DeFi Hacks Reproduce - Foundry

2024 - List of Past DeFi Incidents

153 incidents included.

20241223 Moonhacker - improper input validation

Lost: 318.9 k

forge test --contracts ./../../src/test/2024-12/Moonhacker_exp.sol -vvv --evm-version shanghai

Contract

Moonhacker_exp.sol

Link reference

https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6

20241203 Pledge - Access Control

Lost: 15K

forge test --contracts ./../../src/test/2024-12/Pledge_exp.sol -vvv --evm-version shanghai

Contract

Pledge_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1864126176848965810

20241119 PolterFinance - FlashLoan Attack

Lost: $7M

forge test --contracts ./../../src/test/2024-11/PolterFinance_exploit.sol -vvv

Contract

PolterFinance_exploit.sol

Link reference

https://twitter.com/Bcpaintball26/status/1857865758551805976

20241111 DeltaPrime - Reentrancy

Lost: $4.75 M

forge test --contracts ./../../src/test/2024-11/DeltaPrime_exp.sol -vvv

Contract

DeltaPrime_exp.sol

Link reference

https://x.com/peckshield/status/1855910524460159197

20241026 CompoundFork - Flashloan attack

Lost: $1M

forge test --contracts ./../../src/test/2024-10/CompoundFork_exploit.sol -vvv --evm-version shanghai

Contract

CompoundFork_exploit.sol

Link reference

https://x.com/Phalcon_xyz/status/1849636437349527725 https://app.blocksec.com/explorer/tx/base/0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e

20241022 Erc20transfer - Access Control

Lost: $14,773.35

forge test --contracts ./../../src/test/2024-10/Erc20transfer_exp.sol -vvv

Contract

Erc20transfer_exp.sol

Link reference

https://x.com/d23e_AG/status/1849064161017225645

20241022 Vista - flashmint receive error

Lost: $28,000

forge test --contracts ./../../src/test/2024-10/VISTA_exp.sol -vvv --evm-version cancun

Contract

VISTA_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1848403791881900130

20241013 MorphoBlue - Overpriced Asset in Oracle

Lost: $230,000

forge test --contracts ./../../src/test/2024-10/MorphoBlue_exp.sol -vvv --evm-version shanghai

Contract

MorphoBlue_exp.sol

Link reference

https://x.com/omeragoldberg/status/1845515843787960661

20241011 P719Token - Price Manipulation Inflate Attack

Total Lost : 547.18 BNB (~$312K USD)

forge test --match-contract P719Token_exp -vvv

Contract

P719Token_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1844753750386426182

20241006 SASHAToken - Price Manipulation

Total Lost : 249 ETH (~$600K USD)

forge test --match-contract SASHAToken_exp -vvv

Contract

SASHAToken_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1842864840265883833

20241010 HYDT - Oracle Price Manipulation

Total Lost : 5.8k USDT

forge test --contracts ./../../src/test/2024-10/HYDT_exp.sol -vvv --evm-version cancun

Contract

HYDT_exp.sol

Link reference

https://x.com/TenArmorAlert/status/1844241843518951451

20241005 AIZPTToken - Wrong Price Calculation

Total Lost : 34.88 BNB (~$20K USD)

forge test --match-contract AIZPTToken_exp -vvv

Contract

AIZPTToken_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1842576732047700077

20241001 FireToken - Pair Manipulation With Transfer Function

Lost: 8.45 ETH (~$20K USD)

forge test --contracts ./../../src/test/2024-10/FireToken_exp.sol -vvv

Contract

FireToken_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1841305965750350089

20241002 LavaLending - Price Manipulation

Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)

forge test --match-contract LavaLending_exp -vvv

Contract

LavaLending_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1841823216425435308

https://nickfranklin.site/2024/10/03/unknown-lending-project-hacked-due-to-price-oracle-manipulation/

20240926 OnyxDAO - Fake Market

Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)

forge test --match-contract OnyxDAO_exp -vvv

Contract

OnyxDAO_exp.sol

Link reference

https://x.com/peckshield/status/1839302663680438342

20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function

Lost: 27.83925883 BTC (~$1.7M USD)

forge test --match-contract Bedrock_DeFi_exp -vvv

Contract

Bedrock_DeFi_exp.sol

Link reference

https://x.com/certikalert/status/1839403126694326374

20240924-MARA---price-manipulation

Lost: ~8.8 WBNB (~5.3K USD)

forge test --match-contract MARA_exp -vvv

Contract

MARA_exp.sol

Link reference

https://bscscan.com/tx/0x0fe3716431f8c2e43217c3ca6d25eed87e14d0fbfa9c9ee8ce4cef2e5ec4583c

20240923 Bankroll_Network - Incorrect input validation

Lost: ~404 WBNB (~234.8K USD)

forge test --match-contract Bankroll_exp -vvv

Contract

Bankroll_exp.sol

Link reference

https://x.com/Phalcon_xyz/status/1838042368018137547

20240913 OTSeaStaking - Logic Flaw

Lost: 26k

forge test --match-contract OTSeaStaking_exp -vvv

Contract

OTSeaStaking_exp.sol

Link reference

Nick Franklin: https://nickfranklin.site/2024/09/13/otsea-staking-hacked/

20240910 Caterpillar_Coin_CUT - Price Manipulation

Lost: ~1.4M USD

forge test --match-contract Caterpillar_Coin_CUT_exp -vvv --evm-version shanghai

Contract

Caterpillar_Coin_CUT_exp.sol

Link reference

https://www.certik.com/zh-CN/resources/blog/caterpillar-coin-cut-token-incident-analysis

20240903 Penpiexyz_io - Reentrancy and Reward Manipulation

Lost: 11,113.6 ETH (~$27,348,259 USD)

forge test --match-contract Penpiexyzio_exp -vvv --evm-version shanghai

Contract

Penpiexyzio_exp.sol

Link reference

https://x.com/peckshield/status/1831072098669953388

https://x.com/AnciliaInc/status/1831080555292856476

https://x.com/hackenclub/status/1831383106554573099

post-morten: https://x.com/Penpiexyz_io/status/1831462760787452240

20240828 AAVE - Arbitrary Call Error

Lost: 52000

forge test --match-contract AAVE_Repay_Adapter -vvv

Contract

AAVE_Repay_Adapter.sol

Link reference

https://www.vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar

20240816 Zenterest - Price Out Of Date

Lost: ~21000 USD

forge test --match-contract Zenterest_exp -vvvv --evm-version shanghai

Contract

Zenterest_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1824579761383018564

20240816 OMPx Contract - FlashLoan

Lost: 4.37 ETH (~11527 USD)

forge test --match-contract OMPxContract_exp -vvv

Contract

OMPxContract_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1820816386551357448

20240814 NoName - Arbitrary Call

Lost: ~5k

forge test --match-contract YodlRouter_exp -vvv

Contract

YodlRouter_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1823601087011807636

20240813 VOW - Misconfiguration

Lost: ~ 1M USD

forge test --match-contract VOW_exp -vvv

Contract

VOW_exp.sol

Link reference

https://x.com/Vowcurrency/status/1823407231658025300

20240812 iVest - Business logic flaw

Lost: ~338 WBNB

forge test --match-contract IvestDao_exp -vvv

Contract

IvestDao_exp.sol

Link reference

https://x.com/AnciliaInc/status/1822870201698050064

20240806 Novax - Price Manipulation

Lost: ~25K USD

forge test --match-contract NovaXM2E_exp -vvv

Contract

NovaXM2E_exp.sol

Link reference

https://x.com/EXVULSEC/status/1820676684410147276

20240801 Convergence - Incorrect input validation

Lost: ~200K USD

forge test --match-contract Convergence_exp -vvvv --evm-version cancun

Contract

Convergence_exp.sol

Link reference

https://x.com/DecurityHQ/status/1819030089012527510

20240724 Spectra_finance - Incorrect input validation

Lost: ~73K USD

forge test --match-contract Spectra_finance_exp -vvv

Contract

Spectra_finance_exp.sol

Link reference

https://x.com/shoucccc/status/1815981585637990899

20240723 MEVbot_0xdd7c - Incorrect input validation

Lost: ~18k USD

forge test --match-contract -vvv --evm-version cancun

Contract

MEVbot_0xdd7c_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1815656653100077532

20240716 Lifiprotocol - Incorrect input validation

Lost: ~10M USD

forge test --match-contract Lifiprotocol_exp -vvv

Contract

Lifiprotocol_exp.sol

Link reference

https://x.com/danielvf/status/1505689981385334784

20240714 Minterest - Reentrancy

Lost: ~427 ETH

forge test --match-contract Minterest_exp -vvv

Contract

Minterest_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1813122959219040323

20240712 DoughFina - Incorrect input validation

Lost: ~1.8M USD

forge test --match-contract DoughFina_exp -vvv

Contract

DoughFina_exp.sol

Link reference

https://x.com/CertiKAlert/status/1811668992882307478

20240711 SBT - business logic flaw

Lost: ~56K USD

forge test --match-contract SBT_exp -vvv

Contract

SBT_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1811401263969673654

20240711 GAX - Lack of access control

Lost: ~50K $BUSD

forge test --match-contract GAX_exp -vvv

Contract

GAX_exp.sol

Link reference

https://x.com/EXVULSEC/status/1811348160851378333

20240708 LW - Integer Underflow

Lost: ~7K USD

forge test --match-contract LW_exp -vvv

Contract

LW_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1810245893490368820

20240705 DeFiPlaza - loss of precision

Lost: ~200K USD

forge test --match-contract DeFiPlaza_exp -vvv

Contract

DeFiPlaza_exp.sol

Link reference

https://x.com/DecurityHQ/status/1809222922998808760

20240703 UnverifiedContr_0x452E25 - lack-of-access-control

Lost: 27 ETH

forge test --match-contract UnverifiedContr_0x452E25_exp -vvv --evm-version "cancun"

