123 incidents included.
20221024 MulticallWithoutCheck
20221011 Rabby Wallet SwapRouter
20220908 Ragnarok Online Invasion
20220701 Quixotic - Optimism NFT Marketplace
20220624 Harmony's Horizon Bridge
20220608 Optimism - Wintermute
20220430 Rari Capital/Fei Protocol
20220322 CompoundTUSDSweepTokenBypass
Testing
forge test --contracts ./src/test/2022-12/DFS_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1608788290785665024
Testing
forge test --contracts ./src/test/2022-12/JAY_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1608372475225866240
Testing
forge test --contracts ./src/test/2022-12/Rubic_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1606993118901198849
https://twitter.com/peckshield/status/1606937055761952770
Testing
forge test --contracts ./src/test/2022-12/Defrost_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1606276020276891650
Testing
forge test --contracts ./src/test/2022-12/Nmbplatform_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1602877048124735489
Testing
forge test --contracts ./src/test/2022-12/FPR_exp.sol -vvv
https://twitter.com/peckshield/status/1603226968706936832
https://twitter.com/chainlight_io/status/1603282848311480320
Testing
forge test --contracts ./src/test/2022-12/ElasticSwap_exp.sol -vvv
https://quillaudits.medium.com/decoding-elastic-swaps-850k-exploit-quillaudits-9ceb7fcd8d1a
Testing
forge test --contracts ./src/test/2022-12/BGLD_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1602335214356660225
Testing
forge test --contracts ./src/test/2022-12/Lodestar_exp.sol -vvv
https://twitter.com/SolidityFinance/status/1601684150456438784
https://blog.lodestarfinance.io/post-mortem-summary-13f5fe0bb336
Testing
forge test --contracts ./src/test/2022-12/MUMUG_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1601422462012469248
Testing
forge test --contracts ./src/test/2022-12/TIFI_exp.sol -vvv
https://twitter.com/peckshield/status/1601492605535399936
Testing
forge test --contracts ./src/test/2022-12/NovaExchange_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1601168659585454081
Testing
forge test --contracts ./src/test/2022-12/AES_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1600442137811689473
https://twitter.com/peckshield/status/1600418002163625984
Testing
forge test --contracts ./src/test/2022-12/RFB_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1599991294947778560
Testing
forge test --contracts ./src/test/2022-12/BBOX_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1599599614490877952
Testing
forge test --contracts ./src/test/2022-12/Overnight_exp.sol -vvv
https://twitter.com/peckshield/status/1598704809690877952
Testing
forge test --contracts ./src/test/2022-12/APC_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1598262002010378241
Testing
forge test --contracts ./src/test/2022-11/MBC_ZZSH_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1597742575623888896
https://twitter.com/CertiKAlert/status/1597639717096460288
Testing
forge test --contracts ./src/test/2022-11/SEAMAN_exp.sol -vvv
https://twitter.com/peckshield/status/1597493955939405825
https://twitter.com/CertiKAlert/status/1597513374841044993
https://twitter.com/BeosinAlert/status/1597535796621631489
Testing
forge test --contracts ./src/test/2022-11/NUM_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1595346020237352960
Testing
forge test --contracts ./src/test/2022-11/AUR_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1595142246570958848
Testing
forge test --contracts ./src/test/2022-11/SDAO_exp.sol -vvv
https://twitter.com/8olidity/status/1594693686398316544
https://twitter.com/CertiKAlert/status/1594615286556393478
Testing
forge test --contracts ./src/test/2022-11/Annex_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1593690338526273536
Testing
forge test --contracts ./src/test/2022-11/UEarnPool_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1593094922160128000
Testing
forge test --contracts ./src/test/2022-11/SheepFarm_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1592658104394473472
https://twitter.com/BlockSecTeam/status/1592734292727455744
Testing
forge test --contracts ./src/test/2022-11/DFX_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1590960299246780417
https://twitter.com/BeosinAlert/status/1591012525914861570
https://twitter.com/AnciliaInc/status/1590839104731684865
https://twitter.com/peckshield/status/1590831589004816384
Testing
forge test --contracts ./src/test/2022-11/BrahTOPG_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1590685173477101570
Testing
forge test --contracts ../../src/test/2022-11/MEV_0ad8_exp.sol -vvvv
https://twitter.com/Supremacy_CA/status/1590337718755954690
Testing
forge test --contracts ./src/test/2022-11/Kashi_exp.sol -vvv
https://eigenphi.substack.com/p/casting-a-magic-spell-on-abracadabra
https://twitter.com/BlockSecTeam/status/1603633067876155393
Testing
forge test --contracts ./src/test/2022-11/MooCAKECTX_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1589501207181393920
https://twitter.com/CertiKAlert/status/1589428153591615488
Testing
forge test --contracts ./src/test/2022-11/BDEX_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1588579143830343683
Testing
forge test --contracts ./src/test/2022-10/VTF_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1585575129936977920
https://twitter.com/peckshield/status/1585572694241988609
https://twitter.com/BeosinAlert/status/1585587030981218305
Testing
forge test --contracts ./src/test/2022-10/TeamFinance_exp.sol -vvv
https://twitter.com/TeamFinance_/status/1585770918873542656
https://twitter.com/peckshield/status/1585587858978623491
https://twitter.com/solid_group_1/status/1585643249305518083
https://twitter.com/BeosinAlert/status/1585578499125178369
Testing
forge test --contracts ../../src/test/2022-10/N00d_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1584959295829180416
https://twitter.com/AnciliaInc/status/1584955717877784576
Testing
forge test --contracts ./src/test/2022-10/ULME_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1584839309781135361
https://twitter.com/BeosinAlert/status/1584888021299916801
https://medium.com/neptune-mutual/decoding-ulme-token-flash-loan-attack-56470d261787
Testing
forge test --contracts ./src/test/2022-10/Market_exp.sol -vv
https://quillaudits.medium.com/decoding-220k-read-only-reentrancy-exploit-quillaudits-30871d728ad5
Testing
forge test --contracts ./src/test/2022-10/MulticallWithoutCheck_exp.sol -vvv
Testing
forge test --contracts ./src/test/2022-10/OlympusDao_exp.sol -vvv
https://twitter.com/peckshield/status/1583416829237526528
Testing
forge test --contracts ./src/test/2022-10/HEALTH_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1583073442433495040
Testing
forge test --contracts ./src/test/2022-10/BEGO_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1582828751250784256
https://twitter.com/peckshield/status/1582892058800685058
Testing
forge test --contracts ./src/test/2022-10/HPAY_exp.sol -vvv
https://twitter.com/Supremacy_CA/status/1582345448190140417
Testing
forge test --contracts ./src/test/2022-10/PLTD_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1582181583343484928
Testing
forge test --contracts ./src/test/2022-10/Uerii_exp.sol -vvv
https://twitter.com/peckshield/status/1581988895142526976
Testing
forge test --contracts ./src/test/2022-10/INUKO_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1587848874076430336
Testing
forge test --contracts ./src/test/2022-10/EFLeverVault_exp.sol -vvv
https://twitter.com/Supremacy_CA/status/1581012823701786624
https://twitter.com/MevRefund/status/1580917351217627136
https://twitter.com/danielvf/status/1580936010556661761
Testing
forge test --contracts ./src/test/2022-10/MEVa47b_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1580779311862190080
https://twitter.com/AnciliaInc/status/1580705036400611328
https://etherscan.io/tx/0x35ecf595864400696853c53edf3e3d60096639b6071cadea6076c9c6ceb921c1
Testing
forge test --contracts ./src/test/2022-10/ATK_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1580095325200474112
Testing
forge test --contracts ../../src/test/2022-10/RabbyWallet_SwapRouter_exp.sol -vv
RabbyWallet_SwapRouter_exp.sol
https://twitter.com/Supremacy_CA/status/1579813933669486592
https://twitter.com/SlowMist_Team/status/1579839744128978945
https://twitter.com/BeosinAlert/status/1579856733178331139
Testing
forge test --contracts ../../src/test/2022-10/Templedao_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1579843881893769222
https://etherscan.io/tx/0x8c3f442fc6d640a6ff3ea0b12be64f1d4609ea94edd2966f42c01cd9bdcf04b5
Testing
forge test --contracts ../../src/test/2022-10/Carrot_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1579908411235237888
https://bscscan.com/tx/0xa624660c29ee97f3f4ebd36232d8199e7c97533c9db711fa4027994aa11e01b9
Testing
forge test --contracts ../../src/test/2022-10/XaveFinance_exp.sol -vv
https://twitter.com/BeosinAlert/status/1579040051853303808
https://etherscan.io/tx/0xc18ec2eb7d41638d9982281e766945d0428aaeda6211b4ccb6626ea7cff31f4a
Testing
forge test --contracts ../../src/test/2022-10/RES_exp.sol -vv
https://twitter.com/AnciliaInc/status/1578119778446680064
https://bscscan.com/tx/0xe59fa48212c4ee716c03e648e04f0ca390f4a4fc921a890fded0e01afa4ba96d
Testing
forge test --contracts ../../src/test/2022-10/TransitSwap_exp.sol -vv
https://twitter.com/TransitFinance/status/1576463550557483008
https://twitter.com/1nf0s3cpt/status/1576511552592543745
https://bscscan.com/tx/0x181a7882aac0eab1036eedba25bc95a16e10f61b5df2e99d240a16c334b9b189
Testing
forge test --contracts ./src/test/2022-10/BabySwap_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1576441612812836865
Testing
forge test --contracts ../../src/test/2022-10/RL_exp.sol -vv
https://twitter.com/CertiKAlert/status/1576195971003858944
Testing
forge test --contracts ../../src/test/2022-09/THB_exp.sol -vv
https://twitter.com/peckshield/status/1575890733373849601
https://bscscan.com/tx/0x57aa9c85e03eb25ac5d94f15f22b3ba3ab2ef60b603b97ae76f855072ea9e3a0
Testing
forge test --contracts ../../src/test/2022-09/BXH_exp.sol -vv
https://www.jinse.com/lives/319392.html
https://bscscan.com/tx/0xa13c8c7a0c97093dba3096c88044273c29cebeee109e23622cd412dcca8f50f4
An anonymous attacker noticed a flaw in the bots arbitrage contract code, and stole not only the recently acquired 800 ETH, but the entire 1,101 ETH in 0xbad’s wallet.
Testing
forge test --contracts ./src/test/2022-09/MEVbadc0de_exp.sol -vvv
https://etherscan.io/tx/0x59ddcf5ee5c687af2cbf291c3ac63bf28316a8ecbb621d9f62d07fa8a5b8ef4e
Testing
forge test --contracts ./src/test/2022-09/RADT_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1573252869322846209
https://bscscan.com/tx/0xd692f71de2768017390395db815d34033013136c378177c05d0d46ef3b6f0897
Testing
forge test --contracts ./src/test/2022-09/BNB48MEVBot_exp.sol -vvv
https://twitter.com/1nf0s3cpt/status/1577594615104172033
https://bscscan.com/tx/0xd48758ef48d113b78a09f7b8c7cd663ad79e9965852e872fdfc92234c3e598d2
Testing
forge test --contracts ./src/test/2022-09/DPC_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1568429355919089664
https://bscscan.com/address/0x2109bbecB0a563e204985524Dd3DB2F6254AB419
https://learnblockchain.cn/article/4733
Testing
forge test --contracts ./src/test/2022-09/Yyds_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1567928377432051713
https://bscscan.com/tx/0x04a1f0d1694242515ecb14faa71053901f11a1286cd21c27fe5542f9eeb62356
Testing
forge test --contracts ./src/test/2022-09/ROI_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1567746825616236544
https://twitter.com/CertiKAlert/status/1567754904663429123
https://www.panewslab.com/zh_hk/articledetails/mbzalpdi.html
https://medium.com/quillhash/decoding-ragnarok-online-invasion-44k-exploit-quillaudits-261b7e23b55
Testing
forge test --contracts ./src/test/2022-09/NewFreeDAO_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1567854876633309186
https://bscscan.com/tx/0x1fea385acf7ff046d928d4041db017e1d7ead66727ce7aacb3296b9d485d4a26
Testing
forge test --contracts ./src/test/2022-09/NXUSD_exp.sol -vvv
https://medium.com/nereus-protocol/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6
https://snowtrace.io/tx/0x0ab12913f9232b27b0664cd2d50e482ad6aa896aeb811b53081712f42d54c026
Testing
forge test --contracts ./src/test/2022-09/ZoomproFinance_exp.sol -vvv
https://twitter.com/blocksecteam/status/1567027459207606273
https://bscscan.com/tx/0xe176bd9cfefd40dc03508e91d856bd1fe72ffc1e9260cd63502db68962b4de1a
Anyone can burn $SDF
Testing
forge test --contracts ./src/test/2022-09/Shadowfi_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1565549688509861888
https://bscscan.com/tx/0xe30dc75253eecec3377e03c532aa41bae1c26909bc8618f21fb83d4330a01018
Testing
forge test --contracts ./src/test/2022-09/BadGuysbyRPF_exp.sol -vvv
https://twitter.com/RugDoctorApe/status/1565739119606890498
https://etherscan.io/tx/0x27e64a8215ae1528245c912bcca09883fdd7cce69249bd5d5d1c0eecf5297b96
Testing
forge test --contracts ./src/test/2022-08/DDC_exp.sol -vvv
https://x.com/BeosinAlert/status/1564240190851383302
Testing
forge test --contracts ./src/test/2022-08/LuckyTiger_exp.sol -vvv
https://twitter.com/1nf0s3cpt/status/1576117129589317633
https://etherscan.io/tx/0x804ff3801542bff435a5d733f4d8a93a535d73d0de0f843fd979756a7eab26af
Testing
forge test --contracts ./src/test/2022-08/XST_exp.sol -vvv
https://mobile.twitter.com/BlockSecTeam/status/1557195012042936320
Testing
forge test --contracts ./src/test/2022-08/ANCH_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1557527183966408706
Testing
forge test --contracts ./src/test/2022-08/EGD_Finance_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1556483435388350464
https://twitter.com/PeckShieldAlert/status/1556486817406283776
Testing
forge test --contracts ./src/test/2022-08/NomadBridge_exp.sol -vvv
https://twitter.com/samczsun/status/1554252024723546112
https://www.certik.com/resources/blog/28fMavD63CpZJOKOjb9DX3-nomad-bridge-exploit-incident-analysis
https://blog.coinbase.com/nomad-bridge-incident-analysis-899b425b0f34
Testing
forge test --contracts ./src/test/2022-08/ReaperFarm_exp.sol -vvv
https://twitter.com/Reaper_Farm/status/1554500909740302337
https://twitter.com/BeosinAlert/status/1554476940593340421
20220725 LPC - Business Logic Flaw : Incorrect recipient balance check, did not check sender!=recipient in transfer
Testing
forge test --contracts ./src/test/2022-07/LPC_exp.sol -vvv
https://www.panewslab.com/zh_hk/articledetails/uwv4sma2.html
https://twitter.com/BeosinAlert/status/1551535854681718784
Testing
forge test --contracts ./src/test/2022-07/Audius_exp.sol -vvv
https://twitter.com/AudiusProject/status/1551000725169180672
https://twitter.com/1nf0s3cpt/status/1551050841146400768
https://blog.audius.co/article/audius-governance-takeover-post-mortem-7-23-22
Testing
forge test --contracts ./src/test/2022-07/SpaceGodzilla_exp.sol -vvv
https://mobile.twitter.com/BlockSecTeam/status/1547456591900749824
https://medium.com/numen-cyber-labs/spacegodzilla-attack-event-analysis-d29a061b17e1
https://learnblockchain.cn/article/4396
https://learnblockchain.cn/article/4395 *** math behind such attack
Testing
forge test --contracts ./src/test/2022-07/Omni_exp.sol -vv
https://twitter.com/SlowMist_Team/status/1546379086792388609
https://etherscan.io/tx/0x05d65e0adddc5d9ccfe6cd65be4a7899ebcb6e5ec7a39787971bcc3d6ba73996
The ownerWithdrawAllTo() without onlyOwner can call it.
Testing
forge test --contracts ./src/test/2022-07/FlippazOne.sol -vvvv
https://twitter.com/bertcmiller/status/1544496577338826752
https://etherscan.io/tx/0x8bded20c1db5a1d5f595b15e682a95ce11d3c895d6031147fa49c4ffa5729a30
fillSellOrder function only check seller signature.
ECDSA signature combined with v r s, if recoveredAddress == sellOrder.seller; sellorder execute.
