Awesome

DeFi Hacks Reproduce - Foundry

Reproduce DeFi hack incidents using Foundry.

539 incidents included.

Let's make Web3 secure! Join Discord

Notion: 101 root cause analysis of past DeFi hacked incidents

Disclaimer: This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.

Getting Started

Follow the instructions to install Foundry.
Clone and install dependencies:git submodule update --init --recursive
Contributing Guidelines

Web3 Cybersecurity Academy

All articles are also published on Substack.

OnChain transaction debugging

Lesson 1: Tools ( English | 中文 | Vietnamese | Korean | Spanish )
Lesson 2: Warm up ( English | 中文 | Korean | Spanish )
Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( English | 中文 | Korean | Spanish )
Lesson 4: Write Your Own PoC (MEV Bot) ( English | 中文 | Korean | Spanish )
Lesson 5: Rugpull Analysis ( English | 中文 | Spanish )
Lesson 6: Write Your Own PoC (Reentrancy) ( English | 中文 | Spanish )
Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( English | 中文 | Spanish )

Who Support Us? DeFiHackLabs Received Grant From

Donate us

If you appreciate our work, please consider donating. Even a small amount helps us continue developing and improving our projects, and promoting web3 security.

Gitcoin - Donate DeFiHackLabs
EVM Chains - 0xD7d6215b4EF4b9B5f40baea48F41047Eb67a11D5
Giveth

List of Past DeFi Incidents

20241026 CompoundFork

20241022 Erc20transfer

20240926 Bedrock_DeFi

20240924 MARA

20240923 Bankroll_Network

20240913 OTSeaStaking

20240910 Caterpillar_Coin_CUT

20240903 Penpiexyz_io

20240816 Zenterest

20240816 OMPxContract

20240724 Spectra_finance

20240723 MEVbot_0xdd7c

20240716 Lifiprotocol

20240703 UnverifiedContr_0x452E25

20240531 Liquiditytokens

20240531 MixedSwapRouter

20240529 SCROLL

20240529 MetaDragon

20240528 Tradeonorion

20240514 Sonne Finance

20240514 PredyFinance

20240419 HedgeyFinance

20240417 UnverifiedContr_0x00C409

20240416 SATX

20240416 MARS_DEFI

20240415 GFA

20240415 ChaingeFinance

20240402 HoppyFrogERC

20240401 ATM

20240401 OpenLeverage

20240228 SMOOFSStaking

20240223 Zoomer

20240223 CompoundUni

20240223 BlueberryProtocol

20240222 SwarmMarkets

20240216 ParticleTrade

20240129 PeapodsFinance

20240128 BarleyFinance

20240127 CitadelFinance

20240125 NBLGAME

20240122 DAO_SoulMate

20240117 BmiZapper

20240117 SocketGateway

20240115 Shell_MEV_0xa898

20240102 RadiantCapital

20240101 OrbitChain

20231231 Channels BUSD&USDC

20231230 ChannelsFinance

20231228 CCV

20231228 DominoTT

20231225 Telcoin

20231222 PineProtocol

20231220 TransitFinance

20231217 Bob

20231217 FloorProtocol

20231211 GoodCompound

20231209 BCT

20231207 HNet

20231206 TIME

20231206 ElephantStatus

20231205 MAMO

20231205 BEARNDAO

20231202 bZxProtocol

20231201 UnverifiedContr_0x431abb

20231130 EEE

20231130 CAROLProtocol

20231117 Token8633_9419

20231106 TheStandard_io

20231106 KR

20231102 BRAND

20231102 3913Token

20231101 SwampFinance

20231101 OnyxProtocol

20231031 UniBotRouter

20231030 LaEeb

20231028 AstridProtocol

20231024 MaestroRouter2

20231022 OpenLeverage

20230930 FireBirdPair

20230818 ExactlyProtocol

20230814 ZunamiProtocol

20230809 EarningFram

20230802 CurveBurner

20230802 Uwerx

20230801 NeutraFinance

20230723 MintoFinance

20230722 ConicFinance02

20230721 ConicFinance

20230715 USDTStakingContract28

20230712 Platypus

20230712 WGPT

20230711 RodeoFinance

20230704 BaoCommunity

20230627 UnverifiedContr_9ad32

20230627 STRAC

20230623 SHIDO

20230621 BabyDogeCoin02

20230621 BUNN

20230620 MIM

20230619 Contract_0x7657

20230618 ARA

20230617 MidasCapitalXYZ

20230617 Pawnfi

20230615 CFC

20230615 DEPUSDT_LEVUSDC

20230612 Sturdy Finance

20230611 SellToken04

20230607 CompounderFinance

20230606 VINU

20230606 UN

20230602 NST SimpleSwap

20230601 DDCoin

20230601 Cellframenet

20230531 ERC20TokenBank

20230529 Jimbo

20230529 BabyDogeCoin

20230415 HundredFinance

20230413 yearnFinance

20230328 SafeMoon Hack

20230328 THENA

20230325 DBW

20230322 BIGFI

20230317 ParaSpace NFT

20230315 Poolz

20230313 EulerFinance

20230218 RevertFinance

20230217 Starlink

20230217 Dexible

20230217 Platypusdefi

20230203 Orion Protocol

20230203 Spherax USDs

20230202 BonqDAO

20230130 BEVO

20230126 TomInu Token

20230119 SHOCO Token

20230119 ThoreumFinance

20230118 QTN Token

20230118 UPS Token

20230117 OmniEstate

20230116 MidasCapital

</details> <details> <summary> 2022 </summary>

20221211 MEVbot_0x28d9

20221119 AnnexFinance

20221027 Team Finance

20221026 N00d Token

20221025 ULME

20221024 Market

20221024 MulticallWithoutCheck

20221021 OlympusDAO

20221020 HEALTH Token

20221014 EFLeverVault

20221014 MEVBOT a47b

20221012 ATK

20221011 Rabby Wallet SwapRouter

20221011 Templedao

20221010 Carrot

20221009 Xave Finance

20221006 RES-Token

20221002 Transit Swap

20221001 BabySwap

20221001 RL

20221001 Thunder Brawl

20220929 BXH

20220928 MEVBOT Badc0de

20220923 RADT-DAO

20220913 MevBot Private TX

20220909 DPC

20220908 YYDS

20220908 NewFreeDAO

20220908 Ragnarok Online Invasion

20220906 NXUSD

20220905 ZoomproFinance

20220902 ShadowFi

20220902 Bad Guys by RPF

20220828 DDC

20220824 LuckyTiger NFT

20220816 Circle_2

20220813 Circle

20220810 XSTABLE Protocol

20220802 Nomad Bridge

20220801 Reaper Farm

20220725 LPC

20220723 Audius

20220713 SpaceGodzilla

20220710 Omni NFT

20220706 FlippazOne NFT

20220701 Quixotic - Optimism NFT Marketplace

20220626 XCarnival

20220624 Harmony's Horizon Bridge

20220618 SNOOD

20220616 InverseFinance

20220608 GYMNetwork

20220608 Optimism - Wintermute

20220606 Discover

20220529 NOVO Protocol

20220524 HackDao

20220517 ApeCoin

20220508 Fortress Loans

20220430 Saddle Finance

20220430 Rari Capital/Fei Protocol

20220428 DEUS DAO

20220424 Wiener DOGE

20220423 Akutar NFT

20220421 Zeed Finance

20220416 BeanstalkFarms

20220415 Rikkei Finance

20220412 ElephantMoney

20220411 Creat Future

20220409 GYMNetwork

20220329 Ronin Network

20220329 Redacted Cartel

20220327 Revest Finance

20220326 Auctus

20220322 CompoundTUSDSweepTokenBypass

20220321 OneRing Finance

20220320 LI.FI

20220320 Umbrella Network

20220315 Agave Finance

20220315 Hundred Finance

20220313 Paraluni

20220309 Fantasm Finance

20220305 Bacon Protocol

20220303 TreasureDAO

20220214 BuildFinance - DAO

20220208 Sandbox LAND

20220205 Meter

20220204 TecraSpace

20220128 Qubit Finance

20220118 Multichain (Anyswap)

</details> <details> <summary> 2021 </summary>

20211221 Visor Finance

20211218 Grim Finance

20211214 Nerve Bridge

20211130 MonoX Finance

20211123 Ploutoz Finance

20211027 Cream Finance

20211015 Indexed Finance

20210916 SushiSwap Miso

20210915 Nimbus Platform

20210915 NowSwap Platform

20210912 ZABU Finance

20210903 DAO Maker

20210830 Cream Finance

20210817 XSURGE

20210811 Poly Network

20210804 WaultFinance

20210728 Levyathan Finance

20210710 Chainswap

20210702 Chainswap

20210628 SafeDollar

20210625 xWin Finance

20210622 Eleven Finance

20210607 88mph NFT

20210603 PancakeHunny

20210527 JulSwap

20210527 BurgerSwap

20210519 PancakeBunny

20210516 bEarn

20210508 Rari Capital

20210305 Paid Network

20210204 Yearn YDai

20210125 Sushi Badger Digg

</details> <details> <summary> Before 2020 </summary>

20201229 Cover Protocol

20201121 Pickle Finance

20201026 Harvest Finance

20200912 bzx

20200804 Opyn Protocol

20200628 Balancer Protocol

20200618 Bancor Protocol

20180422 Beauty Chain

20171106 Parity - 'Accidentally Killed It'

</details>

Transaction debugging tools

List of DeFi Hacks & POCs

20241026 CompoundFork - Flashloan attack

Lost: $1M

forge test --contracts ./src/test/2024-10/CompoundFork_exploit.sol -vvv --evm-version shanghai

Contract

CompoundFork_exploit.sol

Link reference

https://x.com/Phalcon_xyz/status/1849636437349527725,https://app.blocksec.com/explorer/tx/base/0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e

20241022 Erc20transfer - Access Control

Lost: $14,773.35

forge test --contracts ./src/test/2024-10/Erc20transfer_exp.sol -vvv

Contract

Erc20transfer_exp.sol

Link reference

https://x.com/d23e_AG/status/1849064161017225645

20241022 Vista - flashmint receive error

Lost: $28,000

forge test --contracts ./src/test/2024-10/VISTA_exp.sol -vvv --evm-version cancun

Contract

VISTA_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1848403791881900130

20241013 MorphoBlue - Overpriced Asset in Oracle

Lost: $230,000

forge test --contracts ./src/test/2024-10/MorphoBlue_exp.sol -vvv --evm-version shanghai

Contract

MorphoBlue_exp.sol

Link reference

https://x.com/omeragoldberg/status/1845515843787960661

20241011 P719Token - Price Manipulation Inflate Attack

Total Lost : 547.18 BNB (~$312K USD)

forge test --match-contract P719Token_exp -vvv

Contract

P719Token_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1844753750386426182

20241006 SASHAToken - Price Manipulation

Total Lost : 249 ETH (~$600K USD)

forge test --match-contract SASHAToken_exp -vvv

Contract

SASHAToken_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1842864840265883833

20241010 HYDT - Oracle Price Manipulation

Total Lost : 5.8k USDT

forge test --contracts ./src/test/2024-10/HYDT_exp.sol -vvv --evm-version cancun

Contract

HYDT_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1844241843518951451

20241005 AIZPTToken - Wrong Price Calculation

Total Lost : 34.88 BNB (~$20K USD)

forge test --match-contract AIZPTToken_exp -vvv

Contract

AIZPTToken_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1842576732047700077

20241001 FireToken - Pair Manipulation With Transfer Function

Lost: 8.45 ETH (~$20K USD)

forge test --contracts ./src/test/2024-10/FireToken_exp.sol -vvv

Contract

FireToken_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1841305965750350089

