Post-mortem: flash Loan–based price manipulation attack on the MOC FLow Reverse Auction rBTC to MOC contract

MOC Improvement Proposals
1

:warning: Warning: A proposal to resolve this issue is already underway.

:information_source: Info: This does not affect the stablecoin protocol, it only affects the MOC flow.

Executive summary

Since November 12, 2025 an attacker repeatedly has executed a sandwich-style manipulation against the part of our protocol that swaps RBTC for MOC to pay staking rewards via Uniswap.

The attacker used a custom contract to orchestrate multiple actions in a single transaction, including triggering our swapper at a moment when the MOC price had been artificially pushed upward. This caused the protocol to buy MOC at an inflated price, resulting in less value distributed to stakers than intended.

Total value extracted: 0.54172521 BTC (≈ $41,731.00)
Earliest observed attack: November 12, 2025
Repeated occurrences: Weekly (as seen in the transactions listed in Annex A)

What happened

The attacker deployed a contract designed to coordinate both their own trades and the execution of our protocol components. Each attack followed this general pattern:

  1. Flash loan: The attacker borrowed RBTC via a flash loan.
  2. Price push: Using the borrowed RBTC, the attacker bought MOC on Uniswap, temporarily driving the MOC price up.
  3. Forced protocol buy at a bad price: In the same transaction, the attacker invoked our protocol’s component that swaps RBTC → MOC to fund staking rewards. Because the pool price was already inflated, the protocol’s swap executed at even worse prices than normal.
  4. Profit + repayment: The attacker then sold MOC back (capturing profit from the inflated price environment) and repaid the flash loan, keeping the difference.

Net effect: value that should have gone to stakers was redirected to the attacker through unfavorable execution prices during the protocol’s reward-buy swap.

Detection

We detected the issue by observing brief spikes in the MOC price of up to ~400% that appeared on charts despite no meaningful organic volume.

These spikes were effectively “chart-visible but user-inaccessible”:

  • The extreme price was present only momentarily during the attack transaction’s execution sequence.
  • Normal users could not reliably trade at that price in a stable way; it existed as a short-lived state created to exploit the protocol’s swap.

This pattern was consistent with in-transaction price manipulation (sandwich/MEV-style behavior).

Remediation

To address this issue, we are submitting a proposal to update all components that trade on Uniswap (whether buying or selling MOC or RIF) so they are protected against sandwich-style manipulation.

The core change is to replace reliance on the pool’s spot price with an average price built from the pool’s price history, which is far harder to manipulate momentarily. By using a historical average reference, the short-lived price spikes required for this attack become ineffective or prohibitively expensive to reproduce.

Annex A — List of affected transactions

Total extracted across all events: 0.54172521 BTC (≈ $41,731.00)
First observed attack: November 12, 2025

This list includes the date, extracted value in BTC, and the USD equivalent, in addition to the link to the transaction itself.

1 Like
Proposal: Reverse Auction Flow Upgrade Using TWAP Pricing
2

:mega: Call to MOC holders: This proposal is being voted on. How to vote Tutorial. Use the new voting site.

:mega: Llamado a los MOC holders: Esta propuesta se está votando. Tutorial de cómo votar. Usar el nuevo sitio de voto.