Testing
forge test --contracts ./src/test/2022-07/Quixotic_exp.sol -vv
https://twitter.com/1nf0s3cpt/status/1542808565349777408
https://twitter.com/SlowMist_Team/status/1542795627603857409
Testing
forge test --contracts ./src/test/2022-06/XCarnival_exp.sol -vv
https://twitter.com/XCarnival_Lab/status/1541226298399653888
https://twitter.com/peckshield/status/1541047171453034501
https://twitter.com/BlockSecTeam/status/1541070850505723905
Private key compromised case of Multisig wallet
Testing
forge test --contracts ./src/test/2022-06/Harmony_multisig_exp.sol -vvvv
https://twitter.com/harmonyprotocol/status/1540110924400324608
https://twitter.com/0xIvo/status/1540165571681128448
https://twitter.com/1nf0s3cpt/status/1540139812715261952
On _spendAllowance
function they use _getStandardAmount
and should be _getReflectedAmount
Testing
forge test --contracts ./src/test/2022-06/Snood_exp.sol -vv
https://etherscan.io/tx/0x9a6227ef97d7ce75732645bd604ef128bb5dfbc1bfbe0966ad1cd2870d45a20e
https://ethtx.info/mainnet/0x9a6227ef97d7ce75732645bd604ef128bb5dfbc1bfbe0966ad1cd2870d45a20e/
Testing
forge test --contracts ./src/test/2022-06/InverseFinance_exp.sol -vv
https://twitter.com/peckshield/status/1537382891230883841
https://twitter.com/SlowMist_Team/status/1537602909512376321
https://blocksecteam.medium.com/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91
https://www.certik.com/resources/blog/6LbL57WA3iMNm8zd7q111R-inverse-finance-incident-analysis
https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c
Testing
forge test --contracts ./src/test/2022-06/Gym_2_exp.sol -vv
https://twitter.com/peckshield/status/1534423219607719936
https://twitter.com/1nf0s3cpt/status/1534464698069884929
https://www.jinse.com/news/blockchain/1658455.html
Testing
forge test --contracts ./src/test/2022-06/Optimism_exp.sol -vv
Testing
forge test --contracts ./src/test/2022-06/Discover_exp.sol -vv
https://www.twitter.com/BeosinAlert/status/1533734518623899648
https://www.anquanke.com/post/id/274003
https://bscscan.com/tx/0x8a33a1f8c7af372a9c81ede9e442114f0aabb537e5c3a22c0fd7231c4820f1e9
https://bscscan.com/tx/0x1dd4989052f69cd388f4dfbeb1690a3f3a323ebb73df816e5ef2466dc98fa4a4
Testing
forge test --contracts ./src/test/2022-05/Novo_exp.sol -vvv
https://www.panewslab.com/zh_hk/articledetails/f40t9xb4.html
https://bscscan.com/tx/0xc346adf14e5082e6df5aeae650f3d7f606d7e08247c2b856510766b4dfcdc57f
https://bscscan.com/address/0xa0787daad6062349f63b7c228cbfd5d8a3db08f1#code
Testing
forge test --contracts ./src/test/2022-05/HackDao_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1529084919976034304
buys vault token -> redeems NFTs -> claims airdrop of 60k APE -> re-supply's the pool Testing
forge test --contracts ./src/test/2022-05/Bayc_apecoin_exp.sol -vvv
https://etherscan.io/tx/0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098
Testing
forge test --contracts ./src/test/2022-05/FortressLoans.exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1523530484877209600
https://www.certik.com/resources/blog/k6eZOpnK5Kdde7RfHBZgw-fortress-loans-exploit
Testing
forge test --contracts ./src/test/2022-04/Saddle_exp.sol -vvv
https://twitter.com/peckshield/status/1520330006710616064
https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38
https://github.com/Hephyrius/Immuni-Saddle-POC
Testing
forge test --contracts ./src/test/2022-04/Rari_exp.sol -vv
https://certik.medium.com/fei-protocol-incident-analysis-8527440696cc
https://twitter.com/peckshield/status/1520369315698016256
https://etherscan.io/tx/0xab486012f21be741c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530
Testing
forge test --contracts ./src/test/2022-04/deus_exp.sol -vv
https://twitter.com/peckshield/status/1519531866109317121
https://ftmscan.com/tx/0xe374495036fac18aa5b1a497a17e70f256c4d3d416dd1408c026f3f5c70a3a9c
Testing
forge test --contracts ./src/test/2022-04/Wdoge_exp.sol -vvv
