40 incidents included.
20210305 Paid Network 20210204 Yearn YDai 20210125 Sushi Badger Digg
20171106 Parity - 'Accidentally Killed It'
Testing
forge test --contracts ./src/test/Visor_exp.t.sol -vv
https://twitter.com/GammaStrategies/status/1473306777131405314
https://etherscan.io/tx/0x69272d8c84d67d1da2f6425b339192fa472898dce936f24818fda415c1c1ff3f
Testing
forge test --contracts ./src/test/Grim_exp.sol -vv
https://cointelegraph.com/news/defi-protocol-grim-finance-lost-30m-in-5x-reentrancy-hack
https://rekt.news/grim-finance-rekt/
https://ftmscan.com/tx/0x19315e5b150d0a83e797203bb9c957ec1fa8a6f404f4f761d970cb29a74a5dd6
Testing
forge test --contracts ./src/test/NerveBridge.t.sol -vv
https://blocksecteam.medium.com/the-analysis-of-nerve-bridge-security-incident-ead361a21025
Testing
forge test --contracts ./src/test/Mono_exp.t.sol -vv
https://slowmist.medium.com/detailed-analysis-of-the-31-million-monox-protocol-hack-574d8c44a9c8
https://knownseclab.com/news/61a986811992da0067558749
https://www.tuoniaox.com/news/p-521076.html
https://polygonscan.com/tx/0x5a03b9c03eedcb9ec6e70c6841eaa4976a732d050a6218969e39483bb3004d5d
https://etherscan.io/tx/0x9f14d093a2349de08f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299
Testing
forge test --contracts ./src/test/Cream_2_exp.sol -vvv
https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5
Testing
forge test --contracts src/test/IndexedFinance_exp.t.sol -vv
https://blocksecteam.medium.com/the-analysis-of-indexed-finance-security-incident-8a62b9799836
Testing
forge test --contracts ./src/test/Sushimiso_exp.sol -vv
https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wrong
https://etherscan.io/tx/0x78d6355703507f88f2090eb780d245b0ab26bf470eabdb004761cedf3b1cda44
Testing
forge test --contracts ./src/test/Nimbus_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1438100688215560192
Testing
forge test --contracts ./src/test/NowSwap_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1438100688215560192
Testing
forge test --contracts src/test/ZABU_exp.sol -vvv
https://slowmist.medium.com/brief-analysis-of-zabu-finance-being-hacked-44243919ea29
Testing
forge test --contracts ./src/test/DaoMaker_exp.sol -vv
https://twitter.com/Mudit__Gupta/status/1434059922774237185
https://etherscan.io/tx/0xd5e2edd6089dcf5dca78c0ccbdf659acedab173a8ab3cb65720e35b640c0af7c
Testing
forge test --contracts ./src/test/Cream_exp.sol -vv
https://twitter.com/peckshield/status/1432249600002478081
https://twitter.com/creamdotfinance/status/1432249773575208964
https://etherscan.io/tx/0xa9a1b8ea288eb9ad315088f17f7c7386b9989c95b4d13c81b69d5ddad7ffe61e
Testing
forge test --contracts ./src/test/XSURGE_exp.t.sol -vv
https://beosin.medium.com/a-sweet-blow-fb0a5e08657d
https://bscscan.com/tx/0x8c93d6e5d6b3ec7478b4195123a696dbc82a3441be090e048fe4b33a242ef09d
Testing
forge test --contracts ./src/test/PolyNetwork/PolyNetwork_exp.sol -vv
https://rekt.news/polynetwork-rekt/
https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f
https://etherscan.io/tx/0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581/advanced
https://github.com/polynetwork/eth-contracts/tree/d16252b2b857eecf8e558bd3e1f3bb14cff30e9b
https://www.breadcrumbs.app/reports/671
One of the biggest design lessons that people need to take away from this is: if you have cross-chain relay contracts like this, MAKE SURE THAT THEY CAN'T BE USED TO CALL SPECIAL CONTRACTS. The EthCrossDomainManager shouldn't have owned the EthCrossDomainData contract.
