DeFi Hacks Reproduce - Foundry

Reproduce DeFi hack incidents using Foundry.

379 incidents included.

Let's make Web3 secure! Join Discord

Notion: 101 root cause analysis of past DeFi hacked incidents

Transaction debugging tools

Disclaimer: This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.

Getting Started

• Follow the instructions to install Foundry.

• Clone and install dependencies:git submodule update --init --recursive

• Contributing Guidelines

Web3 Cybersecurity Academy

All articles are also published on Substack.

OnChain transaction debugging (Ongoing)

• Lesson 1: Tools ( English | 中文 | Vietnamese | Korean | Spanish )
• Lesson 2: Warm up ( English | 中文 | Korean )
• Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( English | 中文 | Korean )
• Lesson 4: Write Your Own PoC (MEV Bot) ( English | 中文 | Korean )
• Lesson 5: Rugpull Analysis ( English | 中文 )
• Lesson 6: Write Your Own PoC (Reentrancy) ( English | 中文 )
• Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( English | 中文 )

List of Past DeFi Incidents

20240401 ATM

20240329 PrismaFi

20240325 ZongZi

20240314 ARK

20240321 SSS

20240320 Paraswap

20240314 MO

20240313 IT

20240309 Juice

20240309 UnizenIO

20240307 GHT

20240306 ALP

20240306 TGBS

20240305 Woofi

20240228 Seneca

20240228 SMOOFSStaking

20240223 CompoundUni

20240223 BlueberryProtocol

20240221 DeezNutz404

20240221 GAIN

20240219 RuggedArt

20240216 ParticleTrade

20240215 DualPools

20240215 Miner

20240211 Game

20240208 Pandora404

20240205 BurnsDefi

20240201 AffineDeFi

20240130 MIMSpell

20240128 BarleyFinance

20240127 CitadelFinance

20240125 NBLGAME

20240117 BmiZapper

20240117 SocketGateway

20240112 WiseLending

20240110 LQDX Alert

20240104 Gamma

20240102 RadiantCapital

20240101 OrbitChain

2023

20231225 Telcoin

20231222 PineProtocol

20231220 TransitFinance

20231217 FloorProtocol

20231216 NFTTrader

20231213 HYPR

20231206 TIME

20231206 ElephantStatus

20231205 BEARNDAO

20231201 UnverifiedContr_0x431abb

20231129 AIS

20231125 TheNFTV2

20231122 KyberSwap

20231117 Token8633_9419

20231117 ShibaToken

20231115 LinkDAO

20231114 OKC Project

20231112 MEV_0x8c2d

20231112 MEV_0xa247

20231111 Mahalend

20231110 Raft_fi

20231110 GrokToken

20231107 MEVbot

20231106 TrustPad

20231106 TheStandard_io

20231102 3913Token

20231101 OnyxProtocol

20231031 UniBotRouter

20231028 AstridProtocol

20231024 MaestroRouter2

20231022 OpenLeverage

20231019 kTAF

20231018 HopeLend

20231018 MicDao

20231013 BelugaDex

20231013 WiseLending

20231012 Platypus

20231011 BH

20231008 pSeudoEth

20231007 StarsArena

20231005 DePayRouter

20230930 FireBirdPair

20230929 DEXRouter

20230926 XSDWETHpool

20230924 KubSplit

20230921 CEXISWAP

20230916 uniclyNFT

20230911 0x0DEX

20230909 BFCToken

20230908 APIG

20230907 HCT

20230905 JumpFarm

20230905 HeavensGate

20230905 FloorDAO

20230902 DAppSocial

20230829 EAC

20230827 Balancer

20230826 SVT

20230824 GSS

20230821 EHIVE

20230819 BTC20

20230818 ExactlyProtocol

20230814 ZunamiProtocol

20230809 EarningFram

20230802 CurveBurner

20230802 Uwerx

20230801 NeutraFinance

20230801 LeetSwap

20230731 GYMNET

20230730 Curve

20230726 Carson

20230724 Palmswap

20230723 MintoFinance

20230722 ConicFinance02

20230721 ConicFinance

20230721 SUT

20230720 Utopia

20230720 FFIST

20230718 APEDAO

20230718 BNO

20230717 NewFi

20230712 Platypus

20230712 WGPT

20230711 RodeoFinance

20230711 Libertify

20230710 ArcadiaFi

20230708 CIVNFT

20230708 Civfund

20230707 LUSD

20230704 BambooIA

20230704 BaoCommunity

20230703 AzukiDAO

20230630 Biswap

20230628 Themis

20230623 SHIDO

20230621 BabyDogeCoin02

20230621 BUNN

20230620 MIM

20230618 ARA

20230617 Pawnfi

20230615 CFC

20230615 DEPUSDT_LEVUSDC

20230612 Sturdy Finance

20230611 SellToken04

20230607 CompounderFinance

20230606 VINU

20230606 UN

20230602 NST SimpleSwap

20230601 DDCoin

20230601 Cellframenet

20230531 ERC20TokenBank

20230529 Jimbo

20230529 BabyDogeCoin

20230529 FAPEN

20230529 NOON_NO

20230525 GPT

20230524 LocalTrade

20230524 CS

20230523 LFI

20230514 landNFT

20230514 SellToken03

20230513 Bitpaidio

20230513 SellToken02

20230512 LW

20230511 SellToken01

20230510 SNK

20230509 MCC

20230509 HODL

20230506 Melo

20230505 DEI

20230503 NeverFall

20230502 Level

20230428 0vix

20230427 SiloFinance

20230424 Axioma

20230419 OLIFE

20230416 Swapos V2

20230415 HundredFinance

20230413 yearnFinance

20230412 MetaPoint

20230411 Paribus

20230409 SushiSwap

20230405 Sentiment

20230402 Allbridge

20230328 SafeMoon Hack

20230328 THENA

20230325 DBW

20230322 BIGFI

20230317 ParaSpace NFT

20230315 Poolz

20230313 EulerFinance

20230308 DKP

20230307 Phoenix

20230227 LaunchZone

20230227 SwapX

20230224 EFVault

20230222 DYNA

20230218 RevertFinance

20230217 Starlink

20230217 Dexible

20230217 Platypusdefi

20230210 Sheep Token

20230210 dForce

20230207 CowSwap

20230206 FDP Token

20230203 Orion Protocol

20230203 Spherax USDs

20230202 BonqDAO

20230130 BEVO

20230126 TomInu Token

20230119 SHOCO Token

20230119 ThoreumFinance

20230118 QTN Token

20230118 UPS Token

20230117 OmniEstate

20230116 MidasCapital

20230111 UFDao

20230111 ROE

20230110 BRA

20230103 GDS

2022

20221230 DFS

20221229 JAY

20221225 Rubic

20221223 Defrost

20221214 Nmbplatform

20221214 FPR

20221213 ElasticSwap

20221212 BGLD

20221211 Lodestar

20221210 MUMUG

20221210 TIFIToken

20221209 NOVAToken

20221207 AES

20221205 RFB

20221205 BBOX

20221202 OverNight

20221201 APC

20221129 MBC & ZZSH

20221129 SEAMAN

20221123 NUM

20221122 AUR

20221121 SDAO

20221119 AnnexFinance

20221117 UEarnPool

20221116 SheepFarm

20221110 DFXFinance

20221109 brahTOPG

20221108 MEV_0ad8

20221108 Kashi

20221107 MooCAKECTX

20221105 BDEX

20221027 VTF

20221027 Team Finance

20221026 N00d Token

20221025 ULME

20221024 Market

20221024 MulticallWithoutCheck

20221021 OlympusDAO

20221020 HEALTH Token

20221020 BEGO Token

20221018 HPAY

20221018 PLTD Token

20221017 Uerii Token

20221014 INUKO Token

20221014 EFLeverVault

20221014 MEVBOT a47b

20221012 ATK

20221011 Rabby Wallet SwapRouter

20221011 Templedao

20221010 Carrot

20221009 Xave Finance

20221006 RES-Token

20221002 Transit Swap

20221001 BabySwap

20221001 RL

20221001 Thunder Brawl

20220929 BXH

20220928 MEVBOT Badc0de

20220923 RADT-DAO

20220913 MevBot Private TX

20220909 DPC

20220908 YYDS

20220908 NewFreeDAO

20220908 Ragnarok Online Invasion

20220906 NXUSD

20220905 ZoomproFinance

20220902 ShadowFi

20220902 Bad Guys by RPF

20220824 LuckyTiger NFT

20220810 XSTABLE Protocol

20220809 ANCH

20220807 EGD Finance

20220802 Nomad Bridge

20220801 Reaper Farm

20220725 LPC

20220723 Audius

20220713 SpaceGodzilla

20220710 Omni NFT

20220706 FlippazOne NFT

20220701 Quixotic - Optimism NFT Marketplace

20220626 XCarnival

20220624 Harmony's Horizon Bridge

20220618 SNOOD

20220616 InverseFinance

20220608 GYMNetwork

20220608 Optimism - Wintermute

20220606 Discover

20220529 NOVO Protocol

20220524 HackDao

20220517 ApeCoin

20220508 Fortress Loans

20220430 Saddle Finance

20220430 Rari Capital/Fei Protocol

20220428 DEUS DAO

20220424 Wiener DOGE

20220423 Akutar NFT

20220421 Zeed Finance

20220416 BeanstalkFarms

20220415 Rikkei Finance

20220412 ElephantMoney

20220411 Creat Future

20220409 GYMNetwork

20220329 Ronin Network

20220329 Redacted Cartel

20220327 Revest Finance

20220326 Auctus

20220322 CompoundTUSDSweepTokenBypass

20220321 OneRing Finance

20220320 LI.FI

20220320 Umbrella Network

20220315 Hundred Finance

20220313 Paraluni

20220309 Fantasm Finance

20220305 Bacon Protocol

20220303 TreasureDAO

20220214 BuildFinance - DAO

20220208 Sandbox LAND

20220206 Meter

20220206 TecraSpace

20220128 Qubit Finance

20220118 Multichain (Anyswap)

2021

20211221 Visor Finance

20211218 Grim Finance

20211214 Nerve Bridge

20211130 MonoX Finance

20211027 Cream Finance

20211015 Indexed Finance

20210916 SushiSwap Miso

20210915 Nimbus Platform

20210915 NowSwap Platform

20210912 ZABU Finance

20210903 DAO Maker

20210830 Cream Finance

20210817 XSURGE

20210811 Poly Network

20210804 WaultFinance

20210728 Levyathan Finance

20210710 Chainswap

20210702 Chainswap

20210628 SafeDollar

20210625 xWin Finance

20210622 Eleven Finance

20210607 88mph NFT

20210603 PancakeHunny

20210527 BurgerSwap

20210519 PancakeBunny

20210508 Rari Capital

20210508 Value Defi

20210502 Spartan

20210428 Uranium

20210308 DODO

20210305 Paid Network

20210125 Sushi Badger Digg

Before 2020

20201229 Cover Protocol

20201121 Pickle Finance

20201026 Harvest Finance

20200804 Opyn Protocol

20200618 Bancor Protocol

20200418 UniSwapV1

20180422 Beauty Chain

20171106 Parity - 'Accidentally Killed It'

---

Transaction debugging tools

Phalcon | Tx tracer | Cruise | Ethtx | Tenderly | eigenphi

Ethereum Signature Database

4byte | sig db | etherface

Useful tools

ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI | Abi tools

Hacks Dashboard

Slowmist | Defillama | De.Fi | Rekt | Cryptosec

---

List of DeFi Hacks & POCs

20240401 ATM - business logic flaw

Lost: $~182K USD

forge test --contracts ./src/test/ATM_exp.sol -vvv

Contract

ATM_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1775008489569718508

20240329 PrismaFi - Insufficient Validation

Lost: $~11M

forge test --contracts ./src/test/Prisma_exp.sol -vvv

Contract

Prisma_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1773371049951797485

---

20240325 ZongZi - Price Manipulation

Lost: ~223K

forge test --contracts src/test/ZongZi_exp.sol -vvv

Contract

ZongZi_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1772195949638775262

---

20240321 SSS - Token Balance Doubles on Transfer to self

Lost: 4.8M

forge test --contracts ./src/test/SSS_exp.sol -vvv

Contract

SSS_exp.sol

Link reference

https://twitter.com/dot_pengun/status/1770989208125272481

---

20240324 ARK - business logic flaw

Lost: ~348BNB

forge test --contracts src/test/ARK_exp.sol -vvv

Contract

ARK_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1771728823534375249

---

20240320 Paraswap - Incorrect Access Control

Lost: ~24K

forge test --contracts src/test/Paraswap_exp.sol -vvv --evm-version shanghai

Contract

Paraswap_exp.sol

Link reference

https://medium.com/neptune-mutual/analysis-of-the-paraswap-exploit-1f97c604b4fe

---

20240314 MO - business logic flaw

Lost: ~413k USDT

forge test --contracts src/test/MO_exp.sol -vvv

Contract

MO_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768184024483430523

---

20240313 IT - business logic flaw

Lost: ~13k USDT

forge test --via-ir  --contracts src/test/IT_exp.sol -vvv

Contract

IT_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1768171595561046489

---

20240309 Juice - Business Logic Flaw

Lost: ~54 ETH

forge test --contracts ./src/test/Juice_exp.sol -vvv

Contract

Juice_exp.sol

Link reference

https://medium.com/@juicebotapp/juice-staking-exploit-next-steps-95e218b3ec71

---

20240309 UnizenIO - unverified external call

Lost: ~2M

forge test --contracts src/test/UnizenIO_exp.sol -vvvv

Contract

UnizenIO_exp.sol | UnizenIO2_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1766274000534004187

https://twitter.com/AnciliaInc/status/1766261463025684707

---

20240307 GHT - Business Logic Flaw

Lost: ~57K

forge test --contracts ./src/test/GHT_exp.sol -vvv

Contract

GHT_exp.sol

Link reference

---

20240306 ALP - Public internal function

Lost: ~10K

Testing

forge test --contracts ./src/test/ALP_exp.sol -vvv

Contract

ALP_exp.sol

Link Reference

https://twitter.com/0xNickLFranklin/status/1765296663667875880

---

20240306 TGBS - Business Logic Flaw

Lost: ~150K

forge test --contracts ./src/test/TGBS_exp.sol -vvv

Contract

TGBS_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1765290290083144095

https://twitter.com/Phalcon_xyz/status/1765285257949974747

---

20240305 Woofi - Price Manipulation

Lost: ~8M

forge test --contracts ./src/test/Woofi_exp.sol -vvv

Contract

Woofi_exp.sol

Link reference

https://twitter.com/spreekaway/status/1765046559832764886 https://twitter.com/PeckShieldAlert/status/1765054155478175943

---

20240228 Seneca - Arbitrary External Call Vulnerability

Lost: ~6M

forge test --contracts ./src/test/Seneca_exp.sol -vvv

Contract

Seneca_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1763045563040411876

---

20240228 SMOOFSStaking - Reentrancy

Lost: Unclear

forge test --contracts ./src/test/SMOOFSStaking_exp.sol -vvv

Contract

SMOOFSStaking_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1762893563103428783

https://twitter.com/0xNickLFranklin/status/1762895774311178251

---

20240223 CompoundUni - Oracle bad price

Lost: ~439,537 USD

forge test --contracts ./src/test/CompoundUni_exp.sol -vvv

Contract

CompoundUni_exp.sol

Link reference

https://twitter.com/0xLEVI104/status/1762092203894276481

---

20240223 BlueberryProtocol - logic flaw

Lost: ~1,400,000 USD

forge test --contracts ./src/test/BlueberryProtocol_exp.sol -vvv

Contract

BlueberryProtocol_exp.sol

Link reference

https://twitter.com/blueberryFDN/status/1760865357236211964

---

20240221 DeezNutz 404 - lack of validation

Lost: ~170k

forge test --contracts ./src/test/DeezNutz404_exp.sol -vvv

Contract

DeezNutz404_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760481343161700523

---

20240221 GAIN - bad function implementation

Lost: ~6.4 ETH

forge test --contracts ./src/test/GAIN_exp.sol -vvv

Contract

GAIN_exp.sol

Link reference

https://twitter.com/0xNickLFranklin/status/1760559768241160679

---

20240219 RuggedArt - reentrancy

Lost: ~10k

forge test --contracts ./src/test/RuggedArte_exp.sol -vvv

Contract

RuggedArte_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1759822545875025953

---

20240216 ParticleTrade - lack of validation data

Lost: ~50k

forge test --contracts ./src/test/ParticleTrade_exp.sol -vvv

Contract

ParticleTrade_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1758028270770250134

---

20240215 DualPools - precision truncation

Lost: ~42k

forge test --contracts ./src/test/DualPools_exp.sol -vvvv

Contract

DualPools_exp.sol

Link reference

https://medium.com/@lunaray/dualpools-hack-analysis-5209233801fa

---

20240215 Miner - lack of validation dst address

Lost: ~150k

forge test --contracts ./src/test/Miner_exp.sol -vvv --evm-version shanghai

Contract

Miner_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1757777340002681326

---

20240211 Game - Reentrancy && Business Logic Flaw

Lost: ~20 ETH

forge test --contracts ./src/test/Game_exp.sol -vvv

Contract

Game_exp.sol

Link reference

https://twitter.com/AnciliaInc/status/1757533144033739116

---

20240208 Pandora - interger underflow

Lost: ~17K USD

forge test --contracts ./src/test/PANDORA_exp.sol -vvv

Contract

PANDORA_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1766479470058406174

---

20240205 BurnsDefi - Price Manipulation

Lost: ~67K

forge test --contracts ./src/test/BurnsDefi_exp.sol -vvv

Contract

BurnsDefi_exp.sol

Link reference

https://twitter.com/pennysplayer/status/1754342573815238946

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408 (similar incident)

