Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sunweb3sec/defihacklabs

Reproduce DeFi hacked incidents using Foundry.
https://github.com/sunweb3sec/defihacklabs

defi ethereum foundry solidity web3

Last synced: 30 days ago
JSON representation

Reproduce DeFi hacked incidents using Foundry.

Awesome Lists containing this project

README

        

# DeFi Hacks Reproduce - Foundry

**Reproduce DeFi hack incidents using Foundry.**

533 incidents included.

Let's make Web3 secure! Join [Discord](https://discord.gg/Fjyngakf3h)

Notion: [101 root cause analysis of past DeFi hacked incidents](https://web3sec.xrex.io/)

[Transaction debugging tools](https://github.com/SunWeb3Sec/DeFiHackLabs/#transaction-debugging-tools)

**Disclaimer:** This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.

## Getting Started

- Follow the [instructions](https://book.getfoundry.sh/getting-started/installation.html) to install [Foundry](https://github.com/foundry-rs/foundry).

- Clone and install dependencies:`git submodule update --init --recursive`
- [Contributing Guidelines](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/CONTRIBUTING.md)

## [Web3 Cybersecurity Academy](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy)

All articles are also published on [Substack](https://defihacklabs.substack.com/).

### OnChain transaction debugging

- Lesson 1: Tools ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/01_tools/en) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/01_tools) | [Vietnamese](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/01_tools/vi) | [Korean](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/01_tools/ko) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/01_tools/es) )
- Lesson 2: Warm up ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/02_warmup/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/02_warmup/) | [Korean](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/02_warmup/ko) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/02_warmup/es) )
- Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/03_write_your_own_poc/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/03_write_your_own_poc/) | [Korean](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/03_write_your_own_poc/ko) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/03_write_your_own_poc/es) )
- Lesson 4: Write Your Own PoC (MEV Bot) ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/04_write_your_own_poc/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/04_write_your_own_poc/) | [Korean](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/04_write_your_own_poc/kr/) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/04_write_your_own_poc/es) )
- Lesson 5: Rugpull Analysis ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/05_Rugpull/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/05_Rugpull/) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/05_Rugpull/es) )
- Lesson 6: Write Your Own PoC (Reentrancy) ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/06_write_your_own_poc/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/06_write_your_own_poc/) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/06_write_your_own_poc/es) )
- Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( [English](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/07_Analysis_nomad_bridge/en/) | [中文](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/07_Analysis_nomad_bridge/) | [Spanish](https://github.com/SunWeb3Sec/DeFiHackLabs/tree/main/academy/onchain_debug/07_Analysis_nomad_bridge/es) )

## Who Support Us? DeFiHackLabs Received Grant From



## Donate us

If you appreciate our work, please consider donating. Even a small amount helps us continue developing and improving our projects, and promoting web3 security.

- Gitcoin - [Donate DeFiHackLabs](https://explorer.gitcoin.co/#/projects/0xbea14fd383c20cd085f30b2baa83ce96be83f1b56464bd74fcc00eb85086e280)
- EVM Chains - 0xD7d6215b4EF4b9B5f40baea48F41047Eb67a11D5
- [Giveth](https://giveth.io/donate/defihacklabs)

## List of Past DeFi Incidents

[20241006 SASHAToken](#20241006-sashatoken---price-manipulation)

[20241005 AIZPTToken](#20241005-AIZPTToken---wrong-price-calculation)

[20241002 LavaLending](#20241002-LavaLending---price-manipulation)

[20241001 FireToken](#20241001-firetoken---pair-manipulation-with-transfer-function)

[20240926 OnyxDAO](#20240926-OnyxDAO---fake-market)

[20240926 Bedrock_DeFi](#20240926-Bedrock_DeFi---swap-eth/btc-1/1-in-mint-function)

[20240924 MARA](#20240924-MARA---price-manipulation)

[20240923 Bankroll_Network](#20240923-Bankroll_Network---incorrect-input-validation)

[20240913 OTSeaStaking](#20240913-OTSeaStaking---Logic-Flaw)

[20240910 Caterpillar_Coin_CUT](#20240910-Caterpillar_Coin_CUT---price-manipulation)

[20240903 Penpiexyz_io](#20240903-Penpiexyz_io---reentrancy-and-reward-manipulation)

[20240816 Zenterest](#20240816-Zenterest---price-out-of-date)

[20240828 AAVE](#20240828-aave---arbitrary-call-error)

[20240814 YodlRouter](#20240814-noname---arbitrary-call)

[20240813 VOW](#20240813-vow---misconfiguration)

[20240812 iVest](#20240812-iVest---business-logic-flaw)

[20240806 Novax](#20240806-Novax---price-manipulation)

[20240801 Convergence](#20240801-Convergence---incorrect-input-validation)

[20240724 Spectra_finance](#20240724-spectra_finance---incorrect-input-validation)

[20240723 MEVbot_0xdd7c](#20240723-mevbot_0xdd7c---incorrect-input-validation)

[20240716 Lifiprotocol](#20240716-lifiprotocol---incorrect-input-validation)

[20240714 Minterest](#20240714-minterest---Reentrancy)

[20240712 DoughFina](#20240712-doughfina---incorrect-input-validation)

[20240711 SBT](#20240711-sbt---business-logic-flaw)

[20240711 GAX](#20240711-GAX---lack-of-access-control)

[20240708 LW](#20240708-Lw---integer-underflow)

[20240705 DeFiPlaza](#20240705-defiplaza---loss-of-precision)

[20240703 UnverifiedContr_0x452E25](#20240703-UnverifiedContr_0x452E25---lack-of-access-control)

[20240702 MRP](#20240702-mrp---reentrancy)

[20240628 Will](#20240628-Will---business-logic-flaw)

[20240627 APEMAGA](#20240627-APEMAGA---business-logic-flaw)

[20240618 INcufi](#20240618-incufi---business-logic-flaw)

[20240617 Dyson_money](#20240617-dyson_money---business-logic-flaw)

[20240616 WIFCOIN_ETH](#20240616-WIFCOIN_ETH---business-logic-flaw)

[20240611 Crb2](#20240616-Crb2---business-logic-flaw)

[20240611 JokInTheBox](#20240611-JokInTheBox---business-logic-flaw)

[20240610 Bazaar](#20240610-bazaar---insufficient-permission-check)

[20240608 YYStoken](#20240608-YYStoken---business-logic-flaw)

[20240606 SteamSwap](#20240606-steamswap---logic-flaw)

[20240606 MineSTM](#20240606-MineSTM---business-logic-flaw)

[20240604 NCD](#20240604-NCD---business-logic-flaw)

[20240601 VeloCore](#20240601-VeloCore---lack-of-access-control)

[20240531 Liquiditytokens](#20240531-liquiditytokens---business-logic-flaw)

[20240531 MixedSwapRouter](#20240531-MixedSwapRouter---arbitrary-call)

[20240529 SCROLL](#20240529-SCROLL---integer-underflow)

[20240529 MetaDragon](#20240529-metadragon---lack-of-access-control)

[20240528 Tradeonorion](#20240528-Tradeonorion---business-logic-flaw)

[20240528 EXcommunity](#20240528-EXcommunity---business-logic-flaw)

[20240527 RedKeysCoin](#20240527-redkeyscoin---weak-rng)

[20240526 NORMIE](#20240526-normie---business-logic-flaw)

[20240522 Burner](#20240522-Burner---sandwich-ack)

[20240516 TCH](#20240516-tch---signature-malleability-vulnerability)

[20240514 Sonne Finance](#20240514-sonne-finance---precision-loss)

[20240514 PredyFinance](#20240514-predyfinance---reentrancy)

[20240512 TGC](#20240512-tgc---business-logic-flaw)

[20240510 GFOX](#20240510-gfox---lack-of-access-control)

[20240510 TSURU](#20240510-tsuru---insufficient-validation)

[20240508 GPU](#20240508-GPU---self-transfer)

[20240507 SATURN](#20240507-saturn---price-manipulation)

[20240506 OSN](#20240506-osn---reward-distribution-problem)

[20240430 Yield](#20240430-yield---business-logic-flaw)

[20240430 PikeFinance](#20240430-pikefinance---uninitialized-proxy)

[20240427 BNBX](#20240427-BNBX---precision-loss)

[20240425 NGFS](#20240425-ngfs---bad-access-control)

[20240424 XBridge](#20240424-xbridge---logic-flaw)

[20240424 YIEDL](#20240424-yiedl---input-validation)

[20240422 Z123](#20240422-z123---price-manipulation)

[20240420 Rico](#20240420-rico---arbitrary-call)

[20240419 HedgeyFinance](#20240419-hedgeyfinance---logic-flaw)

[20240417 UnverifiedContr_0x00C409](#20240417-UnverifiedContr_0x00C409---unverified-external-call)

[20240416 SATX](#20240416-satx---logic-flaw)

[20240416 MARS_DEFI](#20240416-mars---bad-reflection)

[20240415 GFA](#20240415-gfa---business-logic-flaw)

[20240415 Chainge](#20240415-chainge---input-validation)

[20240414 Hackathon](#20240414-hackathon---business-logic-flaw)

[20240412 FIL314](#20240412-fil314---insufficient-validation-and-price-manipulation)

[20240412 SumerMoney](#20240412-sumermoney---Reentrancy)

[20240412 GROKD](#20240412-grokd---lack-of-access-control)

[20240410 BigBangSwap](#20240410-BigBangSwap---precision-loss)

[20240409 UPS](#20240409-ups---business-logic-flaw)

[20240408 SQUID](#20240408-squid---sandwich-attack)

[20240404 WSM](#20240404-wsm---manipulating-price)

[20240402 HoppyFrogERC](#20240402-hoppyfrogerc---business-logic-flaw)

[20240401 ATM](#20240401-atm---business-logic-flaw)

[20240401 OpenLeverage](#20240401-openleverage---business-logic-flaw)

[20240329 ETHFIN](#20240329-ethfin---lack-of-access-control)

[20240329 PrismaFi](#20240329-prismaFi---insufficient-validation)

[20240328 LavaLending](#20240328-lavalending---business-logic-flaw)

[20240325 ZongZi](#20240325-zongzi---price-manipulation)

[20240314 ARK](#20240324-ark---business-logic-flaw)

[20240323 CGT](#20240323-cgt---incorrect-access-control)

[20240321 SSS](#20240321-sss---token-balance-doubles-on-transfer-to-self)

[20240320 Paraswap](#20240320-paraswap---incorrect-access-control)

[20240314 MO](#20240314-mo---business-logic-flaw)

[20240313 IT](#20240313-it---business-logic-flaw)

[20240312 BBT](#20240312-bbt---business-logic-flaw)

[20240311 Binemon](#20240311-Binemon---precission-loss)

[20240309 Juice](#20240309-juice---business-logic-flaw)

[20240309 UnizenIO](#20240309-unizenio---unverified-external-call)

[20240307 GHT](#20240307-ght---business-logic-flaw)

[20240306 ALP](#20240306-alp---public-internal-function)

[20240306 TGBS](#20240306-tgbs---business-logic-flaw)

[20240305 Woofi](#20240305-woofi---price-manipulation)

[20240228 Seneca](#20240228-seneca---arbitrary-external-call-vulnerability)

[20240228 SMOOFSStaking](#20240228-smoofsstaking---reentrancy)

[20240223 Zoomer](#20240223-zoomer---business-logic-flaw)

[20240223 CompoundUni](#20240223-CompoundUni---Oracle-bad-price)

[20240223 BlueberryProtocol](#20240223-BlueberryProtocol---logic-flaw)

[20240222 SwarmMarkets](#20240222-SwarmMarkets---lack-of-validation)

[20240221 DeezNutz404](#20240221-deeznutz-404---lack-of-validation)

[20240221 GAIN](#20240221-GAIN---bad-function-implementation)

[20240220 EGGX](#20240220-EGGX---reentrancy)

[20240219 RuggedArt](#20240219-RuggedArt---reentrancy)

[20240216 ParticleTrade](#20240216-ParticleTrade---lack-of-validation-data)

[20240215 DualPools](#20240215-DualPools---precision-truncation)

[20240215 Babyloogn](#20240215-Babyloogn---lack-of-validation)

[20240215 Miner](#20240215-Miner---lack-of-validation-dst-address)

[20240213 MINER BSC](#20240213-miner---price-manipulation)

[20240211 Game](#20240211-game---reentrancy--business-logic-flaw)

[20240210 FILX DN404](#20240210-filx-dn404---access-control)

[20240208 Pandora404](#20240208-pandora---interger-underflow)

[20240205 BurnsDefi](#20240205-burnsdefi---price-manipulation)

[20240202 ADC](#20240202-adc---incorrect-access-control)

[20240201 AffineDeFi](#20240201-affinedefi---lack-of-validation-userData)

[20240130 XSIJ](#20240130-xsij---business-logic-flaw)

[20240130 MIMSpell](#20240130-mimspell---precission-loss)

[20240129 PeapodsFinance](#20240128-PeapodsFinance---reentrancy)

[20240128 BarleyFinance](#20240128-barleyfinance---reentrancy)

[20240127 CitadelFinance](#20240127-citadelfinance---price-manipulation)

[20240125 NBLGAME](#20240125-nblgame---reentrancy)

[20240122 DAO_SoulMate](#20240122-dao_soulmate---incorrect-access-control)

[20240117 BmiZapper](#20240117-bmizapper---arbitrary-external-call-vulnerability)

[20240117 SocketGateway](#20240112-socketgateway---lack-of-calldata-validation)

[20240115 Shell_MEV_0xa898](#20240115-Shell_MEV_0xa898---lack-of-access-control)

[20240112 WiseLending](#20240112-wiselending---bad-healthfactor-check)

[20240110 Freedom](#20240110-Freedom---lack-of-access-control)

[20240110 LQDX Alert](#20240110-lqdx---unauthorized-transferfrom)

[20240104 Gamma](#20240104-gamma---price-manipulation)

[20240102 MIC](#20240102-mic---business-logic-flaw)

[20240102 RadiantCapital](#20240102-radiantcapital---loss-of-precision)

[20240101 OrbitChain](#20240101-orbitchain---incorrect-input-validation)

2023

[20231231 Channels BUSD&USDC](past/2023/README.md#20231231-channels---price-manipulation)

[20231230 ChannelsFinance](past/2023/README.md#20231230-channelsfinance---compoundv2-inflation-attack)

[20231228 CCV](past/2023/README.md#20231225-CCV---precision-loss)

[20231228 DominoTT](past/2023/README.md#20231228-dominott---precision-loss)

[20231225 Telcoin](past/2023/README.md#20231225-telcoin---storage-collision)

[20231222 PineProtocol](past/2023/README.md#20231222-pineprotocol---business-logic-flaw)

[20231220 TransitFinance](past/2023/README.md#20231220-transitfinance---lack-of-validation-pool)

[20231217 Bob](past/2023/README.md#20231217-bob---price-manipulation)

[20231217 FloorProtocol](past/2023/README.md#20231217-floorprotocol---business-logic-flaw)

[20231216 GoodDollar](past/2023/README.md#20231216-gooddollar---lack-of-input-validation--reentrancy)

[20231216 KEST](past/2023/README.md#20231216-kest---business-logic-flaw)

[20231216 NFTTrader](past/2023/README.md#20231216-nfttrader---reentrancy)

[20231214 PHIL](past/2023/README.md#20231214-PHIL---business-logic-flaw)

[20231213 HYPR](past/2023/README.md#20231213-hypr---business-logic-flaw)

[20231211 GoodCompound](past/2023/README.md#20231211-goodcompound---price-manipulation)

[20231209 BCT](past/2023/README.md#20231209-bct---price-manipulation)

[20231207 HNet](past/2023/README.md#20231207-HNet---business-logic-flaw)

[20231206 TIME](past/2023/README.md#20231206-time---arbitrary-address-spoofing-attack)

[20231206 ElephantStatus](past/2023/README.md#20231206-elephantstatus---price-manipulation)

[20231205 MAMO](past/2023/README.md#20231205-mamo---price-manipulation)

[20231205 BEARNDAO](past/2023/README.md#20231205-bearndao---business-logic-flaw)

[20231202 bZxProtocol](past/2023/README.md#20231202-bzxprotocol---inflation-attack)

[20231201 UnverifiedContr_0x431abb](past/2023/README.md#20231201-unverifiedcontr_0x431abb---business-logic-flaw)

[20231130 EEE](past/2023/README.md#20231130-eee---price-manipulation)

[20231130 CAROLProtocol](past/2023/README.md#20231130-carolprotocol---price-manipulation-via-reentrancy)

[20231129 Burntbubba](past/2023/README.md#20231129-burntbubba---price-manipulation)

[20231129 AIS](past/2023/README.md#20231129-ais---access-control)

[20231128 FiberRouter](past/2023/README.md#20231128-FiberRouter---input-validation)

[20231125 MetaLend](past/2023/README.md#20231125-metalend---compoundv2-inflation-attack)

[20231125 TheNFTV2](past/2023/README.md#20231125-thenftv2---logic-flaw)

[20231122 KyberSwap](past/2023/README.md#20231122-kyberswap---precision-loss)

[20231117 Token8633_9419](past/2023/README.md#20231117-token8633_9419---price-manipulation)

[20231117 ShibaToken](past/2023/README.md#20231117-shibatoken---business-logic-flaw)

[20231116 WECO](past/2023/README.md#20231116-weco---business-logic-flaw)

[20231115 EHX](past/2023/README.md#20231115-ehx---lack-of-slippage-control)

[20231115 XAI](past/2023/README.md#20231115-xai---business-logic-flaw)

[20231115 LinkDAO](past/2023/README.md#20231115-linkdao---bad-k-value-verification)

[20231114 OKC Project](past/2023/README.md#20231114-OKC-Project---Instant-Rewards-Unlocked)

[20231112 MEV_0x8c2d](past/2023/README.md#20231112-mevbot_0x8c2d---lack-of-access-control)

[20231112 MEV_0xa247](past/2023/README.md#20231112-mevbot_0xa247---incorrect-access-control)

[20231111 Mahalend](past/2023/README.md#20231111-mahalend---donate-inflation-exchangerate--rounding-error)

[20231110 Raft_fi](past/2023/README.md#20231110-raft_fi---donate-inflation-exchangerate--rounding-error)

[20231110 GrokToken](past/2023/README.md#20231110-grok---lack-of-slippage-protection)

[20231107 RBalancer](past/2023/README.md#20231107-rbalancer---business-logic-flaw)

[20231107 MEVbot](past/2023/README.md#20231107-mevbot---lack-of-access-control)

[20231106 TrustPad](past/2023/README.md#20231106-trustpad---lack-of-msgsender-address-verification)

[20231106 TheStandard_io](past/2023/README.md#20231106-thestandard_io---lack-of-slippage-protection)

[20231106 KR](past/2023/README.md#20231106-KR---precission-loss)

[20231102 BRAND](past/2023/README.md#20231102-brand---lack-of-access-control)

[20231102 3913Token](past/2023/README.md#20231102-3913token---deflationary-token-attack)

[20231101 SwampFinance](past/2023/README.md#20231101-swampfinance---business-logic-flaw)

[20231101 OnyxProtocol](past/2023/README.md#20231101-onyxprotocol---precission-loss-vulnerability)

[20231031 UniBotRouter](past/2023/README.md#20231031-UniBotRouter---arbitrary-external-call)

[20231030 LaEeb](past/2023/README.md#20231030-laeeb---lack-slippage-protection)

[20231028 AstridProtocol](past/2023/README.md#20231028-AstridProtocol---business-logic-flaw)

[20231024 MaestroRouter2](past/2023/README.md#20231024-maestrorouter2---arbitrary-external-call)

[20231022 OpenLeverage](past/2023/README.md#20231022-openleverage---business-logic-flaw)

[20231019 kTAF](past/2023/README.md#20231019-ktaf---compoundv2-inflation-attack)

[20231018 HopeLend](past/2023/README.md#20231018-hopelend---div-precision-loss)

[20231018 MicDao](past/2023/README.md#20231018-micdao---price-manipulation)

[20231013 BelugaDex](past/2023/README.md#20231013-belugadex---price-manipulation)

[20231013 WiseLending](past/2023/README.md#20231013-wiselending---donate-inflation-exchangerate--rounding-error)

[20231012 Platypus](past/2023/README.md#20231012-platypus---business-logic-flaw)

[20231011 BH](past/2023/README.md#20231011-bh---price-manipulation)

[20231008 ZS](past/2023/README.md#20231008-zs---business-logic-flaw)

[20231008 pSeudoEth](past/2023/README.md#20231008-pseudoeth---pool-manipulation)

[20231007 StarsArena](past/2023/README.md#20231007-starsarena---reentrancy)

[20231005 DePayRouter](past/2023/README.md#20231005-depayrouter---business-logic-flaw)

[20230930 FireBirdPair](past/2023/README.md#20230930-FireBirdPair---lack-slippage-protection)

[20230929 DEXRouter](past/2023/README.md#20230929-dexrouter---arbitrary-external-call)

[20230926 XSDWETHpool](past/2023/README.md#20230926-XSDWETHpool---reentrancy)

[20230924 KubSplit](past/2023/README.md#20230924-kubsplit---pool-manipulation)

[20230921 CEXISWAP](past/2023/README.md#20230921-cexiswap---incorrect-access-control)

[20230916 uniclyNFT](past/2023/README.md#20230916-uniclynft---reentrancy)

[20230911 0x0DEX](past/2023/README.md#20230911-0x0dex---parameter-manipulation)

[20230909 BFCToken](past/2023/README.md#20230909-bfctoken---business-logic-flaw)

[20230908 APIG](past/2023/README.md#20230908-apig---business-logic-flaw)

[20230907 HCT](past/2023/README.md#20230907-hct---price-manipulation)

[20230905 QuantumWN](past/2023/README.md#20230905-quantumwn---rebasing-logic-issue)

[20230905 JumpFarm](past/2023/README.md#20230905-JumpFarm---rebasing-logic-issue)

[20230905 HeavensGate](past/2023/README.md#20230905-HeavensGate---rebasing-logic-issue)

[20230905 FloorDAO](past/2023/README.md#20230905-floordao---rebasing-logic-issue)

[20230902 DAppSocial](past/2023/README.md#20230902-dappsocial---business-logic-flaw)

[20230829 EAC](past/2023/README.md#20230829-eac---price-manipulation)

[20230827 Balancer](past/2023/README.md#20230827-balancer---rounding-error--business-logic-flaw)

[20230826 SVT](past/2023/README.md#20230826-svt---flawed-price-calculation)

[20230824 GSS](past/2023/README.md#20230824-gss---skim-token-balance)

[20230821 EHIVE](past/2023/README.md#20230821-ehive---business-logic-flaw)

[20230819 BTC20](past/2023/README.md#20230819-btc20---price-manipulation)

[20230818 ExactlyProtocol](past/2023/README.md#20230818-exactlyprotocol---insufficient-validation)

[20230814 ZunamiProtocol](past/2023/README.md#20230814-zunamiprotocol---price-manipulation)

[20230809 EarningFram](past/2023/README.md#20230809-earningfram---reentrancy)

[20230802 CurveBurner](past/2023/README.md#20230802-curveburner---lack-slippage-protection)

[20230802 Uwerx](past/2023/README.md#20230802-uwerx---fault-logic)

[20230801 NeutraFinance](past/2023/README.md#20230801-neutrafinance---price-manipulation)

[20230801 LeetSwap](past/2023/README.md#20230801-leetswap---access-control)

[20230731 GYMNET](past/2023/README.md#20230731-gymnet---insufficient-validation)

[20230730 Curve](past/2023/README.md#20230730-curve---vyper-compiler-bug--reentrancy)

[20230726 Carson](past/2023/README.md#20230726-carson---price-manipulation)

[20230724 Palmswap](past/2023/README.md#20230724-palmswap---business-logic-flaw)

[20230723 MintoFinance](past/2023/README.md#20230723-mintofinance---signature-replay)

[20230722 ConicFinance02](past/2023/README.md#20230722-conic-finance-02---price-manipulation)

[20230721 ConicFinance](past/2023/README.md#20230721-conic-finance---read-only-reentrancy--misconfiguration)

[20230721 SUT](past/2023/README.md#20230721-sut---business-logic-flaw)

[20230720 Utopia](past/2023/README.md#20230720-utopia---business-logic-flaw)

[20230720 FFIST](past/2023/README.md#20230720-ffist---business-logic-flaw)

[20230718 APEDAO](past/2023/README.md#20230718-apedao---business-logic-flaw)

[20230718 BNO](past/2023/README.md#20230718-bno---invalid-emergency-withdraw-mechanism)

[20230717 NewFi](past/2023/README.md#20230717-newfi---lack-slippage-protection)

[20230715 USDTStakingContract28](past/2023/README.md#20230715-usdtstakingcontract28---lack-of-access-control)

[20230712 Platypus](past/2023/README.md#20230712-platypus---bussiness-logic-flaw)

[20230712 WGPT](past/2023/README.md#20230712-wgpt---business-logic-flaw)

[20230711 RodeoFinance](past/2023/README.md#20230711-rodeofinance---twap-oracle-manipulation)

[20230711 Libertify](past/2023/README.md#20230711-libertify---reentrancy)

[20230710 ArcadiaFi](past/2023/README.md#20230710-arcadiafi---reentrancy)

[20230708 CIVNFT](past/2023/README.md#20230708-civnft---lack-of-access-control)

[20230708 Civfund](past/2023/README.md#20230708-civfund---lack-of-access-control)

[20230707 LUSD](past/2023/README.md#20230707-LUSD---price-manipulation-attack)

[20230704 BambooIA](past/2023/README.md#20230704-bambooia---price-manipulation-attack)

[20230704 BaoCommunity](past/2023/README.md#20230704-baocommunity---donate-inflation-exchangerate--rounding-error)

[20230703 AzukiDAO](past/2023/README.md#20230703-azukidao---invalid-signature-verification)

[20230630 Biswap](past/2023/README.md#20230630-biswap---v3migrator-exploit)

[20230630 MyAi](past/2023/README.md#20230630-MyAi---business-loigc)

[20230628 Themis](past/2023/README.md#20230628-themis---manipulation-of-prices-using-flashloan)

[20230627 UnverifiedContr_9ad32](past/2023/README.md#20230627-unverifiedcontr_9ad32---business-loigc-flaw)

[20230627 STRAC](past/2023/README.md#20230627-STRAC---business-loigc)

[20230623 SHIDO](past/2023/README.md#20230623-shido---business-loigc)

[20230621 BabyDogeCoin02](past/2023/README.md#20230621-babydogecoin02---lack-slippage-protection)

[20230621 BUNN](past/2023/README.md#20230621-bunn---reflection-tokens)

[20230620 MIM](past/2023/README.md#20230620-mimspell---arbitrary-external-call-vulnerability)

[20230619 Contract_0x7657](past/2023/README.md#20230620-Contract_0x7657---business-loigc)

[20230618 ARA](past/2023/README.md#20230618-ara---incorrect-handling-of-permissions)

[20230617 MidasCapitalXYZ](past/2023/README.md#20230617-midascapitalxyz---precision-loss)

[20230617 Pawnfi](past/2023/README.md#20230617-pawnfi---business-logic-flaw)

[20230615 CFC](past/2023/README.md#20230615-cfc---uniswap-skim-token-balance-attack)

[20230615 DEPUSDT_LEVUSDC](past/2023/README.md#20230615-depusdt_levusdc---incorrect-access-control)

[20230612 Sturdy Finance](past/2023/README.md#20230612-sturdy-finance---read-only-reentrancy)

[20230611 SellToken04](past/2023/README.md#20230611-sellToken04---Price-Manipulation)

[20230607 CompounderFinance](past/2023/README.md#20230607-compounderfinance---manipulation-of-funds-through-fluctuations-in-the-amount-of-exchangeable-assets)

[20230606 VINU](past/2023/README.md#20230606-vinu---price-manipulation)

[20230606 UN](past/2023/README.md#20230606-un---price-manipulation)

[20230602 NST SimpleSwap](past/2023/README.md#20230602-nst-simple-swap---unverified-contract-wrong-approval)

[20230601 DDCoin](past/2023/README.md#20230601-ddcoin---flashloan-attack-and-smart-contract-vulnerability)

[20230601 Cellframenet](past/2023/README.md#20230601-cellframenet---calculation-issues-during-liquidity-migration)

[20230531 ERC20TokenBank](past/2023/README.md#20230531-erc20tokenbank---price-manipulation)

[20230529 Jimbo](past/2023/README.md#20230529-jimbo---protocol-specific-price-manipulation)

[20230529 BabyDogeCoin](past/2023/README.md#20230529-babydogecoin---lack-slippage-protection)

[20230529 FAPEN](past/2023/README.md#20230529-fapen---wrong-balance-check)

[20230529 NOON_NO](past/2023/README.md#20230529-noon-no---wrong-visibility-in-function)

[20230525 GPT](past/2023/README.md#20230525-gpt-token---fee-machenism-exploitation)

[20230524 LocalTrade](past/2023/README.md#20230524-local-trade-lct---improper-access-control-of-close-source-contract)

[20230524 CS](past/2023/README.md#20230524-cs-token---outdated-global-variable)

[20230523 LFI](past/2023/README.md#20230523-lfi-token---business-logic-flaw)

[20230514 landNFT](past/2023/README.md#20230514-landNFT---lack-of-permission-control)

[20230514 SellToken03](past/2023/README.md#20230514-selltoken03---unchecked-user-input)

[20230513 Bitpaidio](past/2023/README.md#20230513-bitpaidio---business-logic-flaw)

[20230513 SellToken02](past/2023/README.md#20230513-selltoken02---price-manipulation)

[20230512 LW](past/2023/README.md#20230512-lw---flashloan-price-manipulation)

[20230511 SellToken01](past/2023/README.md#20230511-selltoken01---business-logic-flaw)

[20230510 SNK](past/2023/README.md#20230510-snk---reward-calculation-error)

[20230509 MCC](past/2023/README.md#20230509-mcc---reflection-token)

[20230509 HODL](past/2023/README.md#20230509-hodl---reflection-token)

[20230506 Melo](past/2023/README.md#20230506-melo---access-control)

[20230505 DEI](past/2023/README.md#20230505-dei---wrong-implemention)

[20230503 NeverFall](past/2023/README.md#20230503-NeverFall---price-manipulation)

[20230502 Level](past/2023/README.md#20230502-level---business-logic-flaw)

[20230428 0vix](past/2023/README.md#20230428-0vix---flashloan-price-manipulation)

[20230427 SiloFinance](past/2023/README.md#20230427-Silo-finance---Business-Logic-Flaw)

[20230424 Axioma](past/2023/README.md#20230424-Axioma---business-logic-flaw)

[20230419 OLIFE](past/2023/README.md#20230419-OLIFE---Reflection-token)

[20230416 Swapos V2](past/2023/README.md#20230416-swapos-v2---error-k-value-attack)

[20230415 HundredFinance](past/2023/README.md#20230415-hundredfinance---donate-inflation-exchangerate--rounding-error)

[20230413 yearnFinance](past/2023/README.md#20230413-yearnFinance---misconfiguration)

[20230412 MetaPoint](past/2023/README.md#20230412-metapoint---Unrestricted-Approval)

[20230411 Paribus](past/2023/README.md#20230411-paribus---reentrancy)

[20230409 SushiSwap](past/2023/README.md#20230409-SushiSwap---Unchecked-User-Input)

[20230405 Sentiment](past/2023/README.md#20230405-sentiment---read-only-reentrancy)

[20230402 Allbridge](past/2023/README.md#20230402-allbridge---flashloan-price-manipulation)

[20230328 SafeMoon Hack](past/2023/README.md#20230328-safemoon-hack)

[20230328 THENA](past/2023/README.md#20230328---thena---yield-protocol-flaw)

[20230325 DBW](past/2023/README.md#20230325---dbw--business-logic-flaw)

[20230322 BIGFI](past/2023/README.md#20230322---bigfi---reflection-token)

[20230317 ParaSpace NFT](past/2023/README.md#20230317---paraspace-nft---flashloan--scaledbalanceof-manipulation)

[20230315 Poolz](past/2023/README.md#20230315---poolz---integer-overflow)

[20230313 EulerFinance](past/2023/README.md#20230313---eulerfinance---business-logic-flaw)

[20230308 DKP](past/2023/README.md#20230308---dkp---flashloan-price-manipulation)

[20230307 Phoenix](past/2023/README.md#20230307---phoenix---access-control--arbitrary-external-call)

[20230227 LaunchZone](past/2023/README.md#20230227---launchzone---access-control)

[20230227 SwapX](past/2023/README.md#20230227---swapx---access-control)

[20230224 EFVault](past/2023/README.md#20230224---efvault---storage-collision)

[20230222 DYNA](past/2023/README.md#20230222---dyna---business-logic-flaw)

[20230218 RevertFinance](past/2023/README.md#20230218---revertfinance---arbitrary-external-call-vulnerability)

[20230217 Starlink](past/2023/README.md#20230217---starlink---business-logic-flaw)

[20230217 Dexible](past/2023/README.md#20230217---dexible---arbitrary-external-call-vulnerability)

[20230217 Platypusdefi](past/2023/README.md#20230217---platypusdefi---business-logic-flaw)

[20230210 Sheep Token](past/2023/README.md#20230210---sheep---reflection-token)

[20230210 dForce](past/2023/README.md#20230210---dforce---read-only-reentrancy)

[20230207 CowSwap](past/2023/README.md#20230207---cowswap---arbitrary-external-call-vulnerability)

[20230206 FDP Token](past/2023/README.md#20230206---fdp---reflection-token)

[20230203 Orion Protocol](past/2023/README.md#20230203---orion-protocol---reentrancy)

[20230203 Spherax USDs](past/2023/README.md#20230203---spherax-usds---balance-recalculation-bug)

[20230202 BonqDAO](past/2023/README.md#20230202---BonqDAO---price-oracle-manipulation)

[20230130 BEVO](past/2023/README.md#20230130---bevo---reflection-token)

[20230126 TomInu Token](past/2023/README.md#20230126---tinu---reflection-token)

[20230119 SHOCO Token](past/2023/README.md#20230119---shoco---reflection-token)

[20230119 ThoreumFinance](past/2023/README.md#20230119---thoreumfinance-business-logic-flaw)

[20230118 QTN Token](past/2023/README.md#20230118---qtntoken---business-logic-flaw)

[20230118 UPS Token](past/2023/README.md#20230118---upstoken---business-logic-flaw)

[20230117 OmniEstate](past/2023/README.md#20230117---OmniEstate---no-input-parameter-check)

[20230116 MidasCapital](past/2023/README.md#20230116---midascapital---read-only-reentrancy)

[20230111 UFDao](past/2023/README.md#20230111---ufdao---incorrect-parameter-setting)

[20230111 ROE](past/2023/README.md#20230111---roefinance---flashloan-price-manipulation)

[20230110 BRA](past/2023/README.md#20230110---bra---business-logic-flaw)

[20230103 GDS](past/2023/README.md#20230103---gds---business-logic-flaw)

2022

[20221230 DFS](past/2022/README.md#20221230---dfs---insufficient-validation--flashloan)

[20221229 JAY](past/2022/README.md#20221229---jay---insufficient-validation--reentrancy)

[20221225 Rubic](past/2022/README.md#20221225---rubic---arbitrary-external-call-vulnerability)

[20221223 Defrost](past/2022/README.md#20221223---defrost---reentrancy)

[20221214 Nmbplatform](past/2022/README.md#20221214---nmbplatform---flashloan-price-manipulation)

[20221214 FPR](past/2022/README.md#20221214---fpr---access-control)

[20221213 ElasticSwap](past/2022/README.md#20221213---elasticswap---business-logic-flaw)

[20221212 BGLD](past/2022/README.md#20221212---bgld-deflationary-token---flashloan-price-manipulation)

[20221211 Lodestar](past/2022/README.md#20221211---lodestar---flashloan-price-manipulation)

[20221211 MEVbot_0x28d9](past/2022/README.md#20221211---MEVbot_0x28d9---insufficient-validation)

[20221210 MUMUG](past/2022/README.md#20221210---mumug---flashloan-price-manipulation)

[20221210 TIFIToken](past/2022/README.md#20221210---tifitoken---flashloan-price-manipulation)

[20221209 NOVAToken](past/2022/README.md#20221209---novatoken---malicious-unlimted-minting-rugged)

[20221207 AES](past/2022/README.md#20221207---aes-deflationary-token---business-logic-flaw--flashloan-price-manipulation)

[20221205 RFB](past/2022/README.md#20221205---rfb---predicting-random-numbers)

[20221205 BBOX](past/2022/README.md#20221205---bbox---flashloan-price-manipulation)

[20221202 OverNight](past/2022/README.md#20221202---overnight---flashloan-attack)

[20221201 APC](past/2022/README.md#20221201---apc---flashloan--price-manipulation)

[20221129 MBC & ZZSH](past/2022/README.md#20221129---mbc--zzsh---business-logic-flaw--access-control)

[20221129 SEAMAN](past/2022/README.md#20221129---seaman---business-logic-flaw)

[20221123 NUM](past/2022/README.md#20221123---num---protocol-token-incompatible)

[20221122 AUR](past/2022/README.md#20221122---aur---lack-of-permission-check)

[20221121 SDAO](past/2022/README.md#20221121---sdao---business-logic-flaw)

[20221119 AnnexFinance](past/2022/README.md#20221119---annexfinance---verify-flashloan-callback)

[20221118 Polynomial](past/2022/README.md#20221118---polynomial---no-input-validation)

[20221117 UEarnPool](past/2022/README.md#20221117---uearnpool---flashloan-attack)

[20221116 SheepFarm](past/2022/README.md#20221116---sheepfarm---no-input-validation)

[20221110 DFXFinance](past/2022/README.md#20221110---dfxfinance---reentrancy)

[20221109 brahTOPG](past/2022/README.md#20221109-brahtopg---arbitrary-external-call-vulnerability)

[20221108 MEV_0ad8](past/2022/README.md#20221108-mev_0ad8---arbitrary-call)

[20221108 Kashi](past/2022/README.md#20221108-kashi---price-caching-design-defect)

[20221107 MooCAKECTX](past/2022/README.md#20221107-moocakectx---flashloan-attack)

[20221105 BDEX](past/2022/README.md#20221105-bdex---business-logic-flaw)

[20221027 VTF](past/2022/README.md#20221027-vtf-token---incorrect-reward-calculation)

[20221027 Team Finance](past/2022/README.md#20221027-team-finance---liquidity-migration-exploit)

[20221026 N00d Token](past/2022/README.md#20221026-n00d-token---reentrancy)

[20221025 ULME](past/2022/README.md#20221025-ulme---access-control)

[20221024 Market](past/2022/README.md#20221024-market---read-only-reentrancy)

[20221024 MulticallWithoutCheck](past/2022/README.md#20221024-multicallwithoutcheck---arbitrary-external-call-vulnerability)

[20221021 OlympusDAO](past/2022/README.md#20221021-olympusdao---no-input-validation)

[20221020 HEALTH Token](past/2022/README.md#20221020-health---transfer-logic-flaw)

[20221019 BEGO Token](past/2022/README.md#20221020-bego---incorrect-signature-verification)

[20221018 HPAY](past/2022/README.md#20221018-hpay---access-control)

[20221018 PLTD Token](past/2022/README.md#20221018-pltd---transfer-logic-flaw)

[20221017 Uerii Token](past/2022/README.md#20221017-uerii-token---access-control)

[20221014 INUKO Token](past/2022/README.md#20221014-inuko---flashloan-price-manipulation)

[20221014 EFLeverVault](past/2022/README.md#20221014-eflevervault---verify-flashloan-callback)

[20221014 MEVBOT a47b](past/2022/README.md#20221014-mevbota47b---mevbot-a47b)

[20221012 ATK](past/2022/README.md#20221012-atk---flashloan-manipulate-price)

[20221011 Rabby Wallet SwapRouter](past/2022/README.md#20221011-rabby-wallet-swaprouter---arbitrary-external-call-vulnerability)

[20221011 Templedao](past/2022/README.md#20221011-templedao---insufficient-access-control)

[20221010 Carrot](past/2022/README.md#20221010-carrot---public-functioncall)

[20221009 Xave Finance](past/2022/README.md#20221009-xave-finance---malicious-proposal-mint--transfer-ownership)

[20221006 RES-Token](past/2022/README.md#20221006-RES-Token---pair-manipulate)

[20221002 Transit Swap](past/2022/README.md#20221002-transit-swap---incorrect-owner-address-validation)

[20221001 BabySwap](past/2022/README.md#20221001-babyswap---parameter-access-control)

[20221001 RL](past/2022/README.md#20221001-RL-Token---Incorrect-Reward-calculation)

[20221001 Thunder Brawl](past/2022/README.md#20221001-thunder-brawl---reentrancy)

[20220929 BXH](past/2022/README.md#20220928-bxh---flashloan--price-oracle-manipulation)

[20220928 MEVBOT Badc0de](past/2022/README.md#20220928-MEVBOT---Badc0de)

[20220923 RADT-DAO](past/2022/README.md#20220923-RADT-DAO---pair-manipulate)

[20220913 MevBot Private TX](past/2022/README.md#20220913-mevbot-private-tx)

[20220909 DPC](past/2022/README.md#20220909-dpc---Incorrect-Reward-calculation)

[20220908 YYDS](past/2022/README.md#20220908-YYDS---pair-manipulate)

[20220908 NewFreeDAO](past/2022/README.md#20220908-newfreedao---flashloans-attack)

[20220908 Ragnarok Online Invasion](past/2022/README.md#20220908-ragnarok-online-invasion---broken-access-control)

[20220906 NXUSD](past/2022/README.md#20220906-NXUSD---flashloan-price-oracle-manipulation)

[20220905 ZoomproFinance](past/2022/README.md#20220905-zoomprofinance---flashloans--price-manipulation)

[20220902 ShadowFi](past/2022/README.md#20220902-shadowfi---access-control)

[20220902 Bad Guys by RPF](past/2022/README.md#20220902-bad-guys-by-rpf---business-logic-flaw--missing-check-for-number-of-nft-to-mint)

[20220828 DDC](past/2022/README.md#20220828-ddc)

[20220824 LuckyTiger NFT](past/2022/README.md#20220824-luckytiger-nft---predicting-random-numbers)

[20220816 Circle_2](past/2022/README.md#20220816-circle---price-manipulation)

[20220813 Circle](past/2022/README.md#20220813-circle---price-manipulation)

[20220810 XSTABLE Protocol](past/2022/README.md#20220810-xstable-protocol---incorrect-logic-check)

[20220809 ANCH](past/2022/README.md#20220809-anch---skim-token-balance)

[20220807 EGD Finance](past/2022/README.md#20220807-egd-finance---flashloans--price-manipulation)

[20220804 EtnProduct](past/2022/README.md#20220804-etnproduct---business-logic-flaw)

[20220803 Qixi](past/2022/README.md#20220803-qixi---underflow)

[20220802 Nomad Bridge](past/2022/README.md#20220802-nomad-bridge---business-logic-flaw--incorrect-acceptable-merkle-root-checks)

[20220801 Reaper Farm](past/2022/README.md#20220801-reaper-farm---business-logic-flaw--lack-of-access-control-mechanism)

[20220725 LPC](past/2022/README.md#20220725-lpc---business-logic-flaw--incorrect-recipient-balance-check-did-not-check-senderrecipient-in-transfer)

[20220723 Audius](past/2022/README.md#20220723-audius---storage-collision--malicious-proposal)

[20220713 SpaceGodzilla](past/2022/README.md#20220713-spacegodzilla---flashloans--price-manipulation)

[20220710 Omni NFT](past/2022/README.md#20220710-omni-nft---reentrancy)

[20220706 FlippazOne NFT](past/2022/README.md#20220706-flippazone-nft---accesscontrol)

[20220701 Quixotic - Optimism NFT Marketplace](past/2022/README.md#20220701-quixotic---optimism-nft-marketplace)

[20220626 XCarnival](past/2022/README.md#20220626-xcarnival---infinite-number-of-loans)

[20220624 Harmony's Horizon Bridge](past/2022/README.md#20220624-harmonys-horizon-bridge---private-key-compromised)

[20220618 SNOOD](past/2022/README.md#20220618-snood---miscalculation-on-_spendallowance)

[20220616 InverseFinance](past/2022/README.md#20220616-inversefinance---flashloan--price-oracle-manipulation)

[20220608 GYMNetwork](past/2022/README.md#20220608-gymnetwork---accesscontrol)

[20220608 Optimism - Wintermute](past/2022/README.md#20220608-optimism---wintermute)

[20220606 Discover](past/2022/README.md#20220606-discover---flashloan--price-oracle-manipulation)

[20220529 NOVO Protocol](past/2022/README.md#20220529-novo-protocol---flashloan--price-oracle-manipulation)

[20220524 HackDao](past/2022/README.md#20220524-HackDao---Skim-token-balance)

[20220517 ApeCoin](past/2022/README.md#20220517-apecoin-ape---flashloan)

[20220508 Fortress Loans](past/2022/README.md#20220508-fortress-loans---malicious-proposal--price-oracle-manipulation)

[20220430 Saddle Finance](past/2022/README.md#20220430-saddle-finance---swap-metapool-attack)

[20220430 Rari Capital/Fei Protocol](past/2022/README.md#20220430-rari-capitalfei-protocol---flashloan-attack--reentrancy)

[20220428 DEUS DAO](past/2022/README.md#20220428-deus-dao---flashloan--price-oracle-manipulation)

[20220424 Wiener DOGE](past/2022/README.md#20220424-wiener-doge---flashloan)

[20220423 Akutar NFT](past/2022/README.md#20220423-akutar-nft---denial-of-service)

[20220421 Zeed Finance](past/2022/README.md#20220421-zeed-finance)

[20220416 BeanstalkFarms](past/2022/README.md#20220416-beanstalkfarms---dao--flashloan)

[20220415 Rikkei Finance](past/2022/README.md#20220415-rikkei-finance---access-control--price-oracle-manipulation)

[20220412 ElephantMoney](past/2022/README.md#20220412-elephantmoney---flashloan--price-oracle-manipulation)

[20220411 Creat Future](past/2022/README.md#20220411-creat-future)

[20220409 GYMNetwork](past/2022/README.md#20220409-gymnetwork---flashloan--token-migrate-flaw)

[20220329 Ronin Network](past/2022/README.md#20220329-ronin-network---Bridge)

[20220329 Redacted Cartel](past/2022/README.md#20220329-redacted-cartel---custom-approval-logic)

[20220327 Revest Finance](past/2022/README.md#20220327-revest-finance---reentrancy)

[20220326 Auctus](past/2022/README.md#20220326-auctus)

[20220322 CompoundTUSDSweepTokenBypass](past/2022/README.md#20220322-compoundtusdsweeptokenbypass)

[20220321 OneRing Finance](past/2022/README.md#20220321-onering-finance---flashloan--price-oracle-manipulation)

[20220320 LI.FI](past/2022/README.md#20220320-LiFi---bridges)

[20220320 Umbrella Network](past/2022/README.md#20220320-umbrella-network---underflow)

[20220315 Agave Finance](past/2022/README.md#20220315-agave-finance---erc667-reentrancy)

[20220315 Hundred Finance](past/2022/README.md#20220313-hundred-finance---erc667-reentrancy)

[20220313 Paraluni](past/2022/README.md#20220313-paraluni---flashloan--reentrancy)

[20220309 Fantasm Finance](past/2022/README.md#20220309-fantasm-finance---business-logic-in-mint)

[20220305 Bacon Protocol](past/2022/README.md#20220305-bacon-protocol---reentrancy)

[20220303 TreasureDAO](past/2022/README.md#20220303-treasuredao---zero-fee)

[20220214 BuildFinance - DAO](past/2022/README.md#20220214-buildfinance---dao)

[20220208 Sandbox LAND](past/2022/README.md#20220208-sandbox-land---access-control)

[20220205 Meter](past/2022/README.md#20220205-Meter---bridge)

[20220204 TecraSpace](past/2022/README.md#20220204-TecraSpace---Any-token-is-destroyed)

[20220128 Qubit Finance](past/2022/README.md#20220128-qubit-finance---bridge-address0safetransferfrom-does-not-revert)

[20220118 Multichain (Anyswap)](past/2022/README.md#20220118-multichain-anyswap---insufficient-token-validation)

2021

[20211221 Visor Finance](past/2021/README.md#20211221-visor-finance---reentrancy)

[20211218 Grim Finance](past/2021/README.md#20211218-grim-finance---flashloan--reentrancy)

[20211214 Nerve Bridge](past/2021/README.md#20211214-nerve-bridge---swap-metapool-attack)

[20211130 MonoX Finance](past/2021/README.md#20211130-monox-finance---price-manipulation)

[20211123 Ploutoz Finance](past/2021/README.md#20211123-ploutoz---flash-loan)

[20211027 Cream Finance](past/2021/README.md#20211027-creamfinance---price-manipulation)

[20211015 Indexed Finance](past/2021/README.md#20211015-indexed-finance---price-manipulation)

[20210916 SushiSwap Miso](past/2021/README.md#20210916-sushiswap-miso)

[20210915 Nimbus Platform](past/2021/README.md#20210915-nimbus-platform)

[20210915 NowSwap Platform](past/2021/README.md#20210915-nowswap-platform)

[20210912 ZABU Finance](past/2021/README.md#20210912-ZABU-Finance---Deflationary-token-uncompatible)

[20210903 DAO Maker](past/2021/README.md#20210903-dao-maker---bad-access-controal)

[20210830 Cream Finance](past/2021/README.md#20210830-cream-finance---flashloan-attack--reentrancy)

[20210817 XSURGE](past/2021/README.md#20210817-xsurge---flashloan-attack--reentrancy)

[20210811 Poly Network](past/2021/README.md#20210811-poly-network---bridge-getting-around-modifier-through-cross-chain-message)

[20210804 WaultFinance](past/2021/README.md#20210804-waultfinace---flashloan-price-manipulation)

[20210728 Levyathan Finance](past/2021/README.md#20210728-levyathan-finance---i-lost-keys-and-minting-ii-vulnerable-emergencywithdraw)

[20210710 Chainswap](past/2021/README.md#20210710-chainswap---bridge-logic-flaw)

[20210702 Chainswap](past/2021/README.md#20210702-chainswap---bridge-logic-flaw)

[20210628 SafeDollar](past/2021/README.md#20210628-safedollar---deflationary-token-uncompatible)

[20210625 xWin Finance](past/2021/README.md#20210625-xwin-finance---subscription-incentive-mechanism)

[20210622 Eleven Finance](past/2021/README.md#20210622-eleven-finance---doesnt-burn-shares)

[20210607 88mph NFT](past/2021/README.md#20210607-88mph-nft---access-control)

[20210603 PancakeHunny](past/2021/README.md#20210603-pancakehunny---incorrect-calculation)

[20210527 JulSwap](past/2021/README.md#20210527-julswap---flash-loan)

[20210527 BurgerSwap](past/2021/README.md#20210527-burgerswap---mathematical-flaw--reentrancy)

[20210519 PancakeBunny](past/2021/README.md#20210519-pancakebunny---price-oracle-manipulation)

[20210516 bEarn](past/2021/README.md#20210516-bearn---logic-flaw)

[20210508 Rari Capital](past/2021/README.md#20210509-raricapital---cross-contract-reentrancy)

[20210508 Value Defi](past/2021/README.md#20210508-value-defi---cross-contract-reentrancy)

[20210502 Spartan](past/2021/README.md#20210502-spartan---logic-flaw)

[20210428 Uranium](past/2021/README.md#20210428-uranium---miscalculation)

[20210308 DODO](past/2021/README.md#20210308-dodo---flashloan-attack)

[20210305 Paid Network](past/2021/README.md#20210305-paid-network---private-key-compromised)

[20210204 Yearn YDai](past/2021/README.md#20210204-yearn-ydai---Slippage-proection-absent)

[20210125 Sushi Badger Digg](past/2021/README.md#20210125-sushi-badger-digg---sandwich-attack)

Before 2020

[20201229 Cover Protocol](past/2021/README.md#20201229-cover-protocol)

[20201121 Pickle Finance](past/2021/README.md#20201121-pickle-finance)

[20201026 Harvest Finance](past/2021/README.md#20201026-harvest-finance---flashloan-attack)

[20200912 bzx](past/2021/README.md#20200912-bzx---incorrect-transfer)

[20200804 Opyn Protocol](past/2021/README.md#20200804-opyn-protocol---msgValue-in-loop)

[20200628 Balancer Protocol](past/2021/README.md#20200628-balancer-protocol---token-incompatible)

[20200618 Bancor Protocol](past/2021/README.md#20200618-bancor-protocol---access-control)

[20200419 LendfMe](past/2021/README.md#20200419-lendfme---erc777-reentrancy)

[20200418 UniSwapV1](past/2021/README.md#20200418-uniswapv1---erc777-reentrancy)

[20181007 SpankChain](past/2021/README.md#20181007-spankchain---reentrancy)

[20180424 SmartMesh](past/2021/README.md#20180424-smartmesh---overflow)

[20180422 Beauty Chain](past/2021/README.md##20180422-beauty-chain---integer-overflow)

[20171106 Parity - 'Accidentally Killed It'](past/2021/README.md##20171106-parity---accidentally-killed-it)

---

### Transaction debugging tools

[Phalcon](https://explorer.phalcon.xyz/) | [Tx tracer](https://openchain.xyz/trace) | [Cruise](https://cruise.supremacy.team/) | [Ethtx](https://ethtx.info/) | [Tenderly](https://dashboard.tenderly.co/explorer) | [eigenphi](https://tx.eigenphi.io/analyseTransaction)

### Ethereum Signature Database

[4byte](https://www.4byte.directory/) | [sig db](https://openchain.xyz/signatures) | [etherface](https://www.etherface.io/hash)

### Useful tools

[ABI to interface](https://gnidan.github.io/abi-to-sol/) | [Get ABI for unverified contracts](https://abi.w1nt3r.xyz/) | [ETH Calldata Decoder](https://apoorvlathey.com/eth-calldata-decoder/) | [ETHCMD - Guess ABI](https://www.ethcmd.com/tools/decode-calldata/) | [Abi tools](https://openchain.xyz/tools/abi)

### Hacks Dashboard

[Slowmist](https://hacked.slowmist.io/) | [Defillama](https://defillama.com/hacks) | [De.Fi](https://de.fi/rekt-database) | [Rekt](https://rekt.news/) | [Cryptosec](https://cryptosec.info/defi-hacks/)

---

### List of DeFi Hacks & POCs

### 20241006 SASHAToken - Price Manipulation

### Total Lost : ~249 ETH (~$600K USD)

```
forge test --contracts ./src/test/2024-10/SASHAToken_exp.sol -vvv
```

#### Contract

[SASHAToken_exp.sol](src/test/2024-10/SASHAToken_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1842864840265883833

### 20241005 AIZPTToken - Wrong Price Calculation

### Total Lost : 34.88 BNB (~$20K USD)

```sh
forge test --contracts ./src/test/2024-10/AIZPTToken_exp.sol -vvv
```

#### Contract

[AIZPTToken_exp.sol](src/test/2024-10/AIZPTToken_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1842576732047700077

---

### 20241001 FireToken - Pair Manipulation With Transfer Function

### Lost: 8.45 ETH (~$20K USD)

```sh
forge test --contracts ./src/test/2024-10/FireToken_exp.sol -vvv
```

#### Contract

[FireToken_exp.sol](src/test/2024-10/FireToken_exp.sol)

### Link reference

https://twitter.com/0xNickLFranklin/status/1841305965750350089

---

### 20241002 LavaLending - Price Manipulation

### Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD)

```sh
forge test --contracts ./src/test/2024-10/LavaLending_exp.sol -vvv
```

#### Contract

[LavaLending_exp.sol](src/test/2024-10/LavaLending_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1841823216425435308

https://nickfranklin.site/2024/10/03/unknown-lending-project-hacked-due-to-price-oracle-manipulation/

---

### 20240926 OnyxDAO - Fake Market

### Lost: 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD)

```sh
forge test --contracts ./src/test/2024-09/OnyxDAO_exp.sol -vvv
```

#### Contract

[OnyxDAO_exp.sol](src/test/2024-09/OnyxDAO_exp.sol)

### Link reference

https://x.com/peckshield/status/1839302663680438342

---

### 20240926 Bedrock_DeFi - Swap ETH/BTC 1/1 in mint function

### Lost: 27.83925883 BTC (~$1.7M USD)

```sh
forge test --contracts ./src/test/2024-09/Bedrock_DeFi_exp.sol -vvv
```

#### Contract

[Bedrock_DeFi_exp.sol](src/test/2024-09/Bedrock_DeFi_exp.sol)

### Link reference

https://x.com/certikalert/status/1839403126694326374

---

### 20240924-MARA---price-manipulation

### Lost: ~8.8 WBNB (~5.3K USD)

```sh
forge test --contracts ./src/test/2024-09/MARA_exp.sol -vvv

```

#### Contract

[MARA_exp.sol](/src/test/2024-09/MARA_exp.sol)

### Link reference

https://bscscan.com/tx/0x0fe3716431f8c2e43217c3ca6d25eed87e14d0fbfa9c9ee8ce4cef2e5ec4583c

### 20240923 Bankroll_Network - Incorrect input validation

### Lost: ~404 WBNB (~234.8K USD)

```sh
forge test --contracts ./src/test/2024-09/Bankroll_exp.sol -vvv
```

#### Contract

[Bankroll_exp.sol](/src/test/2024-09/Bankroll_exp.sol)

### Link reference

https://x.com/Phalcon_xyz/status/1838042368018137547

---

### 20240913 OTSeaStaking - Logic Flaw

### Lost: 26k

```sh
forge test --contracts ./src/test/2024-09/OTSeaStaking_exp.sol -vvv
```
#### Contract

[OTSeaStaking_exp.sol](src/test/2024-09/OTSeaStaking_exp.sol)

### Link reference

Nick Franklin: https://nickfranklin.site/2024/09/13/otsea-staking-hacked/

---

### 20240910 Caterpillar_Coin_CUT - Price Manipulation

### Lost: ~1.4M USD

```sh
forge test --contracts ./src/test/2024-09/Caterpillar_Coin_CUT_exp.sol -vvv --evm-version shanghai
```

#### Contract

[Caterpillar_Coin_CