DeFi Hacks Reproduce - Foundry
Reproduce DeFi hack incidents using Foundry.
533 incidents included.
Let's make Web3 secure! Join Discord
Notion: 101 root cause analysis of past DeFi hacked incidents
Transaction debugging tools
Disclaimer: This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.
Getting Started
All articles are also published on Substack.
OnChain transaction debugging
Who Support Us? DeFiHackLabs Received Grant From
Donate us
If you appreciate our work, please consider donating. Even a small amount helps us continue developing and improving our projects, and promoting web3 security.
List of Past DeFi Incidents
20241006 SASHAToken
20241005 AIZPTToken
20241002 LavaLending
20241001 FireToken
20240926 OnyxDAO
20240926 Bedrock_DeFi
20240924 MARA
20240923 Bankroll_Network
20240913 OTSeaStaking
20240910 Caterpillar_Coin_CUT
20240903 Penpiexyz_io
20240816 Zenterest
20240828 AAVE
20240814 YodlRouter
20240813 VOW
20240812 iVest
20240806 Novax
20240801 Convergence
20240724 Spectra_finance
20240723 MEVbot_0xdd7c
20240716 Lifiprotocol
20240714 Minterest
20240712 DoughFina
20240711 SBT
20240711 GAX
20240708 LW
20240705 DeFiPlaza
20240703 UnverifiedContr_0x452E25
20240702 MRP
20240628 Will
20240627 APEMAGA
20240618 INcufi
20240617 Dyson_money
20240616 WIFCOIN_ETH
20240611 Crb2
20240611 JokInTheBox
20240610 Bazaar
20240608 YYStoken
20240606 SteamSwap
20240606 MineSTM
20240604 NCD
20240601 VeloCore
20240531 Liquiditytokens
20240531 MixedSwapRouter
20240529 SCROLL
20240529 MetaDragon
20240528 Tradeonorion
20240528 EXcommunity
20240527 RedKeysCoin
20240526 NORMIE
20240522 Burner
20240516 TCH
20240514 Sonne Finance
20240514 PredyFinance
20240512 TGC
20240510 GFOX
20240510 TSURU
20240508 GPU
20240507 SATURN
20240506 OSN
20240430 Yield
20240430 PikeFinance
20240427 BNBX
20240425 NGFS
20240424 XBridge
20240424 YIEDL
20240422 Z123
20240420 Rico
20240419 HedgeyFinance
20240417 UnverifiedContr_0x00C409
20240416 SATX
20240416 MARS_DEFI
20240415 GFA
20240415 Chainge
20240414 Hackathon
20240412 FIL314
20240412 SumerMoney
20240412 GROKD
20240410 BigBangSwap
20240409 UPS
20240408 SQUID
20240404 WSM
20240402 HoppyFrogERC
20240401 ATM
20240401 OpenLeverage
20240329 ETHFIN
20240329 PrismaFi
20240328 LavaLending
20240325 ZongZi
20240314 ARK
20240323 CGT
20240321 SSS
20240320 Paraswap
20240314 MO
20240313 IT
20240312 BBT
20240311 Binemon
20240309 Juice
20240309 UnizenIO
20240307 GHT
20240306 ALP
20240306 TGBS
20240305 Woofi
20240228 Seneca
20240228 SMOOFSStaking
20240223 Zoomer
20240223 CompoundUni
20240223 BlueberryProtocol
20240222 SwarmMarkets
20240221 DeezNutz404
20240221 GAIN
20240220 EGGX
20240219 RuggedArt
20240216 ParticleTrade
20240215 DualPools
20240215 Babyloogn
20240215 Miner
20240213 MINER BSC
20240211 Game
20240210 FILX DN404
20240208 Pandora404
20240205 BurnsDefi
20240202 ADC
20240201 AffineDeFi
20240130 XSIJ
20240130 MIMSpell
20240129 PeapodsFinance
20240128 BarleyFinance
20240127 CitadelFinance
20240125 NBLGAME
20240122 DAO_SoulMate
20240117 BmiZapper
20240117 SocketGateway
20240115 Shell_MEV_0xa898
20240112 WiseLending
20240110 Freedom
20240110 LQDX Alert
20240104 Gamma
20240102 MIC
20240102 RadiantCapital
20240101 OrbitChain
20231231 Channels BUSD&USDC
20231230 ChannelsFinance
20231228 CCV
20231228 DominoTT
20231225 Telcoin
20231222 PineProtocol
20231220 TransitFinance
20231217 Bob
20231217 FloorProtocol
20231216 GoodDollar
20231216 KEST
20231216 NFTTrader
20231214 PHIL
20231213 HYPR
20231211 GoodCompound
20231209 BCT
20231207 HNet
20231206 TIME
20231206 ElephantStatus
20231205 MAMO
20231205 BEARNDAO
20231202 bZxProtocol
20231201 UnverifiedContr_0x431abb
20231130 EEE
20231130 CAROLProtocol
20231129 Burntbubba
20231129 AIS
20231128 FiberRouter
20231125 MetaLend
20231125 TheNFTV2
20231122 KyberSwap
20231117 Token8633_9419
20231117 ShibaToken
20231116 WECO
20231115 EHX
20231115 XAI
20231115 LinkDAO
20231114 OKC Project
20231112 MEV_0x8c2d
20231112 MEV_0xa247
20231111 Mahalend
20231110 Raft_fi
20231110 GrokToken
20231107 RBalancer
20231107 MEVbot
20231106 TrustPad
20231106 TheStandard_io
20231106 KR
20231102 BRAND
20231102 3913Token
20231101 SwampFinance
20231101 OnyxProtocol
20231031 UniBotRouter
20231030 LaEeb
20231028 AstridProtocol
20231024 MaestroRouter2
20231022 OpenLeverage
20231019 kTAF
20231018 HopeLend
20231018 MicDao
20231013 BelugaDex
20231013 WiseLending
20231012 Platypus
20231011 BH
20231008 ZS
20231008 pSeudoEth
20231007 StarsArena
20231005 DePayRouter
20230930 FireBirdPair
20230929 DEXRouter
20230926 XSDWETHpool
20230924 KubSplit
20230921 CEXISWAP
20230916 uniclyNFT
20230911 0x0DEX
20230909 BFCToken
20230908 APIG
20230907 HCT
20230905 QuantumWN
20230905 JumpFarm
20230905 HeavensGate
20230905 FloorDAO
20230902 DAppSocial
20230829 EAC
20230827 Balancer
20230826 SVT
20230824 GSS
20230821 EHIVE
20230819 BTC20
20230818 ExactlyProtocol
20230814 ZunamiProtocol
20230809 EarningFram
20230802 CurveBurner
20230802 Uwerx
20230801 NeutraFinance
20230801 LeetSwap
20230731 GYMNET
20230730 Curve
20230726 Carson
20230724 Palmswap
20230723 MintoFinance
20230722 ConicFinance02
20230721 ConicFinance
20230721 SUT
20230720 Utopia
20230720 FFIST
20230718 APEDAO
20230718 BNO
20230717 NewFi
20230715 USDTStakingContract28
20230712 Platypus
20230712 WGPT
20230711 RodeoFinance
20230711 Libertify
20230710 ArcadiaFi
20230708 CIVNFT
20230708 Civfund
20230707 LUSD
20230704 BambooIA
20230704 BaoCommunity
20230703 AzukiDAO
20230630 Biswap
20230630 MyAi
20230628 Themis
20230627 UnverifiedContr_9ad32
20230627 STRAC
