Term Finance tETH Decimal Precision Mismatch Liquidations
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Term Finance, a decentralized lending platform offering fixed-rate crypto loans via on-chain auctions, experienced an incident caused by an internal human error during an update to the tETH price oracle. Specifically, a decimal precision mismatch between components of the oracle led to incorrect tETH pricing, which triggered unintended liquidations totaling approximately 918 ETH. The issue was procedural—not a smart contract vulnerability—and no external manipulation occurred. Term Finance responded swiftly by containing the impact, negotiating with the liquidator to recover about 556 ETH, and committing to fully reimburse all 18 affected users. They also outlined plans for operational and governance improvements, including mandatory third-party validations, enhanced transparency, and strengthened review processes, to prevent future incidents and rebuild trust.[1][2][3][4][5][6][7]
About Term Finance
Term Finance is a decentralized lending platform that enables fixed-rate borrowing and lending of crypto assets through on-chain auctions. Built on Ethereum, Term Finance allows users to lock in predictable borrowing costs or returns, helping them manage cash flows and financial planning with greater certainty. The platform has cleared over $410 million in cumulative borrow volume, showcasing growing adoption among crypto-native lenders and borrowers.
Each week, Term hosts auctions for fixed-term loans—typically four weeks—across a variety of crypto collateral types such as wETH, wBTC, USDC, sAVAX, and others. During these auctions, a single market-clearing interest rate is determined, ensuring fairness and transparency. Everyone in the auction receives or pays the same rate regardless of their loan size, which levels the playing field for both institutional and retail participants.
Term is backed by a robust lineup of investors, including Electric Capital, Coinbase Ventures, Maelstrom, and Robot Ventures, as well as prominent angels like Fernando Martinelli (Balancer) and DeFi Dad. The platform places a high priority on security, with audits from Sigma Prime, Certora, Runtime Verification, and a DeFi Safety score of 93%.
The Reality
An internal human error during an update to the tETH oracle, specifically a decimal precision mismatch between components of the oracle, caused the oracle to produce incorrect price data for the tETH asset within the protocol. Because the protocol relies on accurate pricing for liquidations, this error led to unintended liquidations of users’ positions amounting to about 918 ETH.
What Happened
An internal decimal precision mismatch during a tETH oracle update caused incorrect pricing that triggered unintended liquidations on Term Finance.
| Date | Event | Description |
|---|---|---|
| April 26th, 2025 8:31:59 AM MDT | First Attack Transaction | The first attack transaction is accepted by the Ethereum blockchain. |
| April 26th, 2025 8:32:11 AM MDT | Second Attack Transaction | The second attack transaction is accepted by the Ethereum blockchain. |
| April 26th, 2025 9:15:00 AM MDT | TenArmor Posting Notice | TenArmor posts an announcement about the exploit transactions. |
| April 28th, 2025 1:43:00 PM MDT | TermLabs Publishes Postmortem | Term Labs publishes a postmortem about the incident on Twitter/X. |
Technical Details
The root cause of the @term_labs incident is the inconsistent price decimals of tETH in the newly updated tETH price oracle.
According to Term Finance, this was not a smart contract vulnerability or hack. The contracts themselves were secure and functioning as intended. The issue was procedural: a flaw in the operational execution of updating the oracle, not a flaw in the underlying code or the tETH asset infrastructure.
During the window when the faulty price feed was active, an anonymous liquidator executed liquidations according to on-chain rules, taking advantage of the incorrect pricing.
The technical issue stemmed from a decimal precision mismatch in the tETH oracle update. Specifically, during an internal update to the oracle that provides price data for the tETH asset, one or more components of the oracle system failed to correctly handle or align the decimal places used to represent the asset’s price.
Oracles often represent prices with fixed decimal precision to maintain accuracy (for example, prices might be expressed with 8 or 18 decimal places). In this case, a parameter related to decimal scaling—such as the number of decimals expected or used to convert raw price data into human-readable values—was either not updated or inconsistently updated across different parts of the oracle infrastructure.
As a result, the oracle began outputting prices that were either scaled incorrectly (too large or too small) relative to the actual market value of tETH. This led to the protocol interpreting the asset’s price inaccurately, which in turn triggered unintended liquidations because collateral valuations became artificially distorted.
Total Amount Lost
The total losses were 918 ETH.