20241002 LavaLending - Price Manipulation

Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)

forge test --match-contract LavaLending_exp -vvv

Contract

LavaLending_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1841823216425435308

https://nickfranklin.site/2024/10/03/unknown-lending-project-hacked-due-to-price-oracle-manipulation/

20240926 OnyxDAO - Fake Market

Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)

forge test --match-contract OnyxDAO_exp -vvv

Contract

OnyxDAO_exp.sol

Link reference

https://x.com/peckshield/status/1839302663680438342

20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function

Lost: 27.83925883 BTC (~$1.7M USD)

forge test --match-contract Bedrock_DeFi_exp -vvv

Contract

Bedrock_DeFi_exp.sol

Link reference

https://x.com/certikalert/status/1839403126694326374

20240924-MARA---price-manipulation

Lost: ~8.8 WBNB (~5.3K USD)

forge test --match-contract MARA_exp -vvv

Contract

MARA_exp.sol

Link reference

https://bscscan.com/tx/0x0fe3716431f8c2e43217c3ca6d25eed87e14d0fbfa9c9ee8ce4cef2e5ec4583c

20240923 Bankroll_Network - Incorrect input validation

Lost: ~404 WBNB (~234.8K USD)

forge test --match-contract Bankroll_exp -vvv

Contract

Bankroll_exp.sol

Link reference

https://x.com/Phalcon_xyz/status/1838042368018137547

20240913 OTSeaStaking - Logic Flaw

Lost: 26k

forge test --match-contract OTSeaStaking_exp -vvv

Contract

OTSeaStaking_exp.sol

Link reference

Nick Franklin: https://nickfranklin.site/2024/09/13/otsea-staking-hacked/

20240910 Caterpillar_Coin_CUT - Price Manipulation

Lost: ~1.4M USD

forge test --match-contract Caterpillar_Coin_CUT_exp -vvv --evm-version shanghai

Contract

Caterpillar_Coin_CUT_exp.sol

Link reference

https://www.certik.com/zh-CN/resources/blog/caterpillar-coin-cut-token-incident-analysis

20240903 Penpiexyz_io - Reentrancy and Reward Manipulation

Lost: 11,113.6 ETH (~$27,348,259 USD)

forge test --match-contract Penpiexyzio_exp -vvv --evm-version shanghai

Contract

Penpiexyzio_exp.sol

Link reference

https://x.com/peckshield/status/1831072098669953388

https://x.com/AnciliaInc/status/1831080555292856476

https://x.com/hackenclub/status/1831383106554573099

post-morten: https://x.com/Penpiexyz_io/status/1831462760787452240

20240828 AAVE - Arbitrary Call Error

Lost: 52000

forge test --match-contract AAVE_Repay_Adapter -vvv

Contract

AAVE_Repay_Adapter.sol

Link reference

https://www.vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar

20240816 Zenterest - Price Out Of Date

Lost: ~21000 USD

forge test --match-contract Zenterest_exp -vvvv --evm-version shanghai

Contract

Zenterest_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1824579761383018564

20240816 OMPx Contract - FlashLoan

Lost: 4.37 ETH (~11527 USD)

forge test --match-contract OMPxContract_exp -vvv

Contract

OMPxContract_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1820816386551357448

20240814 NoName - Arbitrary Call

Lost: ~5k

forge test --match-contract YodlRouter_exp -vvv

Contract

YodlRouter_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1823601087011807636

20240813 VOW - Misconfiguration

Lost: ~ 1M USD

forge test --match-contract VOW_exp -vvv

Contract

VOW_exp.sol

Link reference

https://x.com/Vowcurrency/status/1823407231658025300

20240812 iVest - Business logic flaw

Lost: ~338 WBNB

forge test --match-contract IvestDao_exp -vvv

Contract

IvestDao_exp.sol

Link reference

https://x.com/AnciliaInc/status/1822870201698050064

20240806 Novax - Price Manipulation

Lost: ~25K USD

forge test --match-contract NovaXM2E_exp -vvv

Contract

NovaXM2E_exp.sol

Link reference

https://x.com/EXVULSEC/status/1820676684410147276

20240801 Convergence - Incorrect input validation

Lost: ~200K USD

forge test --match-contract Convergence_exp -vvvv --evm-version cancun

Contract

Convergence_exp.sol

Link reference

https://x.com/DecurityHQ/status/1819030089012527510

20240724 Spectra_finance - Incorrect input validation

Lost: ~73K USD

forge test --match-contract Spectra_finance_exp -vvv

Contract

Spectra_finance_exp.sol

Link reference

https://x.com/shoucccc/status/1815981585637990899

20240723 MEVbot_0xdd7c - Incorrect input validation

Lost: ~18k USD

forge test --match-contract -vvv --evm-version cancun

Contract

MEVbot_0xdd7c_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1815656653100077532

20240716 Lifiprotocol - Incorrect input validation

Lost: ~10M USD

forge test --match-contract Lifiprotocol_exp -vvv

Contract

Lifiprotocol_exp.sol

Link reference

https://x.com/danielvf/status/1505689981385334784

20240714 Minterest - Reentrancy

Lost: ~427 ETH

forge test --match-contract Minterest_exp -vvv

Contract

Minterest_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1813122959219040323

20240712 DoughFina - Incorrect input validation

Lost: ~1.8M USD

forge test --match-contract DoughFina_exp -vvv

Contract

DoughFina_exp.sol

Link reference

https://x.com/CertiKAlert/status/1811668992882307478

20240711 SBT - business logic flaw

Lost: ~56K USD

forge test --match-contract SBT_exp -vvv

Contract

SBT_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1811401263969673654

20240711 GAX - Lack of access control

Lost: ~50K $BUSD

forge test --match-contract GAX_exp -vvv

Contract

GAX_exp.sol

Link reference

https://x.com/EXVULSEC/status/1811348160851378333

20240708 LW - Integer Underflow

Lost: ~7K USD

forge test --match-contract LW_exp -vvv

Contract

LW_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1810245893490368820

20240705 DeFiPlaza - loss of precision

Lost: ~200K USD

forge test --match-contract DeFiPlaza_exp -vvv

Contract

DeFiPlaza_exp.sol

Link reference

https://x.com/DecurityHQ/status/1809222922998808760

20240703 UnverifiedContr_0x452E25 - lack-of-access-control

Lost: 27 ETH

forge test --match-contract UnverifiedContr_0x452E25_exp -vvv --evm-version "cancun"

Contract

UnverifiedContr_0x452E25_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1808334870650970514

20240702 MRP - Reentrancy

Lost: 17 BNB

forge test --match-contract MRP_exp -vvv

Contract

MRP_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1808309614443733005

20240628 Will - business logic flaw

Lost: $52K

forge test --match-contract Will_exp -vvv --evm-version "shanghai"

Contract

Will_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1806704287252394238

20240627 APEMAGA - business logic flaw

Lost: ~9 ETH

forge test --match-contract APEMAGA_exp -vvv --evm-version "shanghai"

Contract

APEMAGA_exp.sol

Link reference

https://x.com/ChainAegis/status/1806297556852601282

20240618 INcufi - business logic flaw

Lost: ~59K USD

forge test --match-contract INcufi_exp -vvv

Contract

INcufi_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1803317022513832301

20240617 Dyson_money - business logic flaw

Lost: 52 BNB

forge test --match-contract Dyson_money_exp -vvv

Contract

Dyson_money_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1802634237667054052

20240616 WIFCOIN_ETH - business logic flaw

Lost: ~3.4 ETH (WIF token)

forge test --match-contract WIFCOIN_ETH_exp -vvv --evm-version "shanghai"

Contract

WIFCOIN_ETH_exp.sol

Link reference

https://x.com/ChainAegis/status/1802550962977964139

20240616 Crb2 - business logic flaw

Lost: ~15K

forge test --match-contract Crb2_exp -vvv --evm-version shanghai

Contract

Crb2_exp.sol

Link reference

20240611 JokInTheBox - business logic flaw

Lost: ~9.2 ETH

forge test --match-contract JokInTheBox_exp -vvv --evm-version cancun

Contract

JokInTheBox_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1800355604692910571

20240610 Bazaar - Insufficient Permission Check

Lost: 1.4M

forge test --match-contract Bazaar_exp -vvv

Contract

Bazaar_exp.sol

Link reference

https://x.com/shoucccc/status/1800353122159833195

20240608 YYStoken - Business Logic Flaw

Lost: $28K

forge test --match-contract YYS_exp -vv

Contract

YYS_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1799610045589831833

20240606 SteamSwap - Logic Flaw

Lost: ~$91k

forge test --match-contract SteamSwap_exp -vvv --evm-version shanghai

Contract

SteamSwap_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1798905797440897386

20240606 MineSTM - Business Logic Flaw

Lost: $13.8K

forge test --match-contract MineSTM_exp -vv

Contract

MineSTM_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1798920774511898862

20240604 NCD - Business Logic Flaw

Lost: $6.4K

forge test --match-contract NCD_exp -vv

Contract

NCD_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1797821034319765604

20240601 VeloCore - lack-of-access-control

Lost: $6.88M

forge test --match-contract Velocore_exp -vv

Contract

Velocore_exp.sol

Link reference

https://x.com/BeosinAlert/status/1797247874528645333

20240531 Liquiditytokens - Business Logic Flaw

Lost: ~200K USD

forge test --match-contract Liquiditytokens_exp -vvv

Contract

Liquiditytokens_exp.sol

Link reference

https://x.com/EXVULSEC/status/1796499069583724638

20240531 MixedSwapRouter - Arbitrary Call

Lost: >10700USD(WINR token)

forge test --match-contract MixedSwapRouter_exp -vvv

Contract

MixedSwapRouter_exp.sol

Link reference

https://x.com/ChainAegis/status/1796484286738227579

20240529 SCROLL - Integer Underflow

Lost: 76 ETH

forge test --match-contract SCROLL_exp -vvv

Contract

SCROLL_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1795650745448169741

20240529 MetaDragon - Lack of Access Control

Lost: ~ $180k

forge test --match-contract MetaDragon_exp -vvvvv --evm-version shanghai

Contract

MetaDragon_exp.sol

Link reference

https://x.com/Phalcon_xyz/status/1795746828064854497

20240528 Tradeonorion - Business Logic Flaw

Lost: ~645K

forge test --match-contract Tradeonorion_exp -vvv

Contract

Tradeonorion_exp.sol

Link reference

https://x.com/MetaSec_xyz/status/1796008961302258001

20240528 EXcommunity - Business Logic Flaw

Lost: 33BNB

forge test --match-contract EXcommunity_exp -vvv

Contract

EXcommunity_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1795648617530995130

20240527 RedKeysCoin - Weak RNG

Lost: $12K

forge test --match-contract RedKeysCoin_exp -vvv --evm-version shanghai

Contract

RedKeysCoin_exp.sol

Link reference

20240526 NORMIE - Business Logic Flaw

Lost: $490K

forge test --match-contract NORMIE_exp -vv

Contract

NORMIE_exp.sol

Link reference

https://x.com/lookonchain/status/1794680612399542672

20240522 Burner - sandwich ack

Lost: 1.7 eth

forge test --match-contract Burner_exp -vv

Contract

Burner_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1792925754243625311

20240516 TCH - Signature Malleability Vulnerability

Lost: $18K

forge test --match-contract TCH_exp -vvv

Contract

TCH_exp.sol

Link reference

https://x.com/DecurityHQ/status/1791180322882629713

20240514 Sonne Finance - Precision loss

Lost: $20M

forge test --match-contract Sonne_exp -vvv

Contract

Sonne_exp.sol

Link reference

https://neptunemutual.com/blog/taking-a-closer-look-at-sonne-finance-exploit/

20240514 PredyFinance - Reentrancy

Lost: $464K

forge test --match-contract PredyFinance_exp -vvv

Contract

PredyFinance_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1790307019590680851