Testing
forge test --contracts ./src/test/WaultFinance_exp.sol -vvv
Testing
forge test --contracts ./src/test/Levyathan_poc.sol -vv
https://levyathan-index.medium.com/post-mortem-levyathan-c3ff7f9a6f65
Testing
forge test --contracts ./src/test/Chainswap_exp2.sol -vv
https://twitter.com/real_n3o/status/1414071223940571139
https://rekt.news/chainswap-rekt/
https://chain-swap.medium.com/chainswap-exploit-11-july-2021-post-mortem-6e4e346e5a32
Testing
forge test --contracts ./src/test/Chainswap_exp1.sol -vv
https://chain-swap.medium.com/chainswap-post-mortem-and-compensation-plan-90cad50898ab
Testing
forge test --contracts src/test/SafeDollar_exp.sol -vvv
https://twitter.com/peckshield/status/1409443556251430918
Testing
forge test --contracts src/test/xWin_exp.sol -vvv
https://peckshield.medium.com/xwin-finance-incident-root-cause-analysis-71d0820e6bc1
Testing
forge test --contracts ./src/test/Eleven.sol -vv
https://peckshield.medium.com/eleven-finance-incident-root-cause-analysis-123b5675fa76
https://bscscan.com/tx/0xeaaa8f4d33b1035a790f0d7c4eb6e38db7d6d3b580e0bbc9ba39a9d6b80dd250
Testing
forge test --contracts ./src/test/88mph_exp.sol -vv
https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3
Testing
forge test --contracts ./src/test/PancakeHunny_exp.sol -vv
https://medium.com/hunnyfinance/pancakehunny-post-mortem-analysis-de78967401d8
https://bscscan.com/tx/0x765de8357994a206bb90af57dcf427f48a2021f2f28ca81f2c00bc3b9842be8e
Testing
forge test --contracts src/test/BurgerSwap_exp.sol -vv
https://twitter.com/Mudit__Gupta/status/1398156036574306304
Testing
forge test --contracts ./src/test/PancakeBunny_exp.sol -vv
https://rekt.news/pancakebunny-rekt/
https://bscscan.com/tx/0x897c2de73dd55d7701e1b69ffb3a17b0f4801ced88b0c75fe1551c5fcce6a979
Testing
forge test --contracts ./src/test/RariCapital_exp.sol -vv
https://rekt.news/rari-capital-rekt/
https://etherscan.com/tx/0x171072422efb5cd461546bfe986017d9b5aa427ff1c07ebe8acc064b13a7b7be
Testing
forge test --contracts ./src/test/ValueDefi_exp.sol -vv
https://rekt.news/rari-capital-rekt/
https://bscscan.com/tx/0xa00def91954ba9f1a1320ef582420d41ca886d417d996362bf3ac3fe2bfb9006
Testing
forge test --contracts src/test/Spartan_exp.t.sol -vv
https://rekt.news/spartan-rekt/
Testing
forge test --contracts ./src/test/Uranium_exp.sol -vv
https://twitter.com/FrankResearcher/status/1387347025742557186
https://bscscan.com/tx/0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991
Testing
forge test --contracts ./src/test/dodo_flashloan_exp.sol -vv
https://halborn.com/explained-the-dodo-dex-hack-march-2021/
https://etherscan.io/tx/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e
Testing
forge test --contracts ./src/test/PAID_exp.sol -vv
https://paidnetwork.medium.com/paid-network-attack-postmortem-march-7-2021-9e4c0fef0e07
https://etherscan.io/tx/0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0
Testing
forge test --contracts ./src/test/Yearn_ydai.sol -vv
https://github.com/yearn/yearn-security/blob/master/disclosures/2021-02-04.md
https://etherscan.io/tx/0x59faab5a1911618064f1ffa1e4649d85c99cfd9f0d64dcebbc1af7d7630da98b
Testing
forge test --contracts src/test/Sushi-Badger_Digg.exp.sol -vvvv
https://cmichel.io/replaying-ethereum-hacks-sushiswap-badger-dao-digg/
Testing
forge test --contracts ./src/test/Cover_exp.sol -vv
https://mudit.blog/cover-protocol-hack-analysis-tokens-minted-exploit/
https://slowmist.medium.com/a-brief-analysis-of-the-cover-protocol-hacked-event-700d747b309c
Testing
forge test --contracts ./src/test/Pickle_exp.sol -vv
https://github.com/banteg/evil-jar
https://etherscan.io/tx/0xe72d4e7ba9b5af0cf2a8cfb1e30fd9f388df0ab3da79790be842bfbed11087b0
Testing
forge test --contracts ./src/test/HarvestFinance_exp.sol -vv
https://rekt.news/harvest-finance-rekt/
https://etherscan.io/tx/0x35f8d2f572fceaac9288e5d462117850ef2694786992a8c3f6d02612277b0877
Testing
forge test --contracts ./src/test/Opyn.exp.sol -vv
https://medium.com/opyn/opyn-eth-put-exploit-post-mortem-1a009e3347a8
https://etherscan.io/tx/0x56de6c4bd906ee0c067a332e64966db8b1e866c7965c044163a503de6ee6552a
Testing
forge test --contracts ./src/test/Bancor_exp.sol -vv
https://blog.bancor.network/bancors-response-to-today-s-smart-contract-vulnerability-dc888c589fe4
https://etherscan.io/address/0x5f58058c0ec971492166763c8c22632b583f667f
Testing
forge test --contracts ./src/test/uniswap-erc777.sol -vv
https://blog.blockmagnates.com/detailed-explanation-of-uniswaps-erc777-re-entry-risk-8fa5b3738e08
Testing
forge test --contracts ./src/test/BEC_exp.sol -vv
https://etherscan.io/tx/0xad89ff16fd1ebe3a0a7cf4ed282302c06626c1af33221ebe0d3a470aba4a660f
https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d#code
Testing
forge test --contracts ./src/test/Parity_kill.sol -vvvv
https://elementus.io/blog/which-icos-are-affected-by-the-parity-wallet-bug/
https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9
https://etherscan.io/tx/0x47f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690