Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/rari-fuse

Name: rari-fuse
Author: apegurus

skills/case-studies/rari-fuse/SKILL.md

npx skillsauth add apegurus/solidity-argus rari-fuse

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Rari Fuse (2022)

Overview

In April 2022, several Rari Fuse lending pools were exploited for approximately $80 million. The attack targeted a reentrancy vulnerability in the protocol's CEther contract, which was a fork of Compound. The attacker was able to borrow assets against their collateral and then re-enter the contract to withdraw the collateral before the borrow was recorded.

Root Cause

The vulnerability was a classic reentrancy bug in the exitMarket function of the Comptroller or the redeem function of the CEther contract. When a user withdrew ETH, the contract made an external call to the user's address before updating the internal state. Because Rari's fork of Compound did not have a reentrancy guard on these specific functions (or the guard was bypassed), the attacker could recursively call the contract to drain funds.

Attack Flow

Attacker deposited collateral into a Rari Fuse pool.
Attacker initiated a withdrawal of their collateral (ETH).
The CEther contract sent ETH to the attacker's malicious contract via a low-level call.
The attacker's fallback function triggered a call to borrow other assets from the same pool.
Because the collateral withdrawal was not yet finalized in the state, the protocol still saw the attacker as having full collateral, allowing the borrow to succeed.
The attacker effectively withdrew their collateral AND borrowed assets against it, leaving the pool with bad debt.

Impact

Loss: ~$80M
Protocol: Rari Capital (Fuse)
Chain: Ethereum
Date: 2022-04-30

Key Transactions

Attack tx: 0xab4860125185a341599c543974807217b3911714771725567b746761632a2939

Detection Heuristics

Pattern 1: Compound forks that lack reentrancy guards on redeem, borrow, or exitMarket functions.
Pattern 2: External calls (especially ETH transfers) made before state updates in lending protocols.

Remediation

Fix 1: Apply the nonReentrant modifier to all functions that involve external calls or state changes.
Fix 2: Use the Checks-Effects-Interactions pattern to ensure state is updated before any external interaction.

References

rekt.news/rari-fuse-rekt/
twitter.com/BlockSecTeam/status/1520351351111651328

apegurus/rari-fuse

skills/case-studies/rari-fuse/SKILL.md

Case study of the 2022 Rari Fuse exploit: reentrancy in Compound fork draining ~$80M

data-ai

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus rari-fuse

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:21 AM144.0s1 file scanned

SKILL.md

name:: rari-fuse
description:: Detects usage of Compound-style lending tokens. Forks must ensure reentrancy guards are applied to all sensitive functions.
category:: reference
source_url:: https://rekt.news/rari-fuse-rekt/
source_license:: CC0
imported_at:: 2025-02-20T00:00:00Z
- regex:: CEther|CToken
severity:: Medium

Rari Fuse (2022)

Overview

Root Cause

Attack Flow

Attacker deposited collateral into a Rari Fuse pool.
Attacker initiated a withdrawal of their collateral (ETH).
The CEther contract sent ETH to the attacker's malicious contract via a low-level call.
The attacker's fallback function triggered a call to borrow other assets from the same pool.
Because the collateral withdrawal was not yet finalized in the state, the protocol still saw the attacker as having full collateral, allowing the borrow to succeed.
The attacker effectively withdrew their collateral AND borrowed assets against it, leaving the pool with bad debt.

Impact

Loss: ~$80M
Protocol: Rari Capital (Fuse)
Chain: Ethereum
Date: 2022-04-30

Key Transactions

Attack tx: 0xab4860125185a341599c543974807217b3911714771725567b746761632a2939

Detection Heuristics

Pattern 1: Compound forks that lack reentrancy guards on redeem, borrow, or exitMarket functions.
Pattern 2: External calls (especially ETH transfers) made before state updates in lending protocols.

Remediation

Fix 1: Apply the nonReentrant modifier to all functions that involve external calls or state changes.
Fix 2: Use the Checks-Effects-Interactions pattern to ensure state is updated before any external interaction.

References

rekt.news/rari-fuse-rekt/
twitter.com/BlockSecTeam/status/1520351351111651328

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/case-studies/rari-fuse ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT