Resupply offers an interesting yield-stacking model backed by two established DeFi teams, but the recent $9.6M exploit raises serious concerns about smart contract security for new vault deployments. The protocol's dependency on Curve and Frax lending markets creates layered risk. Approach with caution and monitor for post-exploit security improvements.
Top Risks
1
Resupply suffered a $9.6M donation-attack exploit in June 2025 on a newly deployed wstUSR vault, demonstrating that empty-pool vulnerabilities in freshly launched markets remain a critical attack vector.
2
reUSD is a stablecoin backed by other stablecoins deposited in Curve Lend and Fraxlend — any depeg or insolvency in those underlying lending markets cascades directly into reUSD collateral quality.
3
RSUP has no max supply and follows a perpetual inflation schedule (2% per year after year 5), diluting holders if protocol revenue does not grow to offset emission pressure.
Risk Breakdown
Frequently Asked Questions
Is Resupply safe to use?
Resupply receives a C risk grade (45/100) from Hindenrank, where lower scores indicate lower risk. Resupply offers an interesting yield-stacking model backed by two established DeFi teams, but the recent $9.6M exploit raises serious concerns about smart contract security for new vault deployments. The protocol's dependency on Curve and Frax lending markets creates layered risk. Approach with caution and monitor for post-exploit security improvements. Resupply is a stablecoin protocol built by Convex Finance and Yearn Finance that lets you borrow reUSD against yield-bearing stablecoin positions from Curve Lend and Fraxlend. It was exploited for $9.6M in June 2025 via a donation attack on an empty vault.
What are the main risks of using Resupply?
The key risks identified for Resupply are: (1) Was exploited for $9.6M in June 2025 through a donation attack on an empty vault (2) reUSD depends on Curve Lend and Fraxlend remaining solvent — problems there affect your collateral (3) RSUP token has no supply cap and inflates perpetually, which can dilute your holdings over time
What is Resupply's risk score breakdown?
Resupply scores 45/100 across eight risk dimensions: Mechanism Novelty: 6/15, Interaction Severity: 10/20, Oracle Surface: 4/10, Documentation Gaps: 3/10, Track Record: 7/15, Scale Exposure: 3/10, Regulatory Risk: 5/10, Vitality Risk: 7/10. The highest risk area is Vitality Risk at 7/10.
How does Resupply compare to other CDP protocols?
Among 25 rated CDP protocols on Hindenrank, Resupply ranks #23 by safety (lowest risk score = safest). Its 45/100 risk score and C grade place it among the riskier CDP protocols.
Has Resupply ever been hacked or exploited?
Resupply scores 7/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.