Contract

UnverifiedContr_0x452E25_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1808334870650970514

20240702 MRP - Reentrancy

Lost: 17 BNB

forge test --match-contract MRP_exp -vvv

Contract

MRP_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1808309614443733005

20240628 Will - business logic flaw

Lost: $52K

forge test --match-contract Will_exp -vvv --evm-version "shanghai"

Contract

Will_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1806704287252394238

20240627 APEMAGA - business logic flaw

Lost: ~9 ETH

forge test --match-contract APEMAGA_exp -vvv --evm-version "shanghai"

Contract

APEMAGA_exp.sol

Link reference

https://x.com/ChainAegis/status/1806297556852601282

20240618 INcufi - business logic flaw

Lost: ~59K USD

forge test --match-contract INcufi_exp -vvv

Contract

INcufi_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1803317022513832301

20240617 Dyson_money - business logic flaw

Lost: 52 BNB

forge test --match-contract Dyson_money_exp -vvv

Contract

Dyson_money_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1802634237667054052

20240616 WIFCOIN_ETH - business logic flaw

Lost: ~3.4 ETH (WIF token)

forge test --match-contract WIFCOIN_ETH_exp -vvv --evm-version "shanghai"

Contract

WIFCOIN_ETH_exp.sol

Link reference

https://x.com/ChainAegis/status/1802550962977964139

20240616 Crb2 - business logic flaw

Lost: ~15K

forge test --match-contract Crb2_exp -vvv --evm-version shanghai

Contract

Crb2_exp.sol

Link reference

20240611 JokInTheBox - business logic flaw

Lost: ~9.2 ETH

forge test --match-contract JokInTheBox_exp -vvv --evm-version cancun

Contract

JokInTheBox_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1800355604692910571

20240610 UwULend - Price Manipulation

Lost: 19.3M

forge test --contracts ./../../src/test/2024-06/UwuLend_First_exp.sol -vvv --evm-version shanghai

forge test --contracts ./../../src/test/2024-06/UwuLend_Second_exp.sol -vvv --evm-version shanghai

Contract

UwuLend_First_exp.sol

UwuLend_Second_exp.sol

Link reference

https://x.com/peckshield/status/1800176089316163831

20240610 Bazaar - Insufficient Permission Check

Lost: 1.4M

forge test --match-contract Bazaar_exp -vvv

Contract

Bazaar_exp.sol

Link reference

https://x.com/shoucccc/status/1800353122159833195

20240608 YYStoken - Business Logic Flaw

Lost: $28K

forge test --match-contract YYS_exp -vv

Contract

YYS_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1799610045589831833

20240606 SteamSwap - Logic Flaw

Lost: ~$91k

forge test --match-contract SteamSwap_exp -vvv --evm-version shanghai

Contract

SteamSwap_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1798905797440897386

20240606 MineSTM - Business Logic Flaw

Lost: $13.8K

forge test --match-contract MineSTM_exp -vv

Contract

MineSTM_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1798920774511898862

20240604 NCD - Business Logic Flaw

Lost: $6.4K

forge test --match-contract NCD_exp -vv

Contract

NCD_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1797821034319765604

20240601 VeloCore - lack-of-access-control

Lost: $6.88M

forge test --match-contract Velocore_exp -vv

Contract

Velocore_exp.sol

Link reference

https://x.com/BeosinAlert/status/1797247874528645333

20240531 Liquiditytokens - Business Logic Flaw

Lost: ~200K USD

forge test --match-contract Liquiditytokens_exp -vvv

Contract

Liquiditytokens_exp.sol

Link reference

https://x.com/EXVULSEC/status/1796499069583724638

20240531 MixedSwapRouter - Arbitrary Call

Lost: >10700USD(WINR token)