20230623 SHIDO
20230621 BabyDogeCoin02
20230621 BUNN
20230620 MIM
20230619 Contract_0x7657
20230618 ARA
20230617 MidasCapitalXYZ
20230617 Pawnfi
20230615 CFC
20230615 DEPUSDT_LEVUSDC
20230612 Sturdy Finance
20230611 SellToken04
20230607 CompounderFinance
20230606 VINU
20230606 UN
20230602 NST SimpleSwap
20230601 DDCoin
20230601 Cellframenet
20230531 ERC20TokenBank
20230529 Jimbo
20230529 BabyDogeCoin
20230529 FAPEN
20230529 NOON_NO
20230525 GPT
20230524 LocalTrade
20230524 CS
20230523 LFI
20230514 landNFT
20230514 SellToken03
20230513 Bitpaidio
20230513 SellToken02
20230512 LW
20230511 SellToken01
20230510 SNK
20230509 MCC
20230509 HODL
20230506 Melo
20230505 DEI
20230503 NeverFall
20230502 Level
20230428 0vix
20230427 SiloFinance
20230424 Axioma
20230419 OLIFE
20230416 Swapos V2
20230415 HundredFinance
20230413 yearnFinance
20230412 MetaPoint
20230411 Paribus
20230409 SushiSwap
20230405 Sentiment
20230402 Allbridge
20230328 SafeMoon Hack
20230328 THENA
20230325 DBW
20230322 BIGFI
20230317 ParaSpace NFT
20230315 Poolz
20230313 EulerFinance
20230308 DKP
20230307 Phoenix
20230227 LaunchZone
20230227 SwapX
20230224 EFVault
20230222 DYNA
20230218 RevertFinance
20230217 Starlink
20230217 Dexible
20230217 Platypusdefi
20230210 Sheep Token
20230210 dForce
20230207 CowSwap
20230206 FDP Token
20230203 Orion Protocol
20230203 Spherax USDs
20230202 BonqDAO
20230130 BEVO
20230126 TomInu Token
20230119 SHOCO Token
20230119 ThoreumFinance
20230118 QTN Token
20230118 UPS Token
20230117 OmniEstate
20230116 MidasCapital
20230111 UFDao
20230111 ROE
20230110 BRA
20230103 GDS
20221230 DFS
20221229 JAY
20221225 Rubic
20221223 Defrost
20221214 Nmbplatform
20221214 FPR
20221213 ElasticSwap
20221212 BGLD
20221211 Lodestar
20221211 MEVbot_0x28d9
20221210 MUMUG
20221210 TIFIToken
20221209 NOVAToken
20221207 AES
20221205 RFB
20221205 BBOX
20221202 OverNight
20221201 APC
20221129 MBC & ZZSH
20221129 SEAMAN
20221123 NUM
20221122 AUR
20221121 SDAO
20221119 AnnexFinance
20221118 Polynomial
20221117 UEarnPool
20221116 SheepFarm
20221110 DFXFinance
20221109 brahTOPG
20221108 MEV_0ad8
20221108 Kashi
20221107 MooCAKECTX
20221105 BDEX
20221027 VTF
20221027 Team Finance
20221026 N00d Token
20221025 ULME
20221024 Market
20221024 MulticallWithoutCheck
20221021 OlympusDAO
20221020 HEALTH Token
20221019 BEGO Token
20221018 HPAY
20221018 PLTD Token
20221017 Uerii Token
20221014 INUKO Token
20221014 EFLeverVault
20221014 MEVBOT a47b
20221012 ATK
20221011 Rabby Wallet SwapRouter
20221011 Templedao
20221010 Carrot
20221009 Xave Finance
20221006 RES-Token
20221002 Transit Swap
20221001 BabySwap
20221001 RL
20221001 Thunder Brawl
20220929 BXH
20220928 MEVBOT Badc0de
20220923 RADT-DAO
20220913 MevBot Private TX
20220909 DPC
20220908 YYDS
20220908 NewFreeDAO
20220908 Ragnarok Online Invasion
20220906 NXUSD
20220905 ZoomproFinance
20220902 ShadowFi
20220902 Bad Guys by RPF
20220828 DDC
20220824 LuckyTiger NFT
20220816 Circle_2
20220813 Circle
20220810 XSTABLE Protocol
20220809 ANCH
20220807 EGD Finance
20220804 EtnProduct
20220803 Qixi
20220802 Nomad Bridge
20220801 Reaper Farm
20220725 LPC
20220723 Audius
20220713 SpaceGodzilla
20220710 Omni NFT
20220706 FlippazOne NFT
20220701 Quixotic - Optimism NFT Marketplace
20220626 XCarnival
20220624 Harmony's Horizon Bridge
20220618 SNOOD
20220616 InverseFinance
20220608 GYMNetwork
20220608 Optimism - Wintermute
20220606 Discover
20220529 NOVO Protocol
20220524 HackDao
20220517 ApeCoin
20220508 Fortress Loans
20220430 Saddle Finance
20220430 Rari Capital/Fei Protocol
20220428 DEUS DAO
20220424 Wiener DOGE
20220423 Akutar NFT
20220421 Zeed Finance
20220416 BeanstalkFarms
20220415 Rikkei Finance
20220412 ElephantMoney
20220411 Creat Future
20220409 GYMNetwork
20220329 Ronin Network
20220329 Redacted Cartel
20220327 Revest Finance
20220326 Auctus
20220322 CompoundTUSDSweepTokenBypass
20220321 OneRing Finance
20220320 LI.FI
20220320 Umbrella Network
20220315 Agave Finance
20220315 Hundred Finance
20220313 Paraluni
20220309 Fantasm Finance
20220305 Bacon Protocol
20220303 TreasureDAO
20220214 BuildFinance - DAO
20220208 Sandbox LAND
20220205 Meter
20220204 TecraSpace
20220128 Qubit Finance
20220118 Multichain (Anyswap)
20211221 Visor Finance
20211218 Grim Finance
20211214 Nerve Bridge
20211130 MonoX Finance
20211123 Ploutoz Finance
20211027 Cream Finance
20211015 Indexed Finance
20210916 SushiSwap Miso
20210915 Nimbus Platform
20210915 NowSwap Platform
20210912 ZABU Finance
20210903 DAO Maker
20210830 Cream Finance
20210817 XSURGE
20210811 Poly Network
20210804 WaultFinance
20210728 Levyathan Finance
20210710 Chainswap
20210702 Chainswap
20210628 SafeDollar
20210625 xWin Finance
20210622 Eleven Finance
20210607 88mph NFT
20210603 PancakeHunny
20210527 JulSwap
20210527 BurgerSwap
20210519 PancakeBunny
20210516 bEarn
20210508 Rari Capital
20210508 Value Defi
20210502 Spartan
20210428 Uranium
20210308 DODO
20210305 Paid Network
20210204 Yearn YDai
20210125 Sushi Badger Digg
20201229 Cover Protocol
20201121 Pickle Finance
20201026 Harvest Finance
20200912 bzx
20200804 Opyn Protocol
20200628 Balancer Protocol
20200618 Bancor Protocol
20200419 LendfMe
20200418 UniSwapV1
20181007 SpankChain
20180424 SmartMesh
20180422 Beauty Chain
20171106 Parity - 'Accidentally Killed It'
Transaction debugging tools
Phalcon | Tx tracer | Cruise | Ethtx | Tenderly | eigenphi
Ethereum Signature Database
4byte | sig db | etherface
Useful tools
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI | Abi tools
Hacks Dashboard
