Awesome
Common fork bugs
Compound
- Compound: price manipulation of DAI on Coinbase impacted Coinbase oracle price Postmortem
- CREAM: flashloan attack & reentrancy with ERC777-like token (no checks-effects-interaction protection) Postmortem POC
- CREAM: Price manipulation Postmortem POC
- Lendf.me: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Compound: Double-entry point token issue Retrospective POC
- Lodestar Finance: Exchange rate manipulation Thread POC
- Hundred Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- Ola Finance: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Rari Capital: Flashloan and reentrancy (no checks-effects-interaction protection) POC
- Venus: Chainlink LUNA oracle became inaccurate during the Terra collapse, which caused a similar result as oracle manipulation and led to draining of protocols writeup
- Hundred Finance: Exploit of empty markets Postmortem POC
- 0VIX: price oracle vulnerability allowed donation-based price maniulation Thread POC
- Midas Capital: Exploit of empty markets writeup
- Onyx Finance: Exploit of empty markets Postmortem POC
- Sonne Finance: Exploit of empty markets Postmortem
Uniswap v2
Balancer
Curve
Aave
- Aave V2: risk of price manipulation can lead to accumulating bad debt Governance proposed mitigation writeup
- Blizz Finance: Chainlink LUNA oracle became inaccurate during the Terra collapse, which had a similar result as oracle manipulation and led to draining of protocols writeup
- Agave Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- HopeLend: Empty market issue (same as the issue in Compound Finance) combined with rounding error writeup
- Radiant Finance: Empty market issue (same as the issue in Compound Finance) combined with rounding error writeup
- Polter Finance: Empty market issue POC