https://twitter.com/solid_group_1/status/1519034573354676224
https://bscscan.com/tx/0x4f2005e3815c15d1a9abd8588dd1464769a00414a6b7adcbfd75a5331d378e1d
Testing
forge test --contracts ./src/test/2022-04/AkutarNFT_exp.sol -vv
https://blocksecteam.medium.com/how-akutar-nft-loses-34m-usd-60d6cb053dff
https://etherscan.io/address/0xf42c318dbfbaab0eee040279c6a2588fa01a961d#code
Testing
forge test --contracts ./src/test/2022-04/Zeed_exp.sol -vv
https://www.cryptotimes.io/hacker-leaves-1m-to-self-destruct-after-zeed-protocol-exploit/
https://medium.com/@zeedcommunity/the-solution-for-the-yeed-lp-pool-attack-a120c53948cd
https://bscscan.com/tx/0x0507476234193a9a5c7ae2c47e4c4b833a7c3923cefc6fd7667b72f3ca3fa83a
Testing
forge test --contracts ./src/test/2022-04/Beanstalk_exp.sol -vv
https://rekt.news/beanstalk-rekt/
https://medium.com/uno-re/beanstalk-farms-hacked-total-damage-is-182-million-b699dd3e5c8
https://twitter.com/peckshield/status/1515680335769456640
https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f
https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7
Testing
forge test --contracts ./src/test/2022-04/Rikkei_exp.sol -vv
https://blockmagnates.com/rikkei-finance-hack/
https://knownseclab.com/news/625e865cf1c544005a4bdaf2
https://rikkeifinance.medium.com/rikkei-finance-incident-investigation-report-b5b1745b0155
https://bscscan.com/tx/0x93a9b022df260f1953420cd3e18789e7d1e095459e36fe2eb534918ed1687492
Testing
forge test --contracts ./src/test/2022-04/Elephant_Money_exp.sol -vv
https://medium.com/elephant-money/reserve-exploit-52fd36ccc7e8
https://twitter.com/peckshield/status/1514023036596330496
https://twitter.com/BlockSecTeam/status/1513966074357698563
https://bscscan.com/tx/0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577
Testing
forge test --contracts ./src/test/2022-04/cftoken_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1556497016016228358
https://bscscan.com/tx/0xc7647406542f8f2473a06fea142d223022370aa5722c044c2b7ea030b8965dd0
Testing
forge test --contracts ./src/test/2022-04/Gym_1_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1512832398643265537
https://medium.com/@Beosin_com/beosin-analysis-of-the-attack-on-gymdefi-e5a23bfd93fe
https://bscscan.com/tx/0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
Testing
forge test --contracts ./src/test/2022-03/Ronin_exp.sol -vv
https://etherscan.io/tx/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7
https://etherscan.io/tx/0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08
Testing
forge test --contracts ./src/test/2022-03/RedactedCartel_exp.sol -vv
https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5
Testing
forge test --contracts ./src/test/2022-03/Revest_exp.sol -vv
https://blocksecteam.medium.com/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f
https://etherscan.io/tx/0xe0b0c2672b760bef4e2851e91c69c8c0ad135c6987bbf1f43f5846d89e691428
Testing
forge test --contracts ./src/test/2022-03/Auctus_exp.sol -vv
https://twitter.com/AuctusOptions/status/1508647849663291398?cxt=HHwWjICzpbzO5e8pAAAA
https://etherscan.io/tx/0x2e7d7e7a6eb157b98974c8687fbd848d0158d37edc1302ea08ee5ddb376befea
Testing
forge test --contracts ./src/test/2022-03/CompoundTusd_exp.sol -vv
https://blog.openzeppelin.com/compound-tusd-integration-issue-retrospective/
Testing
forge test --contracts ./src/test/2022-03/OneRing_exp.sol -vv
https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b
https://ftmscan.com/tx/0xca8dd33850e29cf138c8382e17a19e77d7331b57c7a8451648788bbb26a70145
Testing
forge test --contracts ./src/test/2022-03/LiFi_exp.sol -vvvv
https://blog.li.fi/20th-march-the-exploit-e9e1c5c03eb9
https://twitter.com/lifiprotocol/status/1505738407938387971
https://etherscan.io/tx/0x4b4143cbe7f5475029cf23d6dcbb56856366d91794426f2e33819b9b1aac4e96
implemented a whitelist to only allow calls to approved DEXs.