Slowmist | Defillama | De.Fi | Rekt | Cryptosec
List of DeFi Hacks & POCs
20241006 SASHAToken - Price Manipulation
Total Lost : 249 ETH ($600K USD)
forge test --contracts ./src/test/2024-10/SASHAToken_exp.sol -vvv
Contract
SASHAToken_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1842864840265883833
20241005 AIZPTToken - Wrong Price Calculation
Total Lost : 34.88 BNB (~$20K USD)
forge test --contracts ./src/test/2024-10/AIZPTToken_exp.sol -vvv
Contract
AIZPTToken_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1842576732047700077
20241001 FireToken - Pair Manipulation With Transfer Function
Lost: 8.45 ETH (~$20K USD)
forge test --contracts ./src/test/2024-10/FireToken_exp.sol -vvv
Contract
FireToken_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1841305965750350089
20241002 LavaLending - Price Manipulation
Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)
forge test --contracts ./src/test/2024-10/LavaLending_exp.sol -vvv
Contract
LavaLending_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1841823216425435308
https://nickfranklin.site/2024/10/03/unknown-lending-project-hacked-due-to-price-oracle-manipulation/
20240926 OnyxDAO - Fake Market
Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)
forge test --contracts ./src/test/2024-09/OnyxDAO_exp.sol -vvv
Contract
OnyxDAO_exp.sol
Link reference
https://x.com/peckshield/status/1839302663680438342
20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function
Lost: 27.83925883 BTC (~$1.7M USD)
forge test --contracts ./src/test/2024-09/Bedrock_DeFi_exp.sol -vvv
Contract
Bedrock_DeFi_exp.sol
Link reference
https://x.com/certikalert/status/1839403126694326374
20240924-MARA---price-manipulation
Lost: ~8.8 WBNB (~5.3K USD)
forge test --contracts ./src/test/2024-09/MARA_exp.sol -vvv
Contract
MARA_exp.sol
Link reference
https://bscscan.com/tx/0x0fe3716431f8c2e43217c3ca6d25eed87e14d0fbfa9c9ee8ce4cef2e5ec4583c
20240923 Bankroll_Network - Incorrect input validation
Lost: ~404 WBNB (~234.8K USD)
forge test --contracts ./src/test/2024-09/Bankroll_exp.sol -vvv
Contract
Bankroll_exp.sol
Link reference
https://x.com/Phalcon_xyz/status/1838042368018137547
20240913 OTSeaStaking - Logic Flaw
Lost: 26k
forge test --contracts ./src/test/2024-09/OTSeaStaking_exp.sol -vvv
Contract
OTSeaStaking_exp.sol
Link reference
Nick Franklin: https://nickfranklin.site/2024/09/13/otsea-staking-hacked/
20240910 Caterpillar_Coin_CUT - Price Manipulation
Lost: ~1.4M USD
forge test --contracts ./src/test/2024-09/Caterpillar_Coin_CUT_exp.sol -vvv --evm-version shanghai
Contract
Caterpillar_Coin_CUT_exp.sol
Link reference
https://www.certik.com/zh-CN/resources/blog/caterpillar-coin-cut-token-incident-analysis
20240903 Penpiexyz_io - Reentrancy and Reward Manipulation
Lost: 11,113.6 ETH (~$27,348,259 USD)
forge test --contracts ./src/test/2024-09/Penpiexyzio_exp.sol -vvv --evm-version shanghai
Contract
Penpiexyzio_exp.sol
Link reference
https://x.com/peckshield/status/1831072098669953388
https://x.com/AnciliaInc/status/1831080555292856476
https://x.com/hackenclub/status/1831383106554573099
post-morten: https://x.com/Penpiexyz_io/status/1831462760787452240
20240828 AAVE - Arbitrary Call Error
Lost: 52000
forge test --contracts ./src/test/2024-08/AAVE_Repay_Adapter.sol -vvv
Contract
AAVE_Repay_Adapter.sol
Link reference
https://www.vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar
20240816 Zenterest - Price Out Of Date
Lost: ~21000 USD
forge test --contracts ./src/test/2024-08/Zenterest_exp.sol -vvvv --evm-version shanghai
Contract
Zenterest_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1824579761383018564
20240814 NoName - Arbitrary Call
Lost: ~5k
forge test --contracts ./src/test/2024-08/YodlRouter_exp.sol -vvv
Contract
YodlRouter_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1823601087011807636
20240813 VOW - Misconfiguration
Lost: ~ 1M USD
forge test --contracts ./src/test/2024-08/VOW_exp.sol -vvv
Contract
VOW_exp.sol
Link reference
https://x.com/Vowcurrency/status/1823407231658025300
20240812 iVest - Business logic flaw
Lost: ~338 WBNB
forge test --contracts src/test/2024-08/IvestDao_exp.sol -vvv
Contract
IvestDao_exp.sol
Link reference
https://x.com/AnciliaInc/status/1822870201698050064
20240806 Novax - Price Manipulation
Lost: ~25K USD
forge test --contracts ./src/test/2024-08/NovaXM2E_exp.sol -vvv
Contract
NovaXM2E_exp.sol
Link reference
https://x.com/EXVULSEC/status/1820676684410147276
20240801 Convergence - Incorrect input validation
Lost: ~200K USD
forge test --contracts ./src/test/2024-08/Convergence_exp.sol -vvvv --evm-version cancun
Contract
Convergence_exp.sol
Link reference
https://x.com/DecurityHQ/status/1819030089012527510
20240724 Spectra_finance - Incorrect input validation
Lost: ~73K USD
forge test --contracts ./src/test/2024-07/Spectra_finance_exp.sol -vvv
Contract
Spectra_finance_exp.sol
Link reference
https://x.com/shoucccc/status/1815981585637990899
20240723 MEVbot_0xdd7c - Incorrect input validation
Lost: ~18k USD
forge test --contracts src/test/MEVbot_0xdd7c_exp.sol -vvv --evm-version cancun
Contract
MEVbot_0xdd7c_exp.sol
Link reference
https://x.com/SlowMist_Team/status/1815656653100077532
20240716 Lifiprotocol - Incorrect input validation
Lost: ~10M USD
forge test --contracts ./src/test/2024-07/Lifiprotocol_exp.sol -vvv
Contract
Lifiprotocol_exp.sol
Link reference
https://x.com/danielvf/status/1505689981385334784
20240714 Minterest - Reentrancy
Lost: ~427 ETH
forge test --contracts ./src/test/2024-07/Minterest_exp.sol -vvv
