Reproduce DeFi hack incidents using Foundry.
171 incidents included.
This repo is only for the educational purpose.
Let's make Web3 secure! Join Discord
Notion: 101 root cause analysis of past DeFi hacked incidents
-
Follow the instructions to install Foundry.
-
Clone and install dependencies:
git submodule update --init --recursive
All articles are also published on Substack.
- Lesson 1: Tools ( English | ä¸ć–‡ | Vietnamese | Korean )
- Lesson 2: Warm up ( English | ä¸ć–‡ | Korean )
- Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( English | ä¸ć–‡ )
- Lesson 4: Write Your Own PoC (MEV Bot) ( English | ä¸ć–‡ )
- Lesson 5: Rugpull Analysis ( English | ä¸ć–‡ )
- Lesson 6: Write Your Own PoC (Reentrancy) ( English | ä¸ć–‡ )
- Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( English | ä¸ć–‡ )
2022
20221024 MulticallWithoutCheck
20221011 Rabby Wallet SwapRouter
20220908 Ragnarok Online Invasion
20220701 Quixotic - Optimism NFT Marketplace
20220624 Harmony's Horizon Bridge
20220608 Optimism - Wintermute
20220430 Rari Capital/Fei Protocol
2021
Before 2020
Phalcon | Tx tracer | Cruise | Ethtx | Tenderly | eigenphi
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI | Abi tools
Slowmist | Defillama | Defiyield | Rekt | Cryptosec
Testing
forge test --contracts ./src/test/Starlink_exp.sol -vvv
https://twitter.com/NumenAlert/status/1626447469361102850
https://twitter.com/bbbb/status/1626392605264351235
Testing
forge test --contracts src/test/Dexible_exp.sol -vvv
https://twitter.com/peckshield/status/1626493024879673344
https://twitter.com/MevRefund/status/1626450002254958592
Testing
forge test --contracts src/test/Platypus_exp.sol -vvv
https://twitter.com/peckshield/status/1626367531480125440
https://twitter.com/spreekaway/status/1626319585040338953
Testing
forge test --contracts src/test/Sheep_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1623999717482045440
https://twitter.com/BlockSecTeam/status/1624077078852210691
Testing
forge test --contracts ./src/test/dForce_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1623956763598000129
https://twitter.com/BlockSecTeam/status/1623901011680333824
https://twitter.com/peckshield/status/1623910257033617408
Testing
forge test --contracts ./src/test/CowSwap_exp.sol -vvv
https://twitter.com/MevRefund/status/1622793836291407873
https://twitter.com/peckshield/status/1622801412727148544
Testing
forge test --contracts src/test/FDP_exp.t.sol -vv
https://twitter.com/BeosinAlert/status/1622806011269771266
Testing
forge test --contracts ./src/test/USDs_exp.sol -vv
https://twitter.com/danielvf/status/1621965412832350208
https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c
Testing
forge test --contracts ./src/test/Orion_exp.sol -vvv
https://twitter.com/peckshield/status/1621337925228306433
https://twitter.com/BlockSecTeam/status/1621263393054420992
https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/
Testing
forge test --contracts ./src/test/BonqDAO_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1621043757390123008
https://twitter.com/SlowMist_Team/status/1621087651158966274
Testing
forge test --contracts ./src/test/TINU_exp.t.sol -vv
https://twitter.com/libevm/status/1618718156343873536
Testing
forge test --contracts ./src/test/QTN_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1615625901739511809
Testing
forge test --contracts ./src/test/ThoreumFinance_exp.sol -vvv
https://bscscan.com/tx/0x3fe3a1883f0ae263a260f7d3e9b462468f4f83c2c88bb89d1dee5d7d24262b51 https://twitter.com/AnciliaInc/status/1615944396134043648
Testing
forge test --contracts ./src/test/Upswing_exp.sol -vvv
https://etherscan.io/tx/0x4b3df6e9c68ae482c71a02832f7f599ff58ff877ec05fed0abd95b31d2d7d912 https://twitter.com/QuillAudits/status/1615634917802807297
Testing
forge test --contracts ./src/test/OmniEstate_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1615232012834705408
Testing
forge test --contracts ./src/test/Midas_exp.sol -vvv
https://twitter.com/peckshield/status/1614774855999844352
https://twitter.com/BlockSecTeam/status/1614864084956254209
Testing
forge test --contracts ./src/test/UFDao_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1613507804412940289
Testing
forge test --contracts ./src/test/RoeFinance_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1613267000913960976
Testing
forge test --contracts ./src/test/BRA.exp.sol -vvv
https://twitter.com/CertiKAlert/status/1612674916070858753
https://twitter.com/BlockSecTeam/status/1612701106982862849
Testing
forge test --contracts ./src/test/GDS_exp.sol -vvv
https://twitter.com/peckshield/status/1610095490368180224
https://twitter.com/BlockSecTeam/status/1610167174978760704
2022
Testing
forge test --contracts ./src/test/DFS_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1608788290785665024