Testing
forge test --contracts ./src/test/2022-03/Umbrella_exp.sol -vv
https://medium.com/uno-re/umbrella-network-hacked-700k-lost-97285b69e8c7
https://etherscan.io/tx/0x33479bcfbc792aa0f8103ab0d7a3784788b5b0e1467c81ffbed1b7682660b4fa
Testing
forge test --contracts ./src/test/2022-03/HundredFinance_exp.sol -vv
https://medium.com/immunefi/a-poc-of-the-hundred-finance-heist-4121f23a098
https://gnosisscan.io/tx/0x534b84f657883ddc1b66a314e8b392feb35024afdec61dfe8e7c510cfac1a098
Testing
forge test --contracts ./src/test/2022-03/Agave_exp.sol -vv
https://medium.com/agavefinance/agave-exploit-reentrancy-in-liquidation-call-51ae407bc56 https://gnosisscan.io/tx/0xa262141abcf7c127b88b4042aee8bf601f4f3372c9471dbd75cb54e76524f18e
Testing
forge test --contracts ./src/test/2022-03/Paraluni_exp.sol -vv
https://halborn.com/explained-the-paraluni-hack-march-2022/
https://twitter.com/peckshield/status/1502815435498176514
https://mobile.twitter.com/paraluni/status/1502951606202994694
https://zhuanlan.zhihu.com/p/517535530
https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54
Testing
forge test --contracts ./src/test/2022-03/Fantasm_exp.sol -vv
https://twitter.com/fantasm_finance/status/1501569232881995785
https://medium.com/quillhash/fantom-based-protocol-fantasm-suffers-2-6m-exploit-32de8191ccd4
https://www.certik.com/resources/blog/5p92144WQ44Ytm1AL4Jt9X-fantasm-finance
Testing
forge test --contracts ./src/test/2022-03/Bacon_exp.sol -vv
https://twitter.com/peckshield/status/1500105933128495108
https://etherscan.io/tx/0xacfcaa8e1c482148f9f2d592c78ca7a27934c7333dab31978ed0aef333a28ab6
https://etherscan.io/tx/0x7d2296bcb936aa5e2397ddf8ccba59f54a178c3901666b49291d880369dbcf31
Testing
forge test --contracts ./src/test/2022-03/TreasureDAO_exp.sol -vv
https://slowmist.medium.com/analysis-of-the-treasuredao-zero-fee-exploit-73791f4b9c14
https://arbiscan.io/tx/0x82a5ff772c186fb3f62bf9a8461aeadd8ea0904025c3330a4d247822ff34bc02
Testing
forge test --contracts ./src/test/2022-02/BuildF_exp.sol -vv
https://twitter.com/finance_build/status/1493223190071554049
https://www.cryptotimes.io/build-finance-suffered-hostile-governance-takeover-lost-470k/
https://etherscan.io/tx/0x544e5849b71b98393f41d641683586d0b519c46a2eeac9bcb351917f40258a85
Testing
forge test --contracts ./src/test/2022-02/Sandbox_exp.sol -vv
https://slowmist.medium.com/the-vulnerability-behind-the-sandbox-land-migration-2abf68933170
https://etherscan.io/tx/0x34516ee081c221d8576939f68aee71e002dd5557180d45194209d6692241f7b1
Testing
Solana TBD
forge test --contracts ./src/test/2022-02/meter_exp.sol -vv
https://twitter.com/ishwinder/status/1490227406824685569
https://blog.chainsafe.io/breaking-down-the-meter-io-hack-a46a389e7ae4
this does not seem to be the correct transaction though: https://moonriver.moonscan.io/tx/0x5a87c24d0665c8f67958099d1ad22e39a03aa08d47d00b7276b8d42294ee0591
Testing
forge test --contracts ./src/test/2022-02/TecraSpace_exp.sol -vv
https://etherscan.io/address/0x6653d9bcbc28fc5a2f5fb5650af8f2b2e1695a15
Testing
forge test --contracts ./src/test/2022-01/Qubit_exp.sol -vv
https://medium.com/@QubitFin/protocol-exploit-report-305c34540fa3
https://etherscan.io/address/0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7 https://etherscan.io/tx/0xac7292e7d0ec8ebe1c94203d190874b2aab30592327b6cc875d00f18de6f3133 https://bscscan.com/tx/0x50946e3e4ccb7d39f3512b7ecb75df66e6868b9af0eee8a7e4b61ef8a459518e
Testing
forge test --contracts ./src/test/2022-01/Anyswap_exp.sol -vv
https://medium.com/zengo/without-permit-multichains-exploit-explained-8417e8c1639b
https://twitter.com/PeckShieldAlert/status/1483363515411099651
https://etherscan.io/tx/0xe50ed602bd916fc304d53c4fed236698b71691a95774ff0aeeb74b699c6227f7