Contract
Minterest_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1813122959219040323
20240712 DoughFina - Incorrect input validation
Lost: ~1.8M USD
forge test --contracts ./src/test/2024-07/DoughFina_exp.sol -vvv
Contract
DoughFina_exp.sol
Link reference
https://x.com/CertiKAlert/status/1811668992882307478
20240711 SBT - business logic flaw
Lost: ~56K USD
forge test --contracts ./src/test/2024-07/SBT_exp.sol -vvv
Contract
SBT_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1811401263969673654
20240711 GAX - Lack of access control
Lost: ~50K $BUSD
forge test --contracts ./src/test/2024-07/GAX_exp.sol -vvv
Contract
GAX_exp.sol
Link reference
https://x.com/EXVULSEC/status/1811348160851378333
20240708 LW - Integer Underflow
Lost: ~7K USD
forge test --contracts ./src/test/2024-07/LW_exp.sol -vvv
Contract
LW_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1810245893490368820
20240705 DeFiPlaza - loss of precision
Lost: ~200K USD
forge test --contracts ./src/test/2024-07/DeFiPlaza_exp.sol -vvv
Contract
DeFiPlaza_exp.sol
Link reference
https://x.com/DecurityHQ/status/1809222922998808760
20240703 UnverifiedContr_0x452E25 - lack-of-access-control
Lost: 27 ETH
forge test --contracts ./src/test/2024-07/UnverifiedContr_0x452E25_exp.sol -vvv --evm-version "cancun"
Contract
UnverifiedContr_0x452E25_exp.sol
Link reference
https://x.com/SlowMist_Team/status/1808334870650970514
20240702 MRP - Reentrancy
Lost: 17 BNB
forge test --contracts ./src/test/2024-07/MRP_exp.sol -vvv
Contract
MRP_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1808309614443733005
20240628 Will - business logic flaw
Lost: $52K
forge test --contracts ./src/test/2024-06/Will_exp.sol -vvv --evm-version "shanghai"
Contract
Will_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1806704287252394238
20240627 APEMAGA - business logic flaw
Lost: ~9 ETH
forge test --contracts ./src/test/2024-06/APEMAGA_exp.sol -vvv --evm-version "shanghai"
Contract
APEMAGA_exp.sol
Link reference
https://x.com/ChainAegis/status/1806297556852601282
20240618 INcufi - business logic flaw
Lost: ~59K USD
forge test --contracts ./src/test/2024-06/INcufi_exp.sol -vvv
Contract
INcufi_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1803317022513832301
20240617 Dyson_money - business logic flaw
Lost: 52 BNB
forge test --contracts ./src/test/2024-06/Dyson_money_exp.sol -vvv
Contract
Dyson_money_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1802634237667054052
20240616 WIFCOIN_ETH - business logic flaw
Lost: ~3.4 ETH (WIF token)
forge test --contracts ./src/test/2024-06/WIFCOIN_ETH_exp.sol -vv --evm-version "shanghai"
Contract
WIFCOIN_ETH_exp.sol
Link reference
https://x.com/ChainAegis/status/1802550962977964139
20240616 Crb2 - business logic flaw
Lost: ~15K
forge test --contracts ./src/test/2024-06/Crb2_exp.sol -vv --evm-version shanghai
Contract
Crb2_exp.sol
Link reference
20240611 JokInTheBox - business logic flaw
Lost: ~9.2 ETH
forge test --contracts ./src/test/2024-06/JokInTheBox_exp.sol -vv --evm-version cancun
Contract
JokInTheBox_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1800355604692910571
20240610 Bazaar - Insufficient Permission Check
Lost: 1.4M
forge test --contracts ./src/test/2024-06/Bazaar_exp.sol -vvv
Contract
Bazaar_exp.sol
Link reference
https://x.com/shoucccc/status/1800353122159833195
20240608 YYStoken - Business Logic Flaw
Lost: $28K
forge test --contracts src/test/2024-06/YYS_exp.sol -vv
Contract
YYS_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1799610045589831833
20240606 SteamSwap - Logic Flaw
Lost: ~$91k
forge test --contracts ./src/test/2024-06/SteamSwap_exp.sol -vvv --evm-version shanghai
Contract
SteamSwap_exp.sol
Link reference
https://x.com/SlowMist_Team/status/1798905797440897386
20240606 MineSTM - Business Logic Flaw
Lost: $13.8K
forge test --contracts src/test/2024-06/MineSTM_exp.sol -vv
Contract
MineSTM_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1798920774511898862
20240604 NCD - Business Logic Flaw
Lost: $6.4K
forge test --contracts src/test/2024-06/NCD_exp.sol -vv
Contract
NCD_exp.sol
Link reference
https://x.com/SlowMist_Team/status/1797821034319765604
20240601 VeloCore - lack-of-access-control
Lost: $6.88M
forge test --contracts src/test/2024-06/Velocore_exp.sol -vv
Contract
Velocore_exp.sol
Link reference
https://x.com/BeosinAlert/status/1797247874528645333
20240531 Liquiditytokens - Business Logic Flaw
Lost: ~200K USD
forge test --contracts ./src/test/2024-05/Liquiditytokens_exp.sol -vvv
Contract
Liquiditytokens_exp.sol
Link reference
https://x.com/EXVULSEC/status/1796499069583724638
20240531 MixedSwapRouter - Arbitrary Call
Lost: >10700USD(WINR token)
forge test --contracts ./src/test/2024-05/MixedSwapRouter_exp.sol -vvv
Contract
MixedSwapRouter_exp.sol
Link reference
https://x.com/ChainAegis/status/1796484286738227579
20240529 SCROLL - Integer Underflow
Lost: 76 ETH
forge test --contracts ./src/test/2024-05/SCROLL_exp.sol -vvv
Contract
SCROLL_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1795650745448169741
20240529 MetaDragon - Lack of Access Control
Lost: ~ $180k
forge test --contracts src/test/2024-05/MetaDragon_exp.sol -vvvvv --evm-version shanghai
Contract
MetaDragon_exp.sol
Link reference
https://x.com/Phalcon_xyz/status/1795746828064854497
20240528 Tradeonorion - Business Logic Flaw
Lost: ~645K
forge test --contracts ./src/test/2024-05/Tradeonorion_exp.sol -vvv
Contract
Tradeonorion_exp.sol
Link reference
https://x.com/MetaSec_xyz/status/1796008961302258001