Testing
forge test --contracts ./src/test/JAY_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1608372475225866240
Testing
forge test --contracts ./src/test/Rubic_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1606993118901198849
https://twitter.com/peckshield/status/1606937055761952770
Testing
forge test --contracts ./src/test/Defrost_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1606276020276891650
Testing
forge test --contracts ./src/test/Nmbplatform_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1602877048124735489
Testing
forge test --contracts ./src/test/ElasticSwap_exp.sol -vvv
https://quillaudits.medium.com/decoding-elastic-swaps-850k-exploit-quillaudits-9ceb7fcd8d1a
Testing
forge test --contracts ./src/test/BGLD_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1602335214356660225
Testing
forge test --contracts ./src/test/Lodestar_exp.sol -vvv
https://twitter.com/SolidityFinance/status/1601684150456438784
https://blog.lodestarfinance.io/post-mortem-summary-13f5fe0bb336
Testing
forge test --contracts ./src/test/MUMUG_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1601422462012469248
Testing
forge test --contracts ./src/test/TIFI_exp.sol -vvv
https://twitter.com/peckshield/status/1601492605535399936
Testing
forge test --contracts ./src/test/NovaExchange_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1601168659585454081
Testing
forge test --contracts ./src/test/AES_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1600442137811689473
https://twitter.com/peckshield/status/1600418002163625984
Testing
forge test --contracts ./src/test/RFB_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1599991294947778560
Testing
forge test --contracts ./src/test/BBOX_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1599599614490877952
Testing
forge test --contracts ./src/test/Overnight_exp.sol -vvv
https://twitter.com/peckshield/status/1598704809690877952
Testing
forge test --contracts ./src/test/APC_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1598262002010378241
Testing
forge test --contracts ./src/test/MBC_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1597742575623888896
https://twitter.com/CertiKAlert/status/1597639717096460288
Testing
forge test --contracts ./src/test/SEAMAN_exp.sol -vvv
https://twitter.com/peckshield/status/1597493955939405825
https://twitter.com/CertiKAlert/status/1597513374841044993
https://twitter.com/BeosinAlert/status/1597535796621631489
Testing
forge test --contracts ./src/test/NUM_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1595346020237352960
Testing
forge test --contracts ./src/test/AUR_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1595142246570958848
Testing
forge test --contracts ./src/test/SDAO_exp.sol -vvv
https://twitter.com/8olidity/status/1594693686398316544
https://twitter.com/CertiKAlert/status/1594615286556393478
Testing
forge test --contracts ./src/test/Annex_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1593690338526273536
Testing
forge test --contracts ./src/test/UEarnPool_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1593094922160128000
Testing
forge test --contracts ./src/test/SheepFram_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1592658104394473472
https://twitter.com/BlockSecTeam/status/1592734292727455744
Testing
forge test --contracts ./src/test/DFX_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1590960299246780417
https://twitter.com/BeosinAlert/status/1591012525914861570
https://twitter.com/AnciliaInc/status/1590839104731684865
https://twitter.com/peckshield/status/1590831589004816384
Testing
forge test --contracts ./src/test/BrahTOPG_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1590685173477101570
Testing
forge test --contracts src/test/MEV_0ad8.t.sol -vvvv
https://twitter.com/Supremacy_CA/status/1590337718755954690
Testing
forge test --contracts ./src/test/Kashi_exp.sol -vvv
https://eigenphi.substack.com/p/casting-a-magic-spell-on-abracadabra
https://twitter.com/BlockSecTeam/status/1603633067876155393
Testing
forge test --contracts ./src/test/MooCAKECTX_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1589501207181393920
https://twitter.com/CertiKAlert/status/1589428153591615488
Testing
forge test --contracts ./src/test/BDEX_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1588579143830343683
Testing
forge test --contracts ./src/test/VTF_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1585575129936977920
https://twitter.com/peckshield/status/1585572694241988609
https://twitter.com/BeosinAlert/status/1585587030981218305
Testing
forge test --contracts ./src/test/TeamFinance.exp.sol -vvv
https://twitter.com/TeamFinance_/status/1585770918873542656
https://twitter.com/peckshield/status/1585587858978623491
https://twitter.com/solid_group_1/status/1585643249305518083
https://twitter.com/BeosinAlert/status/1585578499125178369
Testing
forge test --contracts src/test/N00d_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1584959295829180416
https://twitter.com/AnciliaInc/status/1584955717877784576
Testing
forge test --contracts ./src/test/ULME.sol -vvv
https://twitter.com/BlockSecTeam/status/1584839309781135361 https://twitter.com/BeosinAlert/status/1584888021299916801
Testing
forge test --contracts ./src/test/Market_exp.t.sol -vv
https://quillaudits.medium.com/decoding-220k-read-only-reentrancy-exploit-quillaudits-30871d728ad5
Testing
forge test --contracts ./src/test/MulticallWithoutCheck_exp.sol -vvv
Testing
forge test --contracts ./src/test/OlympusDao.exp.sol -vvv
https://twitter.com/peckshield/status/1583416829237526528
Testing
forge test --contracts ./src/test/HEALTH_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1583073442433495040
Testing
forge test --contracts ./src/test/BEGO_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1582828751250784256
https://twitter.com/peckshield/status/1582892058800685058
Testing
forge test --contracts ./src/test/HPAY_exp.sol -vvv
https://twitter.com/Supremacy_CA/status/1582345448190140417
Testing
forge test --contracts ./src/test/PLTD_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1582181583343484928
Testing
forge test --contracts ./src/test/Uerii_exp.sol -vvv
https://twitter.com/peckshield/status/1581988895142526976
Testing
forge test --contracts ./src/test/INUKO_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1587848874076430336
Testing
forge test --contracts ./src/test/EFLeverVault_exp.sol -vvv
https://twitter.com/Supremacy_CA/status/1581012823701786624
https://twitter.com/MevRefund/status/1580917351217627136
https://twitter.com/danielvf/status/1580936010556661761
Testing
forge test --contracts ./src/test/MEVa47b_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1580779311862190080
https://twitter.com/AnciliaInc/status/1580705036400611328
https://etherscan.io/tx/0x35ecf595864400696853c53edf3e3d60096639b6071cadea6076c9c6ceb921c1
Testing
forge test --contracts ./src/test/ATK_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1580095325200474112
Testing
forge test --contracts src/test/RabbyWallet_SwapRouter.exp.sol -vv
RabbyWallet_SwapRouter.exp.sol
https://twitter.com/Supremacy_CA/status/1579813933669486592
https://twitter.com/SlowMist_Team/status/1579839744128978945
https://twitter.com/BeosinAlert/status/1579856733178331139
Testing
forge test --contracts src/test/Templedao_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1579843881893769222
https://etherscan.io/tx/0x8c3f442fc6d640a6ff3ea0b12be64f1d4609ea94edd2966f42c01cd9bdcf04b5
Testing
forge test --contracts src/test/Carrot_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1579908411235237888
https://bscscan.com/tx/0xa624660c29ee97f3f4ebd36232d8199e7c97533c9db711fa4027994aa11e01b9
Testing
forge test --contracts src/test/XaveFinance_exp.sol -vv
https://twitter.com/BeosinAlert/status/1579040051853303808
https://etherscan.io/tx/0xc18ec2eb7d41638d9982281e766945d0428aaeda6211b4ccb6626ea7cff31f4a
Testing
forge test --contracts src/test/RES_exp.sol -vv
https://twitter.com/AnciliaInc/status/1578119778446680064
https://bscscan.com/tx/0xe59fa48212c4ee716c03e648e04f0ca390f4a4fc921a890fded0e01afa4ba96d
Testing
forge test --contracts src/test/TransitSwap_exp.sol -vv
https://twitter.com/TransitFinance/status/1576463550557483008
https://twitter.com/1nf0s3cpt/status/1576511552592543745
https://bscscan.com/tx/0x181a7882aac0eab1036eedba25bc95a16e10f61b5df2e99d240a16c334b9b189
Testing
forge test --contracts ./src/test/BabySwap_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1576441612812836865
Testing
forge test --contracts src/test/RL_exp.sol -vv
https://twitter.com/CertiKAlert/status/1576195971003858944
Testing
forge test --contracts src/test/THB_exp.sol -vv
https://twitter.com/peckshield/status/1575890733373849601
https://bscscan.com/tx/0x57aa9c85e03eb25ac5d94f15f22b3ba3ab2ef60b603b97ae76f855072ea9e3a0
Testing
forge test --contracts src/test/BXH_exp.sol -vv
https://www.jinse.com/lives/319392.html
https://bscscan.com/tx/0xa13c8c7a0c97093dba3096c88044273c29cebeee109e23622cd412dcca8f50f4
Testing
forge test --contracts ./src/test/DPC_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1568429355919089664
https://bscscan.com/address/0x2109bbecB0a563e204985524Dd3DB2F6254AB419
https://learnblockchain.cn/article/4733
An anonymous attacker noticed a flaw in the bots arbitrage contract code, and stole not only the recently acquired 800 ETH, but the entire 1,101 ETH in 0xbad’s wallet.
Testing
forge test --contracts ./src/test/MEVbadc0de_exp.sol -vvv
https://etherscan.io/tx/0x59ddcf5ee5c687af2cbf291c3ac63bf28316a8ecbb621d9f62d07fa8a5b8ef4e
Testing
forge test --contracts ./src/test/RADT_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1573252869322846209
https://bscscan.com/tx/0xd692f71de2768017390395db815d34033013136c378177c05d0d46ef3b6f0897
Testing
forge test --contracts ./src/test/BNB48MEVBot_exp.sol -vvv
https://twitter.com/1nf0s3cpt/status/1577594615104172033
https://bscscan.com/tx/0xd48758ef48d113b78a09f7b8c7cd663ad79e9965852e872fdfc92234c3e598d2
Testing
forge test --contracts ./src/test/Yyds_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1567928377432051713
https://bscscan.com/tx/0x04a1f0d1694242515ecb14faa71053901f11a1286cd21c27fe5542f9eeb62356
Testing
forge test --contracts ./src/test/ROI_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1567746825616236544
https://twitter.com/CertiKAlert/status/1567754904663429123
https://www.panewslab.com/zh_hk/articledetails/mbzalpdi.html
https://medium.com/quillhash/decoding-ragnarok-online-invasion-44k-exploit-quillaudits-261b7e23b55
Testing
forge test --contracts ./src/test/NewFreeDAO_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1567854876633309186
https://bscscan.com/tx/0x1fea385acf7ff046d928d4041db017e1d7ead66727ce7aacb3296b9d485d4a26
Testing
forge test --contracts ./src/test/NXUSD_exp.sol -vvv
https://medium.com/nereus-protocol/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6
https://snowtrace.io/tx/0x0ab12913f9232b27b0664cd2d50e482ad6aa896aeb811b53081712f42d54c026
Testing
forge test --contracts ./src/test/ZoomproFinance_exp.sol -vvv
https://twitter.com/blocksecteam/status/1567027459207606273
https://bscscan.com/tx/0xe176bd9cfefd40dc03508e91d856bd1fe72ffc1e9260cd63502db68962b4de1a
Anyone can burn $SDF
Testing
forge test --contracts ./src/test/Shadowfi_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1565549688509861888
https://bscscan.com/tx/0xe30dc75253eecec3377e03c532aa41bae1c26909bc8618f21fb83d4330a01018
Testing
forge test --contracts ./src/test/BadGuysbyRPF_exp.sol -vvv
https://twitter.com/RugDoctorApe/status/1565739119606890498
https://etherscan.io/tx/0x27e64a8215ae1528245c912bcca09883fdd7cce69249bd5d5d1c0eecf5297b96
Testing
forge test --contracts ./src/test/LuckyTiger_exp -vvv
forge script script/LuckyTiger_s_exp.sol:luckyHack --fork-url http://127.0.0.1:8545 --private-key $PRIVATE_KEY --broadcast
LuckyTiger_exp.sol | LuckyTiger_s_exp.sol
https://twitter.com/1nf0s3cpt/status/1576117129589317633
https://etherscan.io/tx/0x804ff3801542bff435a5d733f4d8a93a535d73d0de0f843fd979756a7eab26af
Testing
forge test --contracts ./src/test/XST.exp.sol -vvv
https://mobile.twitter.com/BlockSecTeam/status/1557195012042936320
Testing
forge test --contracts ./src/test/ANCH_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1557527183966408706
Testing
forge test --contracts ./src/test/EGD-Finance.exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1556483435388350464
https://twitter.com/PeckShieldAlert/status/1556486817406283776
Testing
forge test --contracts ./src/test/NomadBridge.exp.sol -vvv
https://twitter.com/samczsun/status/1554252024723546112
https://www.certik.com/resources/blog/28fMavD63CpZJOKOjb9DX3-nomad-bridge-exploit-incident-analysis
https://blog.coinbase.com/nomad-bridge-incident-analysis-899b425b0f34
Testing
forge test --contracts ./src/test/ReaperFarm.exp.sol -vvv
https://twitter.com/Reaper_Farm/status/1554500909740302337
https://twitter.com/BeosinAlert/status/1554476940593340421
20220725 LPC - Business Logic Flaw : Incorrect recipient balance check, did not check sender!=recipient in transfer
Testing
forge test --contracts ./src/test/LPC.exp.sol -vvv
https://www.panewslab.com/zh_hk/articledetails/uwv4sma2.html
https://twitter.com/BeosinAlert/status/1551535854681718784
Testing
forge test --contracts ./src/test/Audius.exp.sol -vvv
https://twitter.com/AudiusProject/status/1551000725169180672
https://twitter.com/1nf0s3cpt/status/1551050841146400768
https://blog.audius.co/article/audius-governance-takeover-post-mortem-7-23-22
Testing
forge test --contracts ./src/test/SpaceGodzilla.exp.sol -vvv
https://mobile.twitter.com/BlockSecTeam/status/1547456591900749824
https://medium.com/numen-cyber-labs/spacegodzilla-attack-event-analysis-d29a061b17e1
https://learnblockchain.cn/article/4396
https://learnblockchain.cn/article/4395 *** math behind such attack
Testing
forge test --contracts ./src/test/Omni_exp.sol -vv
https://twitter.com/SlowMist_Team/status/1546379086792388609
https://etherscan.io/tx/0x05d65e0adddc5d9ccfe6cd65be4a7899ebcb6e5ec7a39787971bcc3d6ba73996
The ownerWithdrawAllTo() without onlyOwner can call it.
Testing
forge test --contracts ./src/test/FlippazOne.sol -vvvv
https://twitter.com/bertcmiller/status/1544496577338826752
https://etherscan.io/tx/0x8bded20c1db5a1d5f595b15e682a95ce11d3c895d6031147fa49c4ffa5729a30
fillSellOrder function only check seller signature.
ECDSA signature combined with v r s, if recoveredAddress == sellOrder.seller; sellorder execute.
Testing
forge test --contracts ./src/test/Quixotic_exp.sol -vv
https://twitter.com/1nf0s3cpt/status/1542808565349777408
https://twitter.com/SlowMist_Team/status/1542795627603857409
Testing
forge test --contracts ./src/test/XCarnival.exp.sol -vv
https://twitter.com/XCarnival_Lab/status/1541226298399653888
https://twitter.com/peckshield/status/1541047171453034501
https://twitter.com/BlockSecTeam/status/1541070850505723905
Private key compromised case of Multisig wallet
Testing
forge test --contracts ./src/test/Harmony_multisig.sol -vvvv
https://twitter.com/harmonyprotocol/status/1540110924400324608
https://twitter.com/0xIvo/status/1540165571681128448
https://twitter.com/1nf0s3cpt/status/1540139812715261952
On _spendAllowance
function they use _getStandardAmount
and should be _getReflectedAmount
Testing
forge test --contracts ./src/test/Snood_poc.t.sol -vv
https://etherscan.io/tx/0x9a6227ef97d7ce75732645bd604ef128bb5dfbc1bfbe0966ad1cd2870d45a20e
https://ethtx.info/mainnet/0x9a6227ef97d7ce75732645bd604ef128bb5dfbc1bfbe0966ad1cd2870d45a20e/
Testing
forge test --contracts ./src/test/InverseFinance_exp.sol -vv
https://twitter.com/peckshield/status/1537382891230883841
https://twitter.com/SlowMist_Team/status/1537602909512376321
https://blocksecteam.medium.com/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91
https://www.certik.com/resources/blog/6LbL57WA3iMNm8zd7q111R-inverse-finance-incident-analysis
https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c
Testing
forge test --contracts ./src/test/Gym_2_exp.sol -vv
https://twitter.com/peckshield/status/1534423219607719936
https://twitter.com/1nf0s3cpt/status/1534464698069884929
https://www.jinse.com/news/blockchain/1658455.html
Testing
forge test --contracts ./src/test/Optimism_exp.sol -vv
Testing
forge test --contracts ./src/test/Discover_exp.sol -vv
https://www.twitter.com/BeosinAlert/status/1533734518623899648
https://www.anquanke.com/post/id/274003
https://bscscan.com/tx/0x8a33a1f8c7af372a9c81ede9e442114f0aabb537e5c3a22c0fd7231c4820f1e9
https://bscscan.com/tx/0x1dd4989052f69cd388f4dfbeb1690a3f3a323ebb73df816e5ef2466dc98fa4a4
Testing
forge test --contracts ./src/test/Novo_exp.sol -vvv
https://www.panewslab.com/zh_hk/articledetails/f40t9xb4.html
https://bscscan.com/tx/0xc346adf14e5082e6df5aeae650f3d7f606d7e08247c2b856510766b4dfcdc57f
https://bscscan.com/address/0xa0787daad6062349f63b7c228cbfd5d8a3db08f1#code
Testing
forge test --contracts ./src/test/HackDao_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1529084919976034304
buys vault token -> redeems NFTs -> claims airdrop of 60k APE -> re-supply's the pool Testing
forge test --contracts ./src/test/Bayc_apecoin_exp.sol -vvv
https://etherscan.io/tx/0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098
Testing
forge test --contracts ./src/test/FortressLoans.exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1523530484877209600
https://www.certik.com/resources/blog/k6eZOpnK5Kdde7RfHBZgw-fortress-loans-exploit
Testing
forge test --contracts ./src/test/Saddle_exp.sol -vvv
https://twitter.com/peckshield/status/1520330006710616064
https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38
https://github.com/Hephyrius/Immuni-Saddle-POC
Testing
forge test --contracts ./src/test/Rari_exp.t.sol -vv
https://certik.medium.com/fei-protocol-incident-analysis-8527440696cc
https://twitter.com/peckshield/status/1520369315698016256
https://etherscan.io/tx/0xab486012f21be741c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530
Testing
forge test --contracts ./src/test/Wdoge_exp.sol -vvv
https://twitter.com/solid_group_1/status/1519034573354676224
https://bscscan.com/tx/0x4f2005e3815c15d1a9abd8588dd1464769a00414a6b7adcbfd75a5331d378e1d
Testing
forge test --contracts ./src/test/deus_exp.sol -vv
https://twitter.com/peckshield/status/1519531866109317121
https://ftmscan.com/tx/0xe374495036fac18aa5b1a497a17e70f256c4d3d416dd1408c026f3f5c70a3a9c
Testing
forge test --contracts ./src/test/AkutarNFT_exp.sol -vv
https://blocksecteam.medium.com/how-akutar-nft-loses-34m-usd-60d6cb053dff
https://etherscan.io/address/0xf42c318dbfbaab0eee040279c6a2588fa01a961d#code
Testing
forge test --contracts ./src/test/Zeed_exp.sol -vv
https://www.cryptotimes.io/hacker-leaves-1m-to-self-destruct-after-zeed-protocol-exploit/
https://medium.com/@zeedcommunity/the-solution-for-the-yeed-lp-pool-attack-a120c53948cd
https://bscscan.com/tx/0x0507476234193a9a5c7ae2c47e4c4b833a7c3923cefc6fd7667b72f3ca3fa83a
Testing
forge test --contracts ./src/test/Beanstalk_exp.sol -vv
https://rekt.news/beanstalk-rekt/
https://medium.com/uno-re/beanstalk-farms-hacked-total-damage-is-182-million-b699dd3e5c8
https://twitter.com/peckshield/status/1515680335769456640
https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f
https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7
Testing
forge test --contracts ./src/test/Rikkei_exp.sol -vv
https://blockmagnates.com/rikkei-finance-hack/
https://knownseclab.com/news/625e865cf1c544005a4bdaf2
https://rikkeifinance.medium.com/rikkei-finance-incident-investigation-report-b5b1745b0155
https://bscscan.com/tx/0x93a9b022df260f1953420cd3e18789e7d1e095459e36fe2eb534918ed1687492
Testing
forge test --contracts ./src/test/Elephant_Money_poc.sol -vv
https://medium.com/elephant-money/reserve-exploit-52fd36ccc7e8
https://twitter.com/peckshield/status/1514023036596330496
https://twitter.com/BlockSecTeam/status/1513966074357698563
https://bscscan.com/tx/0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577
Testing
forge test --contracts ./src/test/Gym_1_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1512832398643265537
https://medium.com/@Beosin_com/beosin-analysis-of-the-attack-on-gymdefi-e5a23bfd93fe
https://bscscan.com/tx/0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
Testing
forge test --contracts ./src/test/Ronin_exp.sol -vv
https://etherscan.io/tx/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7
https://etherscan.io/tx/0xed2c72ef1a552ddaec6dd1f5cddf0b59a8f37f82bdda5257d9c7c37db7bb9b08
Testing
forge test --contracts ./src/test/RedactedCartel_exp.sol -vv
https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5
Testing
forge test --contracts ./src/test/Revest_exp.sol -vv
https://blocksecteam.medium.com/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f
https://etherscan.io/tx/0xe0b0c2672b760bef4e2851e91c69c8c0ad135c6987bbf1f43f5846d89e691428
Testing
forge test --contracts ./src/test/Auctus_exp.sol -vv
https://twitter.com/AuctusOptions/status/1508647849663291398?cxt=HHwWjICzpbzO5e8pAAAA
https://etherscan.io/tx/0x2e7d7e7a6eb157b98974c8687fbd848d0158d37edc1302ea08ee5ddb376befea
Testing
forge test --contracts ./src/test/CompoundTusd_exp.sol -vv
https://blog.openzeppelin.com/compound-tusd-integration-issue-retrospective/
Testing
forge test --contracts ./src/test/OneRing_exp.sol -vv
https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b
https://ftmscan.com/tx/0xca8dd33850e29cf138c8382e17a19e77d7331b57c7a8451648788bbb26a70145
Testing
forge test --contracts ./src/test/LiFi_exp.sol -vvvv
https://blog.li.fi/20th-march-the-exploit-e9e1c5c03eb9
https://twitter.com/lifiprotocol/status/1505738407938387971
https://etherscan.io/tx/0x4b4143cbe7f5475029cf23d6dcbb56856366d91794426f2e33819b9b1aac4e96
implemented a whitelist to only allow calls to approved DEXs.
Testing
forge test --contracts ./src/test/Umbrella_exp.sol -vv
https://medium.com/uno-re/umbrella-network-hacked-700k-lost-97285b69e8c7
https://etherscan.io/tx/0x33479bcfbc792aa0f8103ab0d7a3784788b5b0e1467c81ffbed1b7682660b4fa
Testing
forge test --contracts ./src/test/HundredFinance_exp.sol -vv
https://medium.com/immunefi/a-poc-of-the-hundred-finance-heist-4121f23a098
https://gnosisscan.io/tx/0x534b84f657883ddc1b66a314e8b392feb35024afdec61dfe8e7c510cfac1a098
Testing
forge test --contracts ./src/test/Paraluni_exp.sol -vv
https://halborn.com/explained-the-paraluni-hack-march-2022/
https://twitter.com/peckshield/status/1502815435498176514
https://mobile.twitter.com/paraluni/status/1502951606202994694
https://zhuanlan.zhihu.com/p/517535530
https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54
Testing
forge test --contracts ./src/test/Fantasm_exp.sol -vv
https://twitter.com/fantasm_finance/status/1501569232881995785
https://medium.com/quillhash/fantom-based-protocol-fantasm-suffers-2-6m-exploit-32de8191ccd4
https://www.certik.com/resources/blog/5p92144WQ44Ytm1AL4Jt9X-fantasm-finance
Testing
forge test --contracts ./src/test/Bacon_exp.sol -vv
https://twitter.com/peckshield/status/1500105933128495108
https://etherscan.io/tx/0xacfcaa8e1c482148f9f2d592c78ca7a27934c7333dab31978ed0aef333a28ab6
https://etherscan.io/tx/0x7d2296bcb936aa5e2397ddf8ccba59f54a178c3901666b49291d880369dbcf31
Testing
forge test --contracts ./src/test/TreasureDAO_exp.sol -vv
https://slowmist.medium.com/analysis-of-the-treasuredao-zero-fee-exploit-73791f4b9c14
https://arbiscan.io/tx/0x82a5ff772c186fb3f62bf9a8461aeadd8ea0904025c3330a4d247822ff34bc02
Testing
forge test --contracts ./src/test/BuildF_exp.sol -vv
https://twitter.com/finance_build/status/1493223190071554049
https://www.cryptotimes.io/build-finance-suffered-hostile-governance-takeover-lost-470k/
https://etherscan.io/tx/0x544e5849b71b98393f41d641683586d0b519c46a2eeac9bcb351917f40258a85
Testing
forge test --contracts ./src/test/Sandbox_exp.sol -vv
https://slowmist.medium.com/the-vulnerability-behind-the-sandbox-land-migration-2abf68933170
https://etherscan.io/tx/0x34516ee081c221d8576939f68aee71e002dd5557180d45194209d6692241f7b1
Testing
Solana TBD
forge test --contracts ./src/test/meter_exp.sol -vv
https://twitter.com/ishwinder/status/1490227406824685569
https://blog.chainsafe.io/breaking-down-the-meter-io-hack-a46a389e7ae4
this does not seem to be the correct transaction though: https://moonriver.moonscan.io/tx/0x5a87c24d0665c8f67958099d1ad22e39a03aa08d47d00b7276b8d42294ee0591
Testing
forge test --contracts ./src/test/Qubit_exp.sol -vv
https://medium.com/@QubitFin/protocol-exploit-report-305c34540fa3
https://etherscan.io/address/0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7 https://etherscan.io/tx/0xac7292e7d0ec8ebe1c94203d190874b2aab30592327b6cc875d00f18de6f3133 https://bscscan.com/tx/0x50946e3e4ccb7d39f3512b7ecb75df66e6868b9af0eee8a7e4b61ef8a459518e
Testing
forge test --contracts ./src/test/Anyswap_poc.t.sol -vv
https://medium.com/zengo/without-permit-multichains-exploit-explained-8417e8c1639b
https://twitter.com/PeckShieldAlert/status/1483363515411099651
https://etherscan.io/tx/0xe50ed602bd916fc304d53c4fed236698b71691a95774ff0aeeb74b699c6227f7
2021
Testing
forge test --contracts ./src/test/Visor_exp.t.sol -vv
https://twitter.com/GammaStrategies/status/1473306777131405314
https://etherscan.io/tx/0x69272d8c84d67d1da2f6425b339192fa472898dce936f24818fda415c1c1ff3f
Testing
forge test --contracts ./src/test/Grim_exp.sol -vv
https://cointelegraph.com/news/defi-protocol-grim-finance-lost-30m-in-5x-reentrancy-hack
https://rekt.news/grim-finance-rekt/
https://ftmscan.com/tx/0x19315e5b150d0a83e797203bb9c957ec1fa8a6f404f4f761d970cb29a74a5dd6
Testing
forge test --contracts ./src/test/Mono_exp.t.sol -vv
https://slowmist.medium.com/detailed-analysis-of-the-31-million-monox-protocol-hack-574d8c44a9c8
https://knownseclab.com/news/61a986811992da0067558749
https://www.tuoniaox.com/news/p-521076.html
https://polygonscan.com/tx/0x5a03b9c03eedcb9ec6e70c6841eaa4976a732d050a6218969e39483bb3004d5d
https://etherscan.io/tx/0x9f14d093a2349de08f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299
Testing
forge test --contracts ./src/test/Cream_2_exp.sol -vvv
https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5
Testing
forge test --contracts src/test/IndexedFinance_exp.t.sol -vv
https://blocksecteam.medium.com/the-analysis-of-indexed-finance-security-incident-8a62b9799836
Testing
forge test --contracts ./src/test/Sushimiso_exp.sol -vv
https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wrong
https://etherscan.io/tx/0x78d6355703507f88f2090eb780d245b0ab26bf470eabdb004761cedf3b1cda44
Testing
forge test --contracts ./src/test/Nimbus_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1438100688215560192
Testing
forge test --contracts ./src/test/NowSwap_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1438100688215560192
Testing
forge test --contracts src/test/ZABU_exp.sol -vvv
https://slowmist.medium.com/brief-analysis-of-zabu-finance-being-hacked-44243919ea29
Testing
forge test --contracts ./src/test/DaoMaker_exp.sol -vv
https://twitter.com/Mudit__Gupta/status/1434059922774237185
https://etherscan.io/tx/0xd5e2edd6089dcf5dca78c0ccbdf659acedab173a8ab3cb65720e35b640c0af7c
Testing
forge test --contracts ./src/test/Cream_exp.sol -vv
https://twitter.com/peckshield/status/1432249600002478081
https://twitter.com/creamdotfinance/status/1432249773575208964
https://etherscan.io/tx/0xa9a1b8ea288eb9ad315088f17f7c7386b9989c95b4d13c81b69d5ddad7ffe61e
Testing
forge test --contracts ./src/test/XSURGE_exp.t.sol -vv
https://beosin.medium.com/a-sweet-blow-fb0a5e08657d
https://bscscan.com/tx/0x8c93d6e5d6b3ec7478b4195123a696dbc82a3441be090e048fe4b33a242ef09d
Testing
forge test --contracts ./src/test/PolyNetwork/PolyNetwork_exp.sol -vv
https://rekt.news/polynetwork-rekt/
https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f
https://etherscan.io/tx/0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581/advanced
https://github.com/polynetwork/eth-contracts/tree/d16252b2b857eecf8e558bd3e1f3bb14cff30e9b
https://www.breadcrumbs.app/reports/671
One of the biggest design lessons that people need to take away from this is: if you have cross-chain relay contracts like this, MAKE SURE THAT THEY CAN'T BE USED TO CALL SPECIAL CONTRACTS. The EthCrossDomainManager shouldn't have owned the EthCrossDomainData contract.