20240512 TGC - Business Logic Flaw

Lost: $32K

forge test --match-contract TGC_exp -vvv

Contract

TGC_exp.sol

Link reference

https://x.com/ChainAegis/status/1789490986588205529

20240510 GFOX - lack of access control

Lost: 330K USD

forge test --match-contract GFOX_exp -vvv --evm-version shanghai

Contract

GFOX_exp.sol

Link reference

https://twitter.com/CertiKAlert/status/1788751142144401886

20240510 TSURU - Insufficient Validation

Lost: 140K

forge test --match-contract TSURU_exp -vvv --evm-version shanghai

Contract

TSURU_exp.sol

Link reference

https://base.tsuru.wtf/usdtsuru-exploit-incident-report

20240508 GPU - self transfer

Lost: ~32K USD

forge test --match-contract GPU_exp -vvv

Contract

GPU_exp.sol

Link reference

https://twitter.com/PeckShieldAlert/status/1788153869987611113

20240507 SATURN - Price Manipulation

Lost: ~15 BNB

forge test --match-contract OSN_exp -vvv

Contract

SATURN_exp.sol

Link reference

https://twitter.com/ChainAegis/status/1787667253435195841

20240506 OSN - Reward Distribution Problem

Lost: ~109K USD

forge test --match-contract OSN_exp -vvv --evm-version shanghai

Contract

OSN_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1787330586857861564

20240430 Yield - Business Logic Flaw

Lost: 181K

forge test --match-contract Yield_exp -vvv

Contract

Yield_exp.sol

Link reference

https://twitter.com/peckshield/status/1785121607192817692

https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50

20240430 PikeFinance - Uninitialized Proxy

Lost: 1.4M

forge test --match-contract PikeFinance_exp -vvv

Contract

PikeFinance_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1785508900093194591

20240427 BNBX - precission loss

Lost: ~75 $BNB

forge test --match-contract BNBX_exp -vvv --evm-version shanghai

Contract

BNBX_exp.sol

Link reference

https://x.com/ChainAegis/status/1784431544557514896

20240425 NGFS - Bad Access Control

Lost: ~190K

forge test --match-contract NGFS_exp -vvv --evm-version shanghai

Contract

NGFS_exp.sol

Link reference

https://twitter.com/CertiKAlert/status/1783476515331616847

20240424 XBridge - Logic Flaw

Lost: >200k USD(plus a lot of STC, SRLTY, Mazi tokens)

forge test --match-contract XBridge_exp -vvv

Contract

XBridge_exp.sol

20240424 YIEDL - Input Validation

Lost: 150k USD

forge test --match-contract YIEDL_exp -vvv

Contract

YIEDL_exp.sol

20240422 Z123 - price manipulation

Lost: 136k USD

forge test --match-contract Z123_exp -vvv

Contract

Z123_exp.sol

Link reference

https://twitter.com/PeckShieldAlert/status/1782322484911784385

20240420 Rico - Arbitrary Call

Lost: 36K

forge test --match-contract Rico_exp -vvv

Contract

Rico_exp.sol

Link reference

https://twitter.com/ricocreditsys/status/1781803698940781009

20240419 HedgeyFinance - Logic Flaw

Lost: 48M USD

forge test --match-contract HedgeyFinance_exp -vvv

Contract

HedgeyFinance_exp.sol

Link reference

https://twitter.com/Cube3AI/status/1781294512716820918

20240417 UnverifiedContr_0x00C409 - unverified external call

Lost: ~ 18 eth

forge test --match-contract UnverifiedContr_0x00C409_exp -vvv

Contract

UnverifiedContr_0x00C409_exp.sol

Link reference

https://x.com/CyversAlerts/status/1780593407871635538

20240416 SATX - Logic Flaw

Lost: ~ 50 BNB

forge test --match-contract SATX_exp -vvv

Contract

SATX_exp.sol

Link reference

https://x.com/bbbb/status/1780341239801393479

20240416 MARS - Bad Reflection

Lost: >100K

forge test --match-contract MARS_exp -vv

Contract

MARS_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1780150315603701933

20240415 GFA - business-logic-flaw

Lost: ~14K USD

forge test --match-contract GFA_exp -vvv

Contract

GFA_exp.sol

Link reference

https://x.com/ChainAegis/status/1779809931962827055

20240415 ChaingeFinance - Arbitrary External Call

Lost: ~560K

forge test --match-contract ChaingeFinance_exp -vvv

Contract

ChaingeFinance_exp.sol

Link reference

https://twitter.com/CyversAlerts/status/1779875922381860920

20240414 Hackathon - business logic flaw

Lost: ~20K

forge test --match-contract Hackathon_exp -vvv

Contract

Hackathon_exp.sol

Link reference

https://x.com/EXVULSEC/status/1779519508375613827

20240412 FIL314 - Insufficient Validation And Price Manipulation

Lost: ~14 BNB

forge test --match-contract FIL314_exp -vvv

Contract

FIL314_exp.sol

Link reference

20240412 SumerMoney - Reentrancy

Lost: 350K

forge test --match-contract SumerMoney_exp -vvv

Contract

SumerMoney_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1778986926705672698

20240412 GROKD - lack of access control

Lost: $~150 BNB

forge test --match-contract GROKD_exp -vvv

Contract

GROKD_exp.sol

Link reference

https://x.com/hipalex921/status/1778482890705416323?t=KvvG83s7SXr9I55aftOc6w&s=05