20240528 EXcommunity - Business Logic Flaw
Lost: 33BNB
forge test --contracts ./src/test/2024-05/EXcommunity_exp.sol -vvv
Contract
EXcommunity_exp.sol
Link reference
https://x.com/SlowMist_Team/status/1795648617530995130
20240527 RedKeysCoin - Weak RNG
Lost: $12K
forge test --contracts ./src/test/2024-05/RedKeysCoin_exp.sol -vvv --evm-version shanghai
Contract
RedKeysCoin_exp.sol
Link reference
20240526 NORMIE - Business Logic Flaw
Lost: $490K
forge test --contracts ./src/test/2024-05/NORMIE_exp.sol -vv
Contract
NORMIE_exp.sol
Link reference
https://x.com/lookonchain/status/1794680612399542672
20240522 Burner - sandwich ack
Lost: 1.7 eth
forge test --contracts ./src/test/2024-05/Burner_exp.sol -vv
Contract
Burner_exp.sol
Link reference
https://x.com/0xNickLFranklin/status/1792925754243625311
20240516 TCH - Signature Malleability Vulnerability
Lost: $18K
forge test --contracts ./src/test/2024-05/TCH_exp.sol -vvv
Contract
TCH_exp.sol
Link reference
https://x.com/DecurityHQ/status/1791180322882629713
20240514 Sonne Finance - Precision loss
Lost: $20M
forge test --contracts ./src/test/2024-05/Sonne_exp.sol -vvv
Contract
Sonne_exp.sol
Link reference
https://neptunemutual.com/blog/taking-a-closer-look-at-sonne-finance-exploit/
20240514 PredyFinance - Reentrancy
Lost: $464K
forge test --contracts ./src/test/2024-05/PredyFinance_exp.sol -vvv
Contract
PredyFinance_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1790307019590680851
20240512 TGC - Business Logic Flaw
Lost: $32K
forge test --contracts ./src/test/2024-05/TGC_exp.sol -vvv
Contract
TGC_exp.sol
Link reference
https://x.com/ChainAegis/status/1789490986588205529
20240510 GFOX - lack of access control
Lost: 330K USD
forge test --contracts ./src/test/2024-05/GFOX_exp.sol -vvv --evm-version shanghai
Contract
GFOX_exp.sol
Link reference
https://twitter.com/CertiKAlert/status/1788751142144401886
20240510 TSURU - Insufficient Validation
Lost: 140K
forge test --contracts ./src/test/2024-05/TSURU_exp.sol -vvv --evm-version shanghai
Contract
TSURU_exp.sol
Link reference
https://base.tsuru.wtf/usdtsuru-exploit-incident-report
20240508 GPU - self transfer
Lost: ~32K USD
forge test --contracts src/test/2024-05/GPU_exp.sol -vvv
Contract
GPU_exp.sol
Link reference
https://twitter.com/PeckShieldAlert/status/1788153869987611113
20240507 SATURN - Price Manipulation
Lost: ~15 BNB
forge test --contracts src/test/2024-05/OSN_exp.sol -vvv
Contract
SATURN_exp.sol
Link reference
https://twitter.com/ChainAegis/status/1787667253435195841
20240506 OSN - Reward Distribution Problem
Lost: ~109K USD
forge test --contracts src/test/2024-05/OSN_exp.sol -vvv --evm-version shanghai
Contract
OSN_exp.sol
Link reference
https://twitter.com/SlowMist_Team/status/1787330586857861564
20240430 Yield - Business Logic Flaw
Lost: 181K
forge test --contracts ./src/test/2024-04/Yield_exp.sol -vvv
Contract
Yield_exp.sol
Link reference
https://twitter.com/peckshield/status/1785121607192817692
https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50
20240430 PikeFinance - Uninitialized Proxy
Lost: 1.4M
forge test --contracts ./src/test/2024-04/PikeFinance_exp.sol -vvv
Contract
PikeFinance_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1785508900093194591
20240427 BNBX - precission loss
Lost: ~75 $BNB
forge test --contracts ./src/test/2024-04/BNBX_exp.sol -vvv --evm-version shanghai
Contract
BNBX_exp.sol
Link reference
https://x.com/ChainAegis/status/1784431544557514896
20240425 NGFS - Bad Access Control
Lost: ~190K
forge test --contracts ./src/test/2024-04/NGFS_exp.sol -vvv --evm-version shanghai
Contract
NGFS_exp.sol
Link reference
https://twitter.com/CertiKAlert/status/1783476515331616847
20240424 XBridge - Logic Flaw
Lost: >200k USD(plus a lot of STC, SRLTY, Mazi tokens)
forge test --contracts ./src/test/2024-04/XBridge_exp.sol -vvv
Contract
XBridge_exp.sol
20240424 YIEDL - Input Validation
Lost: 150k USD
forge test --contracts ./src/test/2024-04/YIEDL_exp.sol -vvv
Contract
YIEDL_exp.sol
20240422 Z123 - price manipulation
Lost: 136k USD
forge test --contracts ./src/test/2024-04/Z123_exp.sol -vvv
Contract
Z123_exp.sol
Link reference
https://twitter.com/PeckShieldAlert/status/1782322484911784385
20240420 Rico - Arbitrary Call
Lost: 36K
forge test --contracts ./src/test/2024-04/Rico_exp.sol -vvv
Contract
Rico_exp.sol
Link reference
https://twitter.com/ricocreditsys/status/1781803698940781009
20240419 HedgeyFinance - Logic Flaw
Lost: 48M USD
forge test --contracts ./src/test/2024-04/HedgeyFinance_exp.sol -vvv
Contract
HedgeyFinance_exp.sol
Link reference
https://twitter.com/Cube3AI/status/1781294512716820918
20240417 UnverifiedContr_0x00C409 - unverified external call
Lost: ~ 18 eth
forge test --contracts src/test/2024-04/UnverifiedContr_0x00C409_exp.sol -vvv
Contract
UnverifiedContr_0x00C409_exp.sol
Link reference
https://x.com/CyversAlerts/status/1780593407871635538
20240416 SATX - Logic Flaw
Lost: ~ 50 BNB
forge test --contracts src/test/2024-04/SATX_exp.sol -vvv
Contract
SATX_exp.sol
Link reference
https://x.com/bbbb/status/1780341239801393479
20240416 MARS - Bad Reflection
Lost: >100K
forge test --contracts src/test/2024-04/MARS_exp.sol -vv
Contract
MARS_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1780150315603701933
20240415 GFA - business-logic-flaw
Lost: ~14K USD
forge test --contracts src/test/2024-04/GFA_exp.sol -vvv
Contract
GFA_exp.sol
Link reference
https://x.com/ChainAegis/status/1779809931962827055
20240415 Chainge - Input Validation
Lost: ~200K