---

20240201 AffineDeFi - lack of validation userData

Lost: ~88K

forge test --contracts ./src/test/AffineDeFi_exp.sol -vvv

Contract

AffineDeFi_exp.sol

Link reference

https://twitter.com/Phalcon_xyz/status/1753020812284809440

https://twitter.com/CyversAlerts/status/1753040754287513655

---

20240130 MIMSpell - Precission Loss

Lost: ~6,5M

forge test --contracts ./src/test/MIMSpell2_exp.sol -vvv

Contract

MIMSpell2_exp.sol

Link reference

https://twitter.com/kankodu/status/1752581744803680680

https://twitter.com/Phalcon_xyz/status/1752278614551216494

https://twitter.com/peckshield/status/1752279373779194011

https://phalcon.blocksec.com/explorer/security-incidents

---

20240128 BarleyFinance - Reentrancy

Lost: ~130K

forge test --contracts ./src/test/BarleyFinance_exp.sol -vvv

Contract

BarleyFinance_exp.sol

Link reference

https://phalcon.blocksec.com/explorer/security-incidents

https://www.bitget.com/news/detail/12560603890246

https://twitter.com/Phalcon_xyz/status/1751788389139992824

---

20240127 CitadelFinance - Price Manipulation

Lost: ~93K

forge test --contracts ./src/test/CitadelFinance_exp.sol -vvv

Contract

CitadelFinance_exp.sol

Link reference

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408

---

20240125 NBLGAME - Reentrancy

Lost: ~180K

forge test --contracts ./src/test/NBLGAME_exp.sol -vvv

Contract

NBLGAME_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1750526097106915453

https://twitter.com/AnciliaInc/status/1750558426382635036

---

20240117 BmiZapper - Arbitrary external call vulnerability

Lost: ~114K

forge test --contracts ./src/test/Bmizapper_exp.sol -vvv

Contract

BmiZapper_exp.sol

Link reference

https://x.com/0xmstore/status/1747756898172952725

---

20240112 SocketGateway - Lack of calldata validation

Lost: ~3.3Million $

forge test --contracts ./src/test/SocketGateway_exp.sol -vvv --evm-version shanghai

Contract

SocketGateway_exp.sol

Link reference

https://twitter.com/BeosinAlert/status/1747450173675196674

https://twitter.com/peckshield/status/1747353782004900274

---

20240112 WiseLending - Loss of Precision

Lost: ~464K

forge test --contracts ./src/test/WiseLending02_exp.sol -vvv --evm-version shanghai

Contract

WiseLending02_exp.sol

Link reference

https://twitter.com/EXVULSEC/status/1746829519334650018

https://twitter.com/peckshield/status/1745907642118123774

---

20240110 LQDX - Unauthorized TransferFrom

Lost: unknown

forge test --contracts src/test/LQDX_alert_exp.sol -vvv

Contract

LQDX_alert_exp.sol

Link reference

https://twitter.com/SlowMist_Team/status/1744972012865671452

---

20240104 Gamma - Price manipulation

Lost: ~6.3M

forge test --contracts ./src/test/Gamma_exp.sol -vvv

Contract

Gamma_exp.sol

Link reference

https://twitter.com/officer_cia/status/1742772207997050899

https://twitter.com/shoucccc/status/1742765618984829326

---

20240102 RadiantCapital - Loss of Precision

Lost: ~4,5M

forge test --contracts ./src/test/RadiantCapital_exp.sol -vvv

Contract

RadiantCapital_exp.sol

Link reference

https://neptunemutual.com/blog/how-was-radiant-capital-exploited/

https://twitter.com/BeosinAlert/status/1742389285926678784

---

20240101 OrbitChain - Incorrect input validation

Lost: ~81M

forge test --contracts ./src/test/OrbitChain_exp.sol -vvv

Contract

OrbitChain_exp.sol

Link reference

https://blog.solidityscan.com/orbit-chain-hack-analysis-b71c36a54a69

---

View Gas Reports

Foundry also has the ability to report the gas used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.

Every poc in this repository can produce a gas report like this:

forge test --gas-report --contracts <contract> -vvv

For Example: Let us find out the gas used in the Audius poc

Execution

forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv

Demo

Bug Reproduce

Moved to DeFiVulnLabs

FlashLoan Testing

Moved to DeFiLabs