Testing
forge test --contracts ./src/test/WaultFinance_exp.sol -vvv
Testing
forge test --contracts ./src/test/Levyathan_poc.sol -vv
https://levyathan-index.medium.com/post-mortem-levyathan-c3ff7f9a6f65
Testing
forge test --contracts ./src/test/Chainswap_exp2.sol -vv
https://twitter.com/real_n3o/status/1414071223940571139
https://rekt.news/chainswap-rekt/
https://chain-swap.medium.com/chainswap-exploit-11-july-2021-post-mortem-6e4e346e5a32
Testing
forge test --contracts ./src/test/Chainswap_exp1.sol -vv
https://chain-swap.medium.com/chainswap-post-mortem-and-compensation-plan-90cad50898ab
Testing
forge test --contracts src/test/SafeDollar_exp.sol -vvv
https://twitter.com/peckshield/status/1409443556251430918
Testing
forge test --contracts ./src/test/Eleven.sol -vv
https://peckshield.medium.com/eleven-finance-incident-root-cause-analysis-123b5675fa76
https://bscscan.com/tx/0xeaaa8f4d33b1035a790f0d7c4eb6e38db7d6d3b580e0bbc9ba39a9d6b80dd250
Testing
forge test --contracts ./src/test/88mph_exp.sol -vv
https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3
Testing
forge test --contracts ./src/test/PancakeHunny_exp.sol -vv
https://medium.com/hunnyfinance/pancakehunny-post-mortem-analysis-de78967401d8
https://bscscan.com/tx/0x765de8357994a206bb90af57dcf427f48a2021f2f28ca81f2c00bc3b9842be8e
Testing
forge test --contracts ./src/test/PancakeBunny_exp.sol -vv
https://rekt.news/pancakebunny-rekt/
https://bscscan.com/tx/0x897c2de73dd55d7701e1b69ffb3a17b0f4801ced88b0c75fe1551c5fcce6a979
Testing
forge test --contracts ./src/test/RariCapital_exp.sol -vv
https://rekt.news/rari-capital-rekt/
https://etherscan.com/tx/0x171072422efb5cd461546bfe986017d9b5aa427ff1c07ebe8acc064b13a7b7be
Testing
forge test --contracts ./src/test/ValueDefi_exp.sol -vv
https://rekt.news/rari-capital-rekt/
https://bscscan.com/tx/0xa00def91954ba9f1a1320ef582420d41ca886d417d996362bf3ac3fe2bfb9006
Testing
forge test --contracts ./src/test/Uranium_exp.sol -vv
https://twitter.com/FrankResearcher/status/1387347025742557186
https://bscscan.com/tx/0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991
Testing
forge test --contracts ./src/test/dodo_flashloan_exp.sol -vv
https://halborn.com/explained-the-dodo-dex-hack-march-2021/
https://etherscan.io/tx/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e
Testing
forge test --contracts ./src/test/PAID_exp.sol -vv
https://paidnetwork.medium.com/paid-network-attack-postmortem-march-7-2021-9e4c0fef0e07
https://etherscan.io/tx/0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0
Testing
forge test --contracts src/test/Sushi-Badger_Digg.exp.sol -vvvv
https://cmichel.io/replaying-ethereum-hacks-sushiswap-badger-dao-digg/
Before 2020
Testing
forge test --contracts ./src/test/Cover_exp.sol -vv
https://mudit.blog/cover-protocol-hack-analysis-tokens-minted-exploit/
https://slowmist.medium.com/a-brief-analysis-of-the-cover-protocol-hacked-event-700d747b309c
Testing
forge test --contracts ./src/test/Pickle_exp.sol -vv
https://github.com/banteg/evil-jar
https://etherscan.io/tx/0xe72d4e7ba9b5af0cf2a8cfb1e30fd9f388df0ab3da79790be842bfbed11087b0
Testing
forge test --contracts ./src/test/HarvestFinance_exp.sol -vv
https://rekt.news/harvest-finance-rekt/
https://etherscan.io/tx/0x35f8d2f572fceaac9288e5d462117850ef2694786992a8c3f6d02612277b0877
Testing
forge test --contracts ./src/test/Opyn.exp.sol -vv
https://medium.com/opyn/opyn-eth-put-exploit-post-mortem-1a009e3347a8
https://etherscan.io/tx/0x56de6c4bd906ee0c067a332e64966db8b1e866c7965c044163a503de6ee6552a
Testing
forge test --contracts ./src/test/Bancor_exp.sol -vv
https://blog.bancor.network/bancors-response-to-today-s-smart-contract-vulnerability-dc888c589fe4
https://etherscan.io/address/0x5f58058c0ec971492166763c8c22632b583f667f
Testing
forge test --contracts ./src/test/BEC_exp.sol -vv
https://etherscan.io/tx/0xad89ff16fd1ebe3a0a7cf4ed282302c06626c1af33221ebe0d3a470aba4a660f
https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d#code
Testing
forge test --contracts ./src/test/Parity_kill.sol -vvvv
https://elementus.io/blog/which-icos-are-affected-by-the-parity-wallet-bug/
https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9
https://etherscan.io/tx/0x47f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690
Foundry also has the ability to report the gas
used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.
Every poc in this repository can produce a gas report like this:
forge test --gas-report --contracts <contract> -vvv
For Example: Let us find out the gas used in the Audius poc
Execution
forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv
Demo
Moved to DeFiVulnLabs
Moved to DeFiLabs