forge test --contracts ./src/test/2024-04/Chainge_exp.sol -vvv
Contract
Chainge_exp.sol
Link reference
https://twitter.com/CyversAlerts/status/1779875922381860920
20240414 Hackathon - business logic flaw
Lost: ~20K
forge test --contracts ./src/test/2024-04/Hackathon_exp.sol -vvv
Contract
Hackathon_exp.sol
Link reference
https://x.com/EXVULSEC/status/1779519508375613827
20240412 FIL314 - Insufficient Validation And Price Manipulation
Lost: ~14 BNB
forge test --contracts ./src/test/2024-04/FIL314_exp.sol -vvv
Contract
FIL314_exp.sol
Link reference
20240412 SumerMoney - Reentrancy
Lost: 350K
forge test --contracts ./src/test/2024-04/SumerMoney_exp.sol -vvv
Contract
SumerMoney_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1778986926705672698
20240412 GROKD - lack of access control
Lost: $~150 BNB
forge test --contracts ./src/test/2024-04/GROKD_exp.sol -vvv
Contract
GROKD_exp.sol
Link reference
https://x.com/hipalex921/status/1778482890705416323?t=KvvG83s7SXr9I55aftOc6w&s=05
20240410 BigBangSwap - precission loss
Lost: $~5K $BUSD
forge test --contracts ./src/test/2024-04/BigBangSwap_exp.sol -vvv
Contract
BigBangSwap_exp.sol
Link reference
https://x.com/ChainAegis/status/1778254222288621912
20240409 UPS - business logic flaw
Lost: $~28K USD
forge test --contracts ./src/test/2024-04/UPS_exp.sol -vvv
Contract
UPS_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1777589021058728214
20240408 SQUID - sandwich attack
Lost: $~87K USD
forge test --contracts ./src/test/2024-04/SQUID_exp.sol -vvv
Contract
SQUID_exp.sol
Link reference
https://twitter.com/bbbb/status/1777228277415039304
20240404 wsm - manipulating price
Lost: $~18K USD
forge test --contracts ./src/test/2024-04/WSM_exp.sol -vvv
Contract
WSM_exp.sol
Link reference
https://hacked.slowmist.io/#:~:text=Hacked%20target%3A%20Wall%20Street%20Memes
20240402 HoppyFrogERC - business logic flaw
Lost: ~0.3 ETH
forge test --contracts ./src/test/2024-04/HoppyFrogERC_exp.sol -vvv --evm-version shanghai
Contract
HoppyFrogERC_exp.sol
Link reference
https://x.com/ChainAegis/status/1775351437410918420
20240401 ATM - business logic flaw
Lost: $~182K USD
forge test --contracts ./src/test/2024-04/ATM_exp.sol -vvv
Contract
ATM_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1775008489569718508
20240401 OpenLeverage - business logic flaw
Lost: ~234K
forge test --contracts src/test/2024-04/OpenLeverage2_exp.sol -vvv
Contract
OpenLeverage2_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1774727539975672136
20240329 ETHFIN - lack of access control
Lost: ~$1.24K (2.13 BNB)
forge test --contracts ./src/test/2024-03/ETHFIN_exp.sol -vvv --evm-version shanghai
Contract
ETHFIN_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0xfe031685d84f3bae1785f5b2bd0ed480b87815c3f23ce6ced73b8573b7e367c6
20240329 PrismaFi - Insufficient Validation
Lost: $~11M
forge test --contracts ./src/test/2024-03/Prisma_exp.sol -vvv
Contract
Prisma_exp.sol
Link reference
https://twitter.com/EXVULSEC/status/1773371049951797485
20240328 LavaLending - Business Logic Flaw
Lost: ~340K
forge test --contracts src/test/2024-03/LavaLending_exp.sol -vvv
Contract
LavaLending_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1774727539975672136
https://twitter.com/Phalcon_xyz/status/1773546399713345965
https://hackmd.io/@LavaSecurity/03282024
20240325 ZongZi - Price Manipulation
Lost: ~223K
forge test --contracts src/test/2024-03/ZongZi_exp.sol -vvv
Contract
ZongZi_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1772195949638775262
20240323 CGT - Incorrect Access Control
Lost: 996B (CGT token)
forge test --contracts ./src/test/2024-03/CGT_exp.sol -vvv
Contract
CGT_exp.sol
Link reference
https://x.com/AnciliaInc/status/1771598968448745536
20240321 SSS - Token Balance Doubles on Transfer to self
Lost: 4.8M
forge test --contracts ./src/test/2024-03/SSS_exp.sol -vvv
Contract
SSS_exp.sol
Link reference
https://twitter.com/dot_pengun/status/1770989208125272481
20240324 ARK - business logic flaw
Lost: ~348BNB
forge test --contracts src/test/2024-03/ARK_exp.sol -vvv
Contract
ARK_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1771728823534375249
20240320 Paraswap - Incorrect Access Control
Lost: ~24K
forge test --contracts src/test/2024-03/Paraswap_exp.sol -vvv --evm-version shanghai
Contract
Paraswap_exp.sol
Link reference
https://medium.com/neptune-mutual/analysis-of-the-paraswap-exploit-1f97c604b4fe
20240314 MO - business logic flaw
Lost: ~413k USDT
forge test --contracts src/test/2024-03/MO_exp.sol -vvv
Contract
MO_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1768184024483430523
20240313 IT - business logic flaw
Lost: ~13k USDT
forge test --via-ir --contracts src/test/2024-03/IT_exp.sol -vvv
Contract
IT_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1768171595561046489
20240312 BBT - business logic flaw
Lost: ~5.06 ETH
forge test --contracts src/test/2024-03/BBT_exp.sol -vvv
Contract
BBT_exp.sol
Link reference
https://x.com/8olidity/status/1767470002566058088
20240311 Binemon - precission-loss
Lost: ~0.2 BNB
forge test --contracts src/test/2024-03/Binemon_exp.sol -vvv
Contract
Binemon_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0x1999bb5c11a8d8bfa7620fc5cc37f5bc59c1a99d7a9250a8d6076c93bbdbeb5f
20240309 Juice - Business Logic Flaw
Lost: ~54 ETH
forge test --contracts ./src/test/2024-03/Juice_exp.sol -vvv --evm-version shanghai
Contract
Juice_exp.sol
Link reference
https://medium.com/@juicebotapp/juice-staking-exploit-next-steps-95e218b3ec71