20240410 BigBangSwap - precission loss

Lost: $~5K $BUSD

forge test --match-contract BigBangSwap_exp -vvv

Contract

BigBangSwap_exp.sol

Link reference

https://x.com/ChainAegis/status/1778254222288621912

20240409 UPS - business logic flaw

Lost: $~28K USD

forge test --match-contract UPS_exp -vvv

Contract

UPS_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1777589021058728214

20240408 SQUID - sandwich attack

Lost: $~87K USD

forge test --match-contract SQUID_exp -vvv

Contract

SQUID_exp.sol

Link reference

https://twitter.com/bbbb/status/1777228277415039304

20240404 wsm - manipulating price

Lost: $~18K USD

forge test --match-contract WSM_exp -vvv

Contract

WSM_exp.sol

Link reference

https://hacked.slowmist.io/#:~:text=Hacked%20target%3A%20Wall%20Street%20Memes

20240402 HoppyFrogERC - business logic flaw

Lost: ~0.3 ETH

forge test --match-contract HoppyFrogERC_exp -vvv --evm-version shanghai

Contract

HoppyFrogERC_exp.sol

Link reference

https://x.com/ChainAegis/status/1775351437410918420

20240401 ATM - business logic flaw

Lost: $~182K USD

forge test --match-contract ATM_exp -vvv

Contract

ATM_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1775008489569718508

20240401 OpenLeverage - business logic flaw

Lost: ~234K

forge test --match-contract OpenLeverage2_exp -vvv

Contract

OpenLeverage2_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

20240329 ETHFIN - lack of access control

Lost: ~$1.24K (2.13 BNB)

forge test --match-contract ETHFIN_exp -vvv --evm-version shanghai

Contract

ETHFIN_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0xfe031685d84f3bae1785f5b2bd0ed480b87815c3f23ce6ced73b8573b7e367c6

20240329 PrismaFi - Insufficient Validation

Lost: $~11M

forge test --match-contract Prisma_exp -vvv

Contract

Prisma_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1773371049951797485

20240328 LavaLending - Business Logic Flaw

Lost: ~340K

forge test --match-contract LavaLending_exp -vvv

Contract

LavaLending_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

https://twitter.com/Phalcon_xyz/status/1773546399713345965

https://hackmd.io/@LavaSecurity/03282024

20240325 ZongZi - Price Manipulation

Lost: ~223K

forge test --match-contract ZongZi_exp -vvv

Contract

ZongZi_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1772195949638775262

20240323 CGT - Incorrect Access Control

Lost: 996B (CGT token)

forge test --match-contract CGT_exp -vvv

Contract

CGT_exp.sol

Link reference

https://x.com/AnciliaInc/status/1771598968448745536

20240321 SSS - Token Balance Doubles on Transfer to self

Lost: 4.8M

forge test --match-contract SSS_exp -vvv

Contract

SSS_exp.sol

Link reference

https://twitter.com/dot_pengun/status/1770989208125272481

20240324 ARK - business logic flaw

Lost: ~348BNB

forge test --match-contract ARK_exp -vvv

Contract

ARK_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1771728823534375249

20240320 Paraswap - Incorrect Access Control

Lost: ~24K

forge test --match-contract Paraswap_exp -vvv --evm-version shanghai

Contract

Paraswap_exp.sol

Link reference

https://medium.com/neptune-mutual/analysis-of-the-paraswap-exploit-1f97c604b4fe

20240314 MO - business logic flaw

Lost: ~413k USDT

forge test --match-contract MO_exp -vvv

Contract

MO_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768184024483430523

20240313 IT - business logic flaw

Lost: ~13k USDT

forge test --via-ir ---match-contract IT_exp -vvv

Contract

IT_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768171595561046489

20240312 BBT - business logic flaw

Lost: ~5.06 ETH

forge test --match-contract BBT_exp -vvv

Contract

BBT_exp.sol

Link reference

https://x.com/8olidity/status/1767470002566058088

20240311 Binemon - precission-loss

Lost: ~0.2 BNB

forge test --match-contract Binemon_exp -vvv

Contract

Binemon_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x1999bb5c11a8d8bfa7620fc5cc37f5bc59c1a99d7a9250a8d6076c93bbdbeb5f

20240309 Juice - Business Logic Flaw

Lost: ~54 ETH

forge test --match-contract Juice_exp -vvv --evm-version shanghai

Contract

Juice_exp.sol

Link reference

https://medium.com/@juicebotapp/juice-staking-exploit-next-steps-95e218b3ec71

20240309 UnizenIO - unverified external call

Lost: ~2M

forge test --match-contract UnizenIO_exp -vvvv

Contract

UnizenIO_exp.sol | UnizenIO2_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1766274000534004187

https://twitter.com/AnciliaInc/status/1766261463025684707

20240307 GHT - Business Logic Flaw

Lost: ~57K

forge test --match-contract GHT_exp -vvv

Contract

GHT_exp.sol

Link reference

20240306 ALP - Public internal function

Lost: ~10K

Testing

forge test --match-contract ALP_exp -vvv

Contract

ALP_exp.sol

Link Reference

https://twitter.com/0xNickLFranklin/status/1765296663667875880

20240306 TGBS - Business Logic Flaw

Lost: ~150K

forge test --match-contract TGBS_exp -vvv

Contract

TGBS_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1765290290083144095

https://twitter.com/Phalcon_xyz/status/1765285257949974747

20240305 Woofi - Price Manipulation

Lost: ~8M

forge test --match-contract Woofi_exp -vvv

Contract

Woofi_exp.sol

Link reference

https://twitter.com/spreekaway/status/1765046559832764886 https://twitter.com/PeckShieldAlert/status/1765054155478175943

20240228 Seneca - Arbitrary External Call Vulnerability

Lost: ~6M

forge test --match-contract Seneca_exp -vvv

Contract

Seneca_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1763045563040411876

20240228 SMOOFSStaking - Reentrancy

Lost: Unclear

forge test --match-contract SMOOFSStaking_exp -vvv

Contract

SMOOFSStaking_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1762893563103428783

https://twitter.com/0xNickLFranklin/status/1762895774311178251

20240223 Zoomer - Business Logic Flaw

Lost: ~14 ETH

forge test --match-contract Zoomer_exp -vvv --evm-version "shanghai"

Contract

Zoomer_exp.sol

Link reference

https://x.com/ChainAegis/status/1761246415488225668

20240223 CompoundUni - Oracle bad price

Lost: ~439,537 USD

forge test --match-contract CompoundUni_exp -vvv

Contract

CompoundUni_exp.sol

Link reference

https://twitter.com/0xLEVI104/status/1762092203894276481

20240223 BlueberryProtocol - logic flaw

Lost: ~1,400,000 USD

forge test --match-contract BlueberryProtocol_exp -vvv

Contract

BlueberryProtocol_exp.sol

Link reference

https://twitter.com/blueberryFDN/status/1760865357236211964

20240222 SwarmMarkets - lack of validation

Lost: ~7k $DAI

forge test --match-contract SwarmMarkets_exp -vvv

Contract

SwarmMarkets_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/eth/0xa4d7ee2ddb9db06961a17e2a5ae71743a266bcb720be138670f4a10e8dfc13e9

20240221 DeezNutz 404 - lack of validation

Lost: ~170k

forge test --match-contract DeezNutz404_exp -vvv

Contract

DeezNutz404_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760481343161700523

20240221 GAIN - bad function implementation

Lost: ~6.4 ETH

forge test --match-contract GAIN_exp -vvv

Contract

GAIN_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760559768241160679

20240220 EGGX - reentrancy

Lost: ~2 ETH

forge test --match-contract EGGX_exp -vvv

Contract

EGGX_exp.sol

Link reference

https://x.com/PeiQi_0/status/1759826303044497726

20240219 RuggedArt - reentrancy

Lost: ~10k

forge test --match-contract RuggedArt_exp -vvv

Contract

RuggedArt_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1759822545875025953

20240216 ParticleTrade - lack of validation data

Lost: ~50k

forge test --match-contract ParticleTrade_exp -vvv

Contract

ParticleTrade_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1758028270770250134

20240215 DualPools - precision truncation

Lost: ~42k

forge test --match-contract DualPools_exp -vvvv

Contract

DualPools_exp.sol

Link reference

https://medium.com/@lunaray/dualpools-hack-analysis-5209233801fa

20240215 Babyloogn - lack of validation

Lost: ~2 $BNB

forge test --match-contract Babyloogn_exp -vvvv

Contract

Babyloogn_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0xd081d6bb96326be5305a6c00dd51d1799971794941576554341738abc1ceb202

20240215 Miner - lack of validation dst address

Lost: ~150k

forge test --match-contract Miner_exp -vvv --evm-version shanghai

Contract

Miner_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1757777340002681326

20240213 MINER - Price Manipulation

Lost: ~3.5 WBNB

forge test --match-contract MINER_bsc_exp -vvv --evm-version shanghai

Contract

MINER_bsc_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x15ab671c9bf918fa4b6a9eed9ccb527f32aca40e926ede2aec2c84dfa9c30512?line=6

20240211 Game - Reentrancy && Business Logic Flaw

Lost: ~20 ETH

forge test --match-contract Game_exp -vvv

Contract

Game_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1757533144033739116

20240210 FILX DN404 - Access Control

Lost: 200K

forge test --match-contract DN404_exp -vvv

Contract

DN404_exp.sol

20240208 Pandora - interger underflow

Lost: ~17K USD

forge test --match-contract PANDORA_exp -vvv

Contract

PANDORA_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1766479470058406174

20240205 BurnsDefi - Price Manipulation

Lost: ~67K

forge test --match-contract BurnsDefi_exp -vvv

Contract

BurnsDefi_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1754342573815238946

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408 (similar incident)

20240202 ADC - incorrect-access-control

Lost: ~20 eth

forge test --match-contract ADC_exp -vvv

Contract

ADC_exp.sol

Link reference

https://x.com/EXVULSEC/status/1753294675971313790

20240201 AffineDeFi - lack of validation userData

Lost: ~88K

forge test --match-contract AffineDeFi_exp -vvv

Contract

AffineDeFi_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1753020812284809440

https://twitter.com/CyversAlerts/status/1753040754287513655

20240130 XSIJ - Business Logic Flaw

Lost: ~51K USD

forge test --match-contract XSIJ_exp -vvv

Contract

XSIJ_exp.sol

Link reference

https://x.com/CertiKAlert/status/1752384801535918264

20240130 MIMSpell - Precission Loss

Lost: ~6,5M

forge test --match-contract MIMSpell2_exp -vvv

Contract

MIMSpell2_exp.sol

Link reference

https://twitter.com/kankodu/status/1752581744803680680

https://twitter.com/Phalcon_xyz/status/1752278614551216494

https://twitter.com/peckshield/status/1752279373779194011

https://phalcon.blocksec.com/explorer/security-incidents

20240129 PeapodsFinance - Reentrancy

Lost: ~1K $DAI

forge test --match-contract PeapodsFinance_exp -vvv

Contract

PeapodsFinance_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/eth/0x95c1604789c93f41940a7fd9eca11276975a9a65d250b89a247736287dbd2b7e

20240128 BarleyFinance - Reentrancy

Lost: ~130K

forge test --match-contract BarleyFinance_exp -vvv

Contract

BarleyFinance_exp.sol

Link reference

https://phalcon.blocksec.com/explorer/security-incidents

https://www.bitget.com/news/detail/12560603890246

https://twitter.com/Phalcon_xyz/status/1751788389139992824

20240127 CitadelFinance - Price Manipulation

Lost: ~93K

forge test --match-contract CitadelFinance_exp -vvv

Contract

CitadelFinance_exp.sol

Link reference

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408

20240125 NBLGAME - Reentrancy

Lost: ~180K

forge test --match-contract NBLGAME_exp -vvv

Contract

NBLGAME_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1750526097106915453

https://twitter.com/AnciliaInc/status/1750558426382635036

20240122 DAO_SoulMate - Incorrect Access Control

Lost: ~319K

forge test --match-contract DAO_SoulMate_exp -vvv --evm-version 'shanghai'