The total amount lost has been estimated at $1,500,000 USD.
Immediate Reactions
Term Finance’s initial reaction to the issue was swift and responsible. Upon discovering the decimal mismatch error in the tETH oracle update that caused incorrect pricing and unintended liquidations, they immediately took containment measures to limit further impact. They reached out to the anonymous liquidator who executed the liquidations to negotiate the return of affected assets. Although the liquidator initially declined voluntary remediation, ongoing communication led to the recovery of about 556 ETH out of the total approximately 918 ETH lost.
Term Finance also promptly accepted full responsibility for the incident, publicly acknowledged the operational error, and committed to fully reimbursing all affected users. They emphasized that the protocol itself and user wallets were uncompromised, and that no broader systemic risks existed.
Alongside these immediate responses, Term Finance began outlining a clear reimbursement plan and announced a series of operational and governance improvements to prevent similar incidents in the future. This included introducing third-party validations, enhancing governance transparency, strengthening internal review processes, and reassigning critical review responsibilities — demonstrating a commitment not just to recovery but to long-term operational integrity.
Ultimate Outcome
Term Finance successfully contained the issue and took full responsibility for the operational error that caused the incorrect tETH pricing and subsequent unintended liquidations. They recovered a significant portion of the affected assets—about 556 ETH—which reduced the net loss to approximately 362 ETH (around $650,000).
They also announced that all affected users (18 in total) will be fully reimbursed for their losses, with borrowers retaining their loan proceeds and compensated for any shortfalls, and lenders able to redeem as usual at maturity. Importantly, the incident did not compromise user wallets or pose any systemic risk to the protocol or broader ETH markets.
Total Amount Recovered
Term Finance was able to contain the damage and negotiate to recover 556 ETH. It is unknown if any bounty was paid in that process.
The total amount recovered has been estimated at $650,000 USD.
Ongoing Developments
Beyond remediation, Term Finance committed to strengthening its operational and governance processes. This includes implementing mandatory third-party validation for critical oracle updates, enhancing governance transparency through public proposals, reinforcing operational checklists and escalation protocols, and reassigning review responsibilities to ensure rigorous independent validations.
Term Finance is actively working to complete the full reimbursement process for all affected users. They have secured funding to ensure that borrowers are compensated for any losses beyond their loan proceeds, and lenders can redeem their holdings as usual at maturity. The estimated timeline for completing reimbursements is around April 30, 2025, and Term Finance plans to provide ongoing updates until the process is finalized.
Term Finance is also continuing communications with the anonymous liquidator who executed the unintended liquidations during the period of incorrect pricing. Although the liquidator initially declined voluntary remediation, discussions remain open, and the platform hopes to recover additional assets beyond the approximately 556 ETH that have already been returned.
In parallel, Term Finance is in the process of implementing significant operational and governance improvements to prevent similar incidents in the future. This includes onboarding a third-party auditor to validate all critical oracle updates and protocol parameter changes, reinforcing internal checklists, formalizing escalation protocols, and increasing governance transparency through public proposal mechanisms. These efforts aim to create multiple layers of oversight and external validation for sensitive system operations.
Finally, Term Finance is encouraging greater community involvement by making governance processes more transparent and accessible. They have reassigned second-party review responsibilities to individuals with demonstrated operational rigor to ensure that all critical protocol changes undergo thorough independent review. These ongoing initiatives reflect Term Finance’s commitment to operational discipline, security, and rebuilding user trust over the long term.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ TenArmor - "Our system has detected 2 suspicious transactions involving @term_labs on #ETH, resulting in an approximately loss of $1.5M. It appears that something is wrong with the liquidation. Someone spent a very small amount of ETH to liquidate over 586 Treehouse collateral." - Twitter/X (Accessed Aug 1, 2025)
- ↑ First Attack Transaction - Etherscan (Accessed Aug 1, 2025)
- ↑ Second Attack Transaction - Etherscan (Accessed Aug 1, 2025)
- ↑ Postmortem: Term tETH Oracle Decimal Inconsistency Incident - Term Labs (Accessed Aug 1, 2025)
- ↑ Term Finance Homepage (Accessed Aug 1, 2025)
- ↑ Term Labs Twitter/X Account (Accessed Aug 1, 2025)
- ↑ https://x.com/TenArmorAlert/status/1916176568654958748 (Accessed Aug 5, 2025)