20240309 UnizenIO - unverified external call
Lost: ~2M
forge test --contracts src/test/2024-03/UnizenIO_exp.sol -vvvv
Contract
UnizenIO_exp.sol | UnizenIO2_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1766274000534004187
https://twitter.com/AnciliaInc/status/1766261463025684707
20240307 GHT - Business Logic Flaw
Lost: ~57K
forge test --contracts ./src/test/2024-03/GHT_exp.sol -vvv
Contract
GHT_exp.sol
Link reference
20240306 ALP - Public internal function
Lost: ~10K
Testing
forge test --contracts ./src/test/2024-03/ALP_exp.sol -vvv
Contract
ALP_exp.sol
Link Reference
https://twitter.com/0xNickLFranklin/status/1765296663667875880
20240306 TGBS - Business Logic Flaw
Lost: ~150K
forge test --contracts ./src/test/2024-03/TGBS_exp.sol -vvv
Contract
TGBS_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1765290290083144095
https://twitter.com/Phalcon_xyz/status/1765285257949974747
20240305 Woofi - Price Manipulation
Lost: ~8M
forge test --contracts ./src/test/2024-03/Woofi_exp.sol -vvv
Contract
Woofi_exp.sol
Link reference
https://twitter.com/spreekaway/status/1765046559832764886
https://twitter.com/PeckShieldAlert/status/1765054155478175943
20240228 Seneca - Arbitrary External Call Vulnerability
Lost: ~6M
forge test --contracts ./src/test/2024-02/Seneca_exp.sol -vvv
Contract
Seneca_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1763045563040411876
20240228 SMOOFSStaking - Reentrancy
Lost: Unclear
forge test --contracts ./src/test/2024-02/SMOOFSStaking_exp.sol -vvv
Contract
SMOOFSStaking_exp.sol
Link reference
https://twitter.com/AnciliaInc/status/1762893563103428783
https://twitter.com/0xNickLFranklin/status/1762895774311178251
20240223 Zoomer - Business Logic Flaw
Lost: ~14 ETH
forge test --contracts ./src/test/2024-02/Zoomer_exp.sol -vvv --evm-version "shanghai"
Contract
Zoomer_exp.sol
Link reference
https://x.com/ChainAegis/status/1761246415488225668
20240223 CompoundUni - Oracle bad price
Lost: ~439,537 USD
forge test --contracts ./src/test/2024-02/CompoundUni_exp.sol -vvv
Contract
CompoundUni_exp.sol
Link reference
https://twitter.com/0xLEVI104/status/1762092203894276481
20240223 BlueberryProtocol - logic flaw
Lost: ~1,400,000 USD
forge test --contracts ./src/test/2024-02/BlueberryProtocol_exp.sol -vvv
Contract
BlueberryProtocol_exp.sol
Link reference
https://twitter.com/blueberryFDN/status/1760865357236211964
20240222 SwarmMarkets - lack of validation
Lost: ~7k $DAI
forge test --contracts ./src/test/2024-02/SwarmMarkets_exp.sol -vvv
Contract
SwarmMarkets_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/eth/0xa4d7ee2ddb9db06961a17e2a5ae71743a266bcb720be138670f4a10e8dfc13e9
20240221 DeezNutz 404 - lack of validation
Lost: ~170k
forge test --contracts ./src/test/2024-02/DeezNutz404_exp.sol -vvv
Contract
DeezNutz404_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1760481343161700523
20240221 GAIN - bad function implementation
Lost: ~6.4 ETH
forge test --contracts ./src/test/2024-02/GAIN_exp.sol -vvv
Contract
GAIN_exp.sol
Link reference
https://twitter.com/0xNickLFranklin/status/1760559768241160679
20240220 EGGX - reentrancy
Lost: ~2 ETH
forge test --contracts ./src/test/2024-02/EGGX_exp.sol -vvv
Contract
EGGX_exp.sol
Link reference
https://x.com/PeiQi_0/status/1759826303044497726
20240219 RuggedArt - reentrancy
Lost: ~10k
forge test --contracts ./src/test/2024-02/RuggedArt_exp.sol -vvv
Contract
RuggedArt_exp.sol
Link reference
https://twitter.com/EXVULSEC/status/1759822545875025953
20240216 ParticleTrade - lack of validation data
Lost: ~50k
forge test --contracts ./src/test/2024-02/ParticleTrade_exp.sol -vvv
Contract
ParticleTrade_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1758028270770250134
20240215 DualPools - precision truncation
Lost: ~42k
forge test --contracts ./src/test/2024-02/DualPools_exp.sol -vvvv
Contract
DualPools_exp.sol
Link reference
https://medium.com/@lunaray/dualpools-hack-analysis-5209233801fa
20240215 Babyloogn - lack of validation
Lost: ~2 $BNB
forge test --contracts ./src/test/2024-02/Babyloogn_exp.sol -vvvv
Contract
Babyloogn_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0xd081d6bb96326be5305a6c00dd51d1799971794941576554341738abc1ceb202
20240215 Miner - lack of validation dst address
Lost: ~150k
forge test --contracts ./src/test/2024-02/Miner_exp.sol -vvv --evm-version shanghai
Contract
Miner_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1757777340002681326
20240213 MINER - Price Manipulation
Lost: ~3.5 WBNB
forge test --contracts ./src/test/2024-02/MINER_bsc_exp.sol -vvv --evm-version shanghai
Contract
MINER_bsc_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0x15ab671c9bf918fa4b6a9eed9ccb527f32aca40e926ede2aec2c84dfa9c30512?line=6
20240211 Game - Reentrancy && Business Logic Flaw
Lost: ~20 ETH
forge test --contracts ./src/test/2024-02/Game_exp.sol -vvv
Contract
Game_exp.sol
Link reference
https://twitter.com/AnciliaInc/status/1757533144033739116
20240210 FILX DN404 - Access Control
Lost: 200K
forge test --contracts ./src/test/2024-02/DN404_exp.sol -vvv
Contract
DN404_exp.sol
20240208 Pandora - interger underflow
Lost: ~17K USD
forge test --contracts ./src/test/2024-02/PANDORA_exp.sol -vvv
Contract
PANDORA_exp.sol
Link reference
https://twitter.com/pennysplayer/status/1766479470058406174
20240205 BurnsDefi - Price Manipulation
Lost: ~67K
forge test --contracts ./src/test/2024-02/BurnsDefi_exp.sol -vvv
Contract
BurnsDefi_exp.sol
Link reference
https://twitter.com/pennysplayer/status/1754342573815238946