Contract

DAO_SoulMate_exp.sol

Link reference

https://twitter.com/MetaSec_xyz/status/1749743245599617282

20240117 BmiZapper - Arbitrary external call vulnerability

Lost: ~114K

forge test --match-contract Bmizapper_exp -vvv

Contract

BmiZapper_exp.sol

Link reference

https://x.com/0xmstore/status/1747756898172952725

20240115 Shell_MEV_0xa898 - lack of access control

Lost: ~1K $BUSD

forge test --match-contract Shell_MEV_0xa898_exp -vvv

Contract

Shell_MEV_0xa898_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x24f114c0ef65d39e0988d164e052ce8052fe4a4fd303399a8c1bb855e8da01e9

20240112 SocketGateway - Lack of calldata validation

Lost: ~3.3Million $

forge test --match-contract SocketGateway_exp -vvv --evm-version shanghai

Contract

SocketGateway_exp.sol

Link reference

https://twitter.com/BeosinAlert/status/1747450173675196674

https://twitter.com/peckshield/status/1747353782004900274

20240112 WiseLending - Bad HealthFactor Check

Lost: ~464K

forge test --match-contract WiseLending02_exp -vvv --evm-version shanghai

Contract

WiseLending02_exp.sol

Link reference

https://twitter.com/danielvf/status/1746303616778981402

20240110 Freedom - lack of access control

Lost: 74 $WBNB

forge test --match-contract Freedom_exp -vvv

Contract

Freedom_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x309523343cc1bb9d28b960ebf83175fac941b4a590830caccff44263d9a80ff0

20240110 LQDX - Unauthorized TransferFrom

Lost: unknown

forge test --match-contract LQDX_alert_exp -vvv

Contract

LQDX_alert_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1744972012865671452

20240104 Gamma - Price manipulation

Lost: ~6.3M

forge test --match-contract Gamma_exp -vvv

Contract

Gamma_exp.sol

Link reference

https://twitter.com/officer_cia/status/1742772207997050899

https://twitter.com/shoucccc/status/1742765618984829326

20240102 MIC - Business Logic Flaw

Lost: ~500K

forge test --match-contract MIC_exp -vvv

Contract

MIC_exp.sol

Link reference

https://x.com/MetaSec_xyz/status/1742484748239536173

20240102 RadiantCapital - Loss of Precision

Lost: ~4,5M

forge test --match-contract RadiantCapital_exp -vvv

Contract

RadiantCapital_exp.sol

Link reference

https://neptunemutual.com/blog/how-was-radiant-capital-exploited/

https://twitter.com/BeosinAlert/status/1742389285926678784

20240101 OrbitChain - Incorrect input validation

Lost: ~81M

forge test --match-contract OrbitChain_exp -vvv

Contract

OrbitChain_exp.sol

Link reference

https://blog.solidityscan.com/orbit-chain-hack-analysis-b71c36a54a69

View Gas Reports

Foundry also has the ability to report the gas used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.

Every poc in this repository can produce a gas report like this:

forge test --gas-report --contracts <contract> -vvv

For Example: Let us find out the gas used in the Audius poc

Execution

forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv

Demo

Bug Reproduce

Moved to DeFiVulnLabs

FlashLoan Testing

Moved to DeFiLabs

Awesome

DeFi Hacks Reproduce - Foundry

Getting Started

Web3 Cybersecurity Academy

OnChain transaction debugging

Who Support Us? DeFiHackLabs Received Grant From

Donate us

List of Past DeFi Incidents

Transaction debugging tools

Ethereum Signature Database

Useful tools

Hacks Dashboard

List of DeFi Hacks & POCs

20241026 CompoundFork - Flashloan attack

Lost: $1M

Contract

Link reference

20241022 Erc20transfer - Access Control

Lost: $14,773.35

Contract

Link reference

20241022 Vista - flashmint receive error

Lost: $28,000

Contract

Link reference

20241013 MorphoBlue - Overpriced Asset in Oracle

Lost: $230,000

Contract

Link reference

20241011 P719Token - Price Manipulation Inflate Attack

Total Lost : 547.18 BNB (~$312K USD)

Contract

Link reference

20241006 SASHAToken - Price Manipulation

Total Lost : 249 ETH (~$600K USD)

Contract

Link reference

20241010 HYDT - Oracle Price Manipulation

Total Lost : 5.8k USDT

Contract

Link reference

20241005 AIZPTToken - Wrong Price Calculation

Total Lost : 34.88 BNB (~$20K USD)

Contract

Link reference

20241001 FireToken - Pair Manipulation With Transfer Function

Lost: 8.45 ETH (~$20K USD)

Contract

Link reference

20241002 LavaLending - Price Manipulation

Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)

Contract

Link reference

20240926 OnyxDAO - Fake Market

Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)

Contract

Link reference

20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function

Lost: 27.83925883 BTC (~$1.7M USD)

Contract

Link reference

20240924-MARA---price-manipulation

Lost: ~8.8 WBNB (~5.3K USD)

Contract

Link reference

20240923 Bankroll_Network - Incorrect input validation

Lost: ~404 WBNB (~234.8K USD)

Contract

Link reference

20240913 OTSeaStaking - Logic Flaw

Lost: 26k

Contract

Link reference

20240910 Caterpillar_Coin_CUT - Price Manipulation

Lost: ~1.4M USD

Contract

Link reference

20240903 Penpiexyz_io - Reentrancy and Reward Manipulation

Lost: 11,113.6 ETH (~$27,348,259 USD)

Contract