forge test --match-contract MixedSwapRouter_exp -vvv

Contract

MixedSwapRouter_exp.sol

Link reference

https://x.com/ChainAegis/status/1796484286738227579

20240529 SCROLL - Integer Underflow

Lost: 76 ETH

forge test --match-contract SCROLL_exp -vvv

Contract

SCROLL_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1795650745448169741

20240529 MetaDragon - Lack of Access Control

Lost: ~ $180k

forge test --match-contract MetaDragon_exp -vvvvv --evm-version shanghai

Contract

MetaDragon_exp.sol

Link reference

https://x.com/Phalcon_xyz/status/1795746828064854497

20240528 Tradeonorion - Business Logic Flaw

Lost: ~645K

forge test --match-contract Tradeonorion_exp -vvv

Contract

Tradeonorion_exp.sol

Link reference

https://x.com/MetaSec_xyz/status/1796008961302258001

20240528 EXcommunity - Business Logic Flaw

Lost: 33BNB

forge test --match-contract EXcommunity_exp -vvv

Contract

EXcommunity_exp.sol

Link reference

https://x.com/SlowMist_Team/status/1795648617530995130

20240527 RedKeysCoin - Weak RNG

Lost: $12K

forge test --match-contract RedKeysCoin_exp -vvv --evm-version shanghai

Contract

RedKeysCoin_exp.sol

Link reference

20240526 NORMIE - Business Logic Flaw

Lost: $490K

forge test --match-contract NORMIE_exp -vv

Contract

NORMIE_exp.sol

Link reference

https://x.com/lookonchain/status/1794680612399542672

20240522 Burner - sandwich ack

Lost: 1.7 eth

forge test --match-contract Burner_exp -vv

Contract

Burner_exp.sol

Link reference

https://x.com/0xNickLFranklin/status/1792925754243625311

20240516 TCH - Signature Malleability Vulnerability

Lost: $18K

forge test --match-contract TCH_exp -vvv

Contract

TCH_exp.sol

Link reference

https://x.com/DecurityHQ/status/1791180322882629713

20240514 Sonne Finance - Precision loss

Lost: $20M

forge test --match-contract Sonne_exp -vvv

Contract

Sonne_exp.sol

Link reference

https://neptunemutual.com/blog/taking-a-closer-look-at-sonne-finance-exploit/

20240514 PredyFinance - Reentrancy

Lost: $464K

forge test --match-contract PredyFinance_exp -vvv

Contract

PredyFinance_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1790307019590680851

20240512 TGC - Business Logic Flaw

Lost: $32K

forge test --match-contract TGC_exp -vvv

Contract

TGC_exp.sol

Link reference

https://x.com/ChainAegis/status/1789490986588205529

20240510 GFOX - lack of access control

Lost: 330K USD

forge test --match-contract GFOX_exp -vvv --evm-version shanghai

Contract

GFOX_exp.sol

Link reference

https://twitter.com/CertiKAlert/status/1788751142144401886

20240510 TSURU - Insufficient Validation

Lost: 140K

forge test --match-contract TSURU_exp -vvv --evm-version shanghai

Contract

TSURU_exp.sol

Link reference

https://base.tsuru.wtf/usdtsuru-exploit-incident-report

20240508 GPU - self transfer

Lost: ~32K USD

forge test --match-contract GPU_exp -vvv

Contract

GPU_exp.sol

Link reference

https://twitter.com/PeckShieldAlert/status/1788153869987611113

20240507 SATURN - Price Manipulation

Lost: ~15 BNB

forge test --match-contract OSN_exp -vvv

Contract

SATURN_exp.sol

Link reference

https://twitter.com/ChainAegis/status/1787667253435195841

20240506 OSN - Reward Distribution Problem

Lost: ~109K USD

forge test --match-contract OSN_exp -vvv --evm-version shanghai

Contract

OSN_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1787330586857861564

20240430 Yield - Business Logic Flaw

Lost: 181K

forge test --match-contract Yield_exp -vvv

Contract

Yield_exp.sol

Link reference

https://twitter.com/peckshield/status/1785121607192817692

https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50

20240430 PikeFinance - Uninitialized Proxy

Lost: 1.4M

forge test --match-contract PikeFinance_exp -vvv

Contract

PikeFinance_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1785508900093194591

20240427 BNBX - precission loss

Lost: ~75 $BNB

forge test --match-contract BNBX_exp -vvv --evm-version shanghai

Contract

BNBX_exp.sol

Link reference

https://x.com/ChainAegis/status/1784431544557514896

20240425 NGFS - Bad Access Control

Lost: ~190K

forge test --match-contract NGFS_exp -vvv --evm-version shanghai

Contract

NGFS_exp.sol

Link reference

https://twitter.com/CertiKAlert/status/1783476515331616847

20240424 XBridge - Logic Flaw

Lost: >200k USD(plus a lot of STC, SRLTY, Mazi tokens)

forge test --match-contract XBridge_exp -vvv

Contract

XBridge_exp.sol

20240424 YIEDL - Input Validation

Lost: 150k USD

forge test --match-contract YIEDL_exp -vvv

Contract

YIEDL_exp.sol

20240422 Z123 - price manipulation

Lost: 136k USD

forge test --match-contract Z123_exp -vvv

Contract

Z123_exp.sol

Link reference

https://twitter.com/PeckShieldAlert/status/1782322484911784385

20240420 Rico - Arbitrary Call

Lost: 36K

forge test --match-contract Rico_exp -vvv

Contract

Rico_exp.sol

Link reference

https://twitter.com/ricocreditsys/status/1781803698940781009

20240419 HedgeyFinance - Logic Flaw

Lost: 48M USD

forge test --match-contract HedgeyFinance_exp -vvv

Contract

HedgeyFinance_exp.sol

Link reference

https://twitter.com/Cube3AI/status/1781294512716820918

20240417 UnverifiedContr_0x00C409 - unverified external call

Lost: ~ 18 eth

forge test --match-contract UnverifiedContr_0x00C409_exp -vvv

Contract

UnverifiedContr_0x00C409_exp.sol

Link reference

https://x.com/CyversAlerts/status/1780593407871635538

20240416 SATX - Logic Flaw

Lost: ~ 50 BNB

forge test --match-contract SATX_exp -vvv

Contract

SATX_exp.sol

Link reference

https://x.com/bbbb/status/1780341239801393479

20240416 MARS - Bad Reflection

Lost: >100K

forge test --match-contract MARS_exp -vv

Contract

MARS_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1780150315603701933

20240415 GFA - business-logic-flaw

Lost: ~14K USD

forge test --match-contract GFA_exp -vvv

Contract

GFA_exp.sol

Link reference

https://x.com/ChainAegis/status/1779809931962827055

20240415 ChaingeFinance - Arbitrary External Call

Lost: ~560K

forge test --match-contract ChaingeFinance_exp -vvv

Contract

ChaingeFinance_exp.sol

Link reference

https://twitter.com/CyversAlerts/status/1779875922381860920

20240414 Hackathon - business logic flaw

Lost: ~20K

forge test --match-contract Hackathon_exp -vvv

Contract

Hackathon_exp.sol

Link reference

https://x.com/EXVULSEC/status/1779519508375613827

20240412 FIL314 - Insufficient Validation And Price Manipulation

Lost: ~14 BNB

forge test --match-contract FIL314_exp -vvv

Contract

FIL314_exp.sol

Link reference

20240412 SumerMoney - Reentrancy

Lost: 350K

forge test --match-contract SumerMoney_exp -vvv

Contract

SumerMoney_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1778986926705672698

20240412 GROKD - lack of access control

Lost: $~150 BNB

forge test --match-contract GROKD_exp -vvv

Contract

GROKD_exp.sol

Link reference

https://x.com/hipalex921/status/1778482890705416323?t=KvvG83s7SXr9I55aftOc6w&s=05

20240410 BigBangSwap - precission loss

Lost: $~5K $BUSD

forge test --match-contract BigBangSwap_exp -vvv

Contract

BigBangSwap_exp.sol

Link reference

https://x.com/ChainAegis/status/1778254222288621912

20240409 UPS - business logic flaw

Lost: $~28K USD

forge test --match-contract UPS_exp -vvv

Contract

UPS_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1777589021058728214

20240408 SQUID - sandwich attack

Lost: $~87K USD

forge test --match-contract SQUID_exp -vvv

Contract

SQUID_exp.sol

Link reference

https://twitter.com/bbbb/status/1777228277415039304

20240404 wsm - manipulating price

Lost: $~18K USD

forge test --match-contract WSM_exp -vvv

Contract

WSM_exp.sol

Link reference

https://hacked.slowmist.io/#:~:text=Hacked%20target%3A%20Wall%20Street%20Memes

20240402 HoppyFrogERC - business logic flaw

Lost: ~0.3 ETH

forge test --match-contract HoppyFrogERC_exp -vvv --evm-version shanghai

Contract

HoppyFrogERC_exp.sol

Link reference

https://x.com/ChainAegis/status/1775351437410918420

20240401 ATM - business logic flaw

Lost: $~182K USD

forge test --match-contract ATM_exp -vvv

Contract

ATM_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1775008489569718508

20240401 OpenLeverage - business logic flaw

Lost: ~234K

forge test --match-contract OpenLeverage2_exp -vvv

Contract

OpenLeverage2_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

20240329 ETHFIN - lack of access control

Lost: ~$1.24K (2.13 BNB)

forge test --match-contract ETHFIN_exp -vvv --evm-version shanghai

Contract

ETHFIN_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0xfe031685d84f3bae1785f5b2bd0ed480b87815c3f23ce6ced73b8573b7e367c6

20240329 PrismaFi - Insufficient Validation

Lost: $~11M

forge test --match-contract Prisma_exp -vvv

Contract

Prisma_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1773371049951797485

20240328 LavaLending - Business Logic Flaw

Lost: ~340K

forge test --match-contract LavaLending_exp -vvv

Contract

LavaLending_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

https://twitter.com/Phalcon_xyz/status/1773546399713345965

https://hackmd.io/@LavaSecurity/03282024

20240325 ZongZi - Price Manipulation

Lost: ~223K

forge test --match-contract ZongZi_exp -vvv

Contract

ZongZi_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1772195949638775262

20240323 CGT - Incorrect Access Control

Lost: 996B (CGT token)

forge test --match-contract CGT_exp -vvv

Contract

CGT_exp.sol

Link reference

https://x.com/AnciliaInc/status/1771598968448745536

20240321 SSS - Token Balance Doubles on Transfer to self

Lost: 4.8M

forge test --match-contract SSS_exp -vvv

Contract

SSS_exp.sol

Link reference

https://twitter.com/dot_pengun/status/1770989208125272481

20240324 ARK - business logic flaw

Lost: ~348BNB

forge test --match-contract ARK_exp -vvv

Contract

ARK_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1771728823534375249

20240320 Paraswap - Incorrect Access Control

Lost: ~24K

forge test --match-contract Paraswap_exp -vvv --evm-version shanghai

Contract

Paraswap_exp.sol

Link reference

https://medium.com/neptune-mutual/analysis-of-the-paraswap-exploit-1f97c604b4fe

20240314 MO - business logic flaw

Lost: ~413k USDT

forge test --match-contract MO_exp -vvv

Contract

MO_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768184024483430523

20240313 IT - business logic flaw

Lost: ~13k USDT

forge test --via-ir ---match-contract IT_exp -vvv

Contract

IT_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768171595561046489

20240312 BBT - business logic flaw

Lost: ~5.06 ETH

forge test --match-contract BBT_exp -vvv

Contract

BBT_exp.sol

Link reference

https://x.com/8olidity/status/1767470002566058088

20240311 Binemon - precission-loss

Lost: ~0.2 BNB

forge test --match-contract Binemon_exp -vvv

Contract

Binemon_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x1999bb5c11a8d8bfa7620fc5cc37f5bc59c1a99d7a9250a8d6076c93bbdbeb5f

20240309 Juice - Business Logic Flaw

Lost: ~54 ETH

forge test --match-contract Juice_exp -vvv --evm-version shanghai

Contract

Juice_exp.sol

Link reference

https://medium.com/@juicebotapp/juice-staking-exploit-next-steps-95e218b3ec71

20240309 UnizenIO - unverified external call

Lost: ~2M

forge test --match-contract UnizenIO_exp -vvvv

Contract

UnizenIO_exp.sol | UnizenIO2_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1766274000534004187

https://twitter.com/AnciliaInc/status/1766261463025684707

20240307 GHT - Business Logic Flaw

Lost: ~57K

forge test --match-contract GHT_exp -vvv

Contract

GHT_exp.sol

Link reference

20240306 ALP - Public internal function

Lost: ~10K

Testing

forge test --match-contract ALP_exp -vvv

Contract

ALP_exp.sol

Link Reference

https://twitter.com/0xNickLFranklin/status/1765296663667875880

20240306 TGBS - Business Logic Flaw

Lost: ~150K

forge test --match-contract TGBS_exp -vvv

Contract

TGBS_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1765290290083144095

https://twitter.com/Phalcon_xyz/status/1765285257949974747

20240305 Woofi - Price Manipulation

Lost: ~8M

forge test --match-contract Woofi_exp -vvv

Contract

Woofi_exp.sol

Link reference

https://twitter.com/spreekaway/status/1765046559832764886 https://twitter.com/PeckShieldAlert/status/1765054155478175943

20240228 Seneca - Arbitrary External Call Vulnerability

Lost: ~6M

forge test --match-contract Seneca_exp -vvv

Contract

Seneca_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1763045563040411876

20240228 SMOOFSStaking - Reentrancy

Lost: Unclear

forge test --match-contract SMOOFSStaking_exp -vvv

Contract

SMOOFSStaking_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1762893563103428783

https://twitter.com/0xNickLFranklin/status/1762895774311178251

20240223 Zoomer - Business Logic Flaw

Lost: ~14 ETH

forge test --match-contract Zoomer_exp -vvv --evm-version "shanghai"

Contract

Zoomer_exp.sol

Link reference

https://x.com/ChainAegis/status/1761246415488225668

20240223 CompoundUni - Oracle bad price

Lost: ~439,537 USD

forge test --match-contract CompoundUni_exp -vvv

Contract

CompoundUni_exp.sol

Link reference

https://twitter.com/0xLEVI104/status/1762092203894276481

20240223 BlueberryProtocol - logic flaw

Lost: ~1,400,000 USD

forge test --match-contract BlueberryProtocol_exp -vvv

Contract

BlueberryProtocol_exp.sol

Link reference

https://twitter.com/blueberryFDN/status/1760865357236211964

20240222 SwarmMarkets - lack of validation

Lost: ~7k $DAI

forge test --match-contract SwarmMarkets_exp -vvv

Contract

SwarmMarkets_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/eth/0xa4d7ee2ddb9db06961a17e2a5ae71743a266bcb720be138670f4a10e8dfc13e9

20240221 DeezNutz 404 - lack of validation

Lost: ~170k

forge test --match-contract DeezNutz404_exp -vvv

Contract

DeezNutz404_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760481343161700523

20240221 GAIN - bad function implementation

Lost: ~6.4 ETH

forge test --match-contract GAIN_exp -vvv

Contract

GAIN_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760559768241160679

20240220 EGGX - reentrancy

Lost: ~2 ETH

forge test --match-contract EGGX_exp -vvv

Contract

EGGX_exp.sol

Link reference

https://x.com/PeiQi_0/status/1759826303044497726

20240219 RuggedArt - reentrancy

Lost: ~10k

forge test --match-contract RuggedArt_exp -vvv

Contract

RuggedArt_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1759822545875025953

20240216 ParticleTrade - lack of validation data

Lost: ~50k

forge test --match-contract ParticleTrade_exp -vvv

Contract

ParticleTrade_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1758028270770250134

20240215 DualPools - precision truncation

Lost: ~42k

forge test --match-contract DualPools_exp -vvvv

Contract

DualPools_exp.sol

Link reference

https://medium.com/@lunaray/dualpools-hack-analysis-5209233801fa

20240215 Babyloogn - lack of validation

Lost: ~2 $BNB

forge test --match-contract Babyloogn_exp -vvvv

Contract

Babyloogn_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0xd081d6bb96326be5305a6c00dd51d1799971794941576554341738abc1ceb202

20240215 Miner - lack of validation dst address

Lost: ~150k

forge test --match-contract Miner_exp -vvv --evm-version shanghai

Contract

Miner_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1757777340002681326

20240213 MINER - Price Manipulation

Lost: ~3.5 WBNB

forge test --match-contract MINER_bsc_exp -vvv --evm-version shanghai

Contract

MINER_bsc_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x15ab671c9bf918fa4b6a9eed9ccb527f32aca40e926ede2aec2c84dfa9c30512?line=6

20240211 Game - Reentrancy && Business Logic Flaw

Lost: ~20 ETH

forge test --match-contract Game_exp -vvv

Contract

Game_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1757533144033739116

20240210 FILX DN404 - Access Control

Lost: 200K

forge test --match-contract DN404_exp -vvv

Contract

DN404_exp.sol

20240208 Pandora - interger underflow

Lost: ~17K USD

forge test --match-contract PANDORA_exp -vvv

Contract

PANDORA_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1766479470058406174

20240205 BurnsDefi - Price Manipulation

Lost: ~67K

forge test --match-contract BurnsDefi_exp -vvv

Contract

BurnsDefi_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1754342573815238946

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408 (similar incident)

20240202 ADC - incorrect-access-control

Lost: ~20 eth

forge test --match-contract ADC_exp -vvv

Contract

ADC_exp.sol

Link reference

https://x.com/EXVULSEC/status/1753294675971313790

20240201 AffineDeFi - lack of validation userData

Lost: ~88K

forge test --match-contract AffineDeFi_exp -vvv

Contract

AffineDeFi_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1753020812284809440

https://twitter.com/CyversAlerts/status/1753040754287513655

20240130 XSIJ - Business Logic Flaw

Lost: ~51K USD

forge test --match-contract XSIJ_exp -vvv

Contract

XSIJ_exp.sol

Link reference

https://x.com/CertiKAlert/status/1752384801535918264

20240130 MIMSpell - Precission Loss

Lost: ~6,5M

forge test --match-contract MIMSpell2_exp -vvv

Contract

MIMSpell2_exp.sol

Link reference

https://twitter.com/kankodu/status/1752581744803680680

https://twitter.com/Phalcon_xyz/status/1752278614551216494

https://twitter.com/peckshield/status/1752279373779194011

https://phalcon.blocksec.com/explorer/security-incidents

20240129 PeapodsFinance - Reentrancy

Lost: ~1K $DAI

forge test --match-contract PeapodsFinance_exp -vvv

Contract

PeapodsFinance_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/eth/0x95c1604789c93f41940a7fd9eca11276975a9a65d250b89a247736287dbd2b7e

20240128 BarleyFinance - Reentrancy

Lost: ~130K

forge test --match-contract BarleyFinance_exp -vvv

Contract

BarleyFinance_exp.sol

Link reference

https://phalcon.blocksec.com/explorer/security-incidents

https://www.bitget.com/news/detail/12560603890246

https://twitter.com/Phalcon_xyz/status/1751788389139992824

20240127 CitadelFinance - Price Manipulation

Lost: ~93K

forge test --match-contract CitadelFinance_exp -vvv

Contract

CitadelFinance_exp.sol

Link reference

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408

20240125 NBLGAME - Reentrancy

Lost: ~180K

forge test --match-contract NBLGAME_exp -vvv

Contract

NBLGAME_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1750526097106915453

https://twitter.com/AnciliaInc/status/1750558426382635036

20240122 DAO_SoulMate - Incorrect Access Control

Lost: ~319K

forge test --match-contract DAO_SoulMate_exp -vvv --evm-version 'shanghai'

Contract

DAO_SoulMate_exp.sol

Link reference

https://twitter.com/MetaSec_xyz/status/1749743245599617282

20240117 BmiZapper - Arbitrary external call vulnerability

Lost: ~114K

forge test --match-contract Bmizapper_exp -vvv

Contract

BmiZapper_exp.sol

Link reference

https://x.com/0xmstore/status/1747756898172952725

20240115 Shell_MEV_0xa898 - lack of access control

Lost: ~1K $BUSD

forge test --match-contract Shell_MEV_0xa898_exp -vvv

Contract

Shell_MEV_0xa898_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x24f114c0ef65d39e0988d164e052ce8052fe4a4fd303399a8c1bb855e8da01e9

20240112 SocketGateway - Lack of calldata validation

Lost: ~3.3Million $

forge test --match-contract SocketGateway_exp -vvv --evm-version shanghai

Contract

SocketGateway_exp.sol

Link reference

https://twitter.com/BeosinAlert/status/1747450173675196674

https://twitter.com/peckshield/status/1747353782004900274

20240112 WiseLending - Bad HealthFactor Check

Lost: ~464K

forge test --match-contract WiseLending02_exp -vvv --evm-version shanghai

Contract

WiseLending02_exp.sol

Link reference

https://twitter.com/danielvf/status/1746303616778981402

20240110 Freedom - lack of access control

Lost: 74 $WBNB

forge test --match-contract Freedom_exp -vvv

Contract

Freedom_exp.sol

Link reference

https://app.blocksec.com/explorer/tx/bsc/0x309523343cc1bb9d28b960ebf83175fac941b4a590830caccff44263d9a80ff0

20240110 LQDX - Unauthorized TransferFrom

Lost: unknown

forge test --match-contract LQDX_alert_exp -vvv

Contract

LQDX_alert_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1744972012865671452

20240104 Gamma - Price manipulation

Lost: ~6.3M

forge test --match-contract Gamma_exp -vvv

Contract

Gamma_exp.sol

Link reference

https://twitter.com/officer_cia/status/1742772207997050899

https://twitter.com/shoucccc/status/1742765618984829326

20240102 MIC - Business Logic Flaw

Lost: ~500K

forge test --match-contract MIC_exp -vvv

Contract

MIC_exp.sol

Link reference

https://x.com/MetaSec_xyz/status/1742484748239536173

20240102 RadiantCapital - Loss of Precision

Lost: ~4,5M

forge test --match-contract RadiantCapital_exp -vvv

Contract

RadiantCapital_exp.sol

Link reference

https://neptunemutual.com/blog/how-was-radiant-capital-exploited/

https://twitter.com/BeosinAlert/status/1742389285926678784

20240101 OrbitChain - Incorrect input validation

Lost: ~81M

forge test --match-contract OrbitChain_exp -vvv

Contract

OrbitChain_exp.sol

Link reference

https://blog.solidityscan.com/orbit-chain-hack-analysis-b71c36a54a69

Files

README.md

Latest commit

History

README.md

File metadata and controls

DeFi Hacks Reproduce - Foundry

2024 - List of Past DeFi Incidents

20241223 Moonhacker - improper input validation

Lost: 318.9 k

Contract

Link reference

20241203 Pledge - Access Control

Lost: 15K

Contract

Link reference

20241119 PolterFinance - FlashLoan Attack

Lost: $7M

Contract

Link reference

20241111 DeltaPrime - Reentrancy

Lost: $4.75 M

Contract

Link reference

20241026 CompoundFork - Flashloan attack

Lost: $1M

Contract

Link reference

20241022 Erc20transfer - Access Control

Lost: $14,773.35

Contract

Link reference

20241022 Vista - flashmint receive error

Lost: $28,000

Contract

Link reference

20241013 MorphoBlue - Overpriced Asset in Oracle

Lost: $230,000

Contract

Link reference

20241011 P719Token - Price Manipulation Inflate Attack

Total Lost : 547.18 BNB (~$312K USD)

Contract

Link reference

20241006 SASHAToken - Price Manipulation

Total Lost : 249 ETH (~$600K USD)

Contract

Link reference

20241010 HYDT - Oracle Price Manipulation

Total Lost : 5.8k USDT

Contract

Link reference

20241005 AIZPTToken - Wrong Price Calculation

Total Lost : 34.88 BNB (~$20K USD)

Contract

Link reference

20241001 FireToken - Pair Manipulation With Transfer Function

Lost: 8.45 ETH (~$20K USD)

Contract

Link reference

20241002 LavaLending - Price Manipulation

Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)

Contract

Link reference

20240926 OnyxDAO - Fake Market

Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)

Contract

Link reference

20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function

Lost: 27.83925883 BTC (~$1.7M USD)

Contract

Link reference

20240924-MARA---price-manipulation

Lost: ~8.8 WBNB (~5.3K USD)

Contract

Link reference

20240923 Bankroll_Network - Incorrect input validation

Lost: ~404 WBNB (~234.8K USD)

Contract

Link reference