https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408 (similar incident)
20240202 ADC - incorrect-access-control
Lost: ~20 eth
forge test --contracts ./src/test/2024-02/ADC_exp.sol -vvv
Contract
ADC_exp.sol
Link reference
https://x.com/EXVULSEC/status/1753294675971313790
20240201 AffineDeFi - lack of validation userData
Lost: ~88K
forge test --contracts ./src/test/2024-02/AffineDeFi_exp.sol -vvv
Contract
AffineDeFi_exp.sol
Link reference
https://twitter.com/Phalcon_xyz/status/1753020812284809440
https://twitter.com/CyversAlerts/status/1753040754287513655
20240130 XSIJ - Business Logic Flaw
Lost: ~51K USD
forge test --contracts ./src/test/2024-01/XSIJ_exp.sol -vvv
Contract
XSIJ_exp.sol
Link reference
https://x.com/CertiKAlert/status/1752384801535918264
20240130 MIMSpell - Precission Loss
Lost: ~6,5M
forge test --contracts ./src/test/2024-01/MIMSpell2_exp.sol -vvv
Contract
MIMSpell2_exp.sol
Link reference
https://twitter.com/kankodu/status/1752581744803680680
https://twitter.com/Phalcon_xyz/status/1752278614551216494
https://twitter.com/peckshield/status/1752279373779194011
https://phalcon.blocksec.com/explorer/security-incidents
20240129 PeapodsFinance - Reentrancy
Lost: ~1K $DAI
forge test --contracts ./src/test/2024-01/PeapodsFinance_exp.sol -vvv
Contract
PeapodsFinance_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/eth/0x95c1604789c93f41940a7fd9eca11276975a9a65d250b89a247736287dbd2b7e
20240128 BarleyFinance - Reentrancy
Lost: ~130K
forge test --contracts ./src/test/2024-01/BarleyFinance_exp.sol -vvv
Contract
BarleyFinance_exp.sol
Link reference
https://phalcon.blocksec.com/explorer/security-incidents
https://www.bitget.com/news/detail/12560603890246
https://twitter.com/Phalcon_xyz/status/1751788389139992824
20240127 CitadelFinance - Price Manipulation
Lost: ~93K
forge test --contracts ./src/test/2024-01/CitadelFinance_exp.sol -vvv
Contract
CitadelFinance_exp.sol
Link reference
https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408
20240125 NBLGAME - Reentrancy
Lost: ~180K
forge test --contracts ./src/test/2024-01/NBLGAME_exp.sol -vvv
Contract
NBLGAME_exp.sol
Link reference
https://twitter.com/SlowMist_Team/status/1750526097106915453
https://twitter.com/AnciliaInc/status/1750558426382635036
20240122 DAO_SoulMate - Incorrect Access Control
Lost: ~319K
forge test --contracts ./src/test/2024-01/DAO_SoulMate_exp.sol -vvv --evm-version 'shanghai'
Contract
DAO_SoulMate_exp.sol
Link reference
https://twitter.com/MetaSec_xyz/status/1749743245599617282
20240117 BmiZapper - Arbitrary external call vulnerability
Lost: ~114K
forge test --contracts ./src/test/2024-01/Bmizapper_exp.sol -vvv
Contract
BmiZapper_exp.sol
Link reference
https://x.com/0xmstore/status/1747756898172952725
20240115 Shell_MEV_0xa898 - lack of access control
Lost: ~1K $BUSD
forge test --contracts ./src/test/2024-01/Shell_MEV_0xa898_exp.sol -vvv
Contract
Shell_MEV_0xa898_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0x24f114c0ef65d39e0988d164e052ce8052fe4a4fd303399a8c1bb855e8da01e9
20240112 SocketGateway - Lack of calldata validation
Lost: ~3.3Million $
forge test --contracts ./src/test/2024-01/SocketGateway_exp.sol -vvv --evm-version shanghai
Contract
SocketGateway_exp.sol
Link reference
https://twitter.com/BeosinAlert/status/1747450173675196674
https://twitter.com/peckshield/status/1747353782004900274
20240112 WiseLending - Bad HealthFactor Check
Lost: ~464K
forge test --contracts ./src/test/2024-01/WiseLending02_exp.sol -vvv --evm-version shanghai
Contract
WiseLending02_exp.sol
Link reference
https://twitter.com/danielvf/status/1746303616778981402
20240110 Freedom - lack of access control
Lost: 74 $WBNB
forge test --contracts src/test/2024-01/Freedom_exp.sol -vvv
Contract
Freedom_exp.sol
Link reference
https://app.blocksec.com/explorer/tx/bsc/0x309523343cc1bb9d28b960ebf83175fac941b4a590830caccff44263d9a80ff0
20240110 LQDX - Unauthorized TransferFrom
Lost: unknown
forge test --contracts src/test/2024-01/LQDX_alert_exp.sol -vvv
Contract
LQDX_alert_exp.sol
Link reference
https://twitter.com/SlowMist_Team/status/1744972012865671452
20240104 Gamma - Price manipulation
Lost: ~6.3M
forge test --contracts ./src/test/2024-01/Gamma_exp.sol -vvv
Contract
Gamma_exp.sol
Link reference
https://twitter.com/officer_cia/status/1742772207997050899
https://twitter.com/shoucccc/status/1742765618984829326
20240102 MIC - Business Logic Flaw
Lost: ~500K
forge test --contracts ./src/test/2024-01/MIC_exp.sol -vvv
Contract
MIC_exp.sol
Link reference
https://x.com/MetaSec_xyz/status/1742484748239536173
20240102 RadiantCapital - Loss of Precision
Lost: ~4,5M
forge test --contracts ./src/test/2024-01/RadiantCapital_exp.sol -vvv
Contract
RadiantCapital_exp.sol
Link reference
https://neptunemutual.com/blog/how-was-radiant-capital-exploited/
https://twitter.com/BeosinAlert/status/1742389285926678784
20240101 OrbitChain - Incorrect input validation
Lost: ~81M
forge test --contracts ./src/test/2024-01/OrbitChain_exp.sol -vvv
Contract
OrbitChain_exp.sol
Link reference
https://blog.solidityscan.com/orbit-chain-hack-analysis-b71c36a54a69
View Gas Reports
Foundry also has the ability to report the gas
used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.
Every poc in this repository can produce a gas report like this:
forge test --gas-report --contracts <contract> -vvv
For Example:
Let us find out the gas used in the Audius poc
Execution
forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv
Demo
Bug Reproduce
Moved to DeFiVulnLabs
FlashLoan Testing
Moved to DeFiLabs