On 12 August 2024, VOW token was exploited for around $1.2 million. The usdRateSetter address (0xbA1be907f532Ff6bb0088279e0f3DCDdD693aC7c) in the VOW contract temporarily changed the exchange rate (usdRate) between VOW and vUSD from 1 to 100. A malicious actor exploited the new usdRate to obtain vUSD at 100 times the correct amount.
8/13/2024