •reUSD is a stablecoin backed by other stablecoins deposited in Curve Lend and Fraxlend — any depeg or insolvency in those underlying lending markets cascades directly into reUSD collateral quality.
- •RSUP has no max supply and follows a perpetual inflation schedule (2% per year after year 5), diluting holders if protocol revenue does not grow to offset emission pressure.
How Resupply Compares to Peers
Resupply ranks #23 of 25 CDP protocols (bottom quartile — among the riskiest). At a risk score of 45/100, it's 9 points riskier than the sector average of 36/100.
Adjacent peers: Yala (C, 44/100) is ranked just safer, and Pando Leaf (C, 50/100) is ranked just riskier.
See the full CDP sector leaderboard or the Resupply vs FxDAO comparison.
Common Questions about Resupply
Plain-English answers based on Resupply's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Vitality Risk (7/10).
Has Resupply ever been hacked or exploited?
Resupply has had some operational issues or moderate incidents in its history. The track record dimension scored 7/15 — not catastrophic, but enough to flag. Look at the specific events and whether they were addressed by the team before drawing conclusions.
How much money is at stake in Resupply?
Resupply currently holds roughly $39M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Resupply?
Hindenrank has identified specific collapse scenarios for Resupply. The most prominent: "Cascading Lending Platform Failure and reUSD Depeg". The trigger condition is A critical exploit or insolvency event in Curve Lend or Fraxlend causes the underlying LP tokens used as reUSD collateral to lose significant value. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Resupply regulated or insured?
Resupply has some regulatory exposure (5/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Resupply?
Hindenrank's retail-focused risk audit flagged: Was exploited for $9.6M in June 2025 through a donation attack on an empty vault reUSD depends on Curve Lend and Fraxlend remaining solvent — problems there affect your collateral RSUP token has no supply cap and inflates perpetually, which can dilute your holdings over time
Should beginners deposit into Resupply?
Resupply's C grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Resupply compare to safer CDP alternatives?
Resupply is one protocol in Hindenrank's CDP coverage. The safest CDP protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Resupply against the full CDP ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Resupply risk report.
Read the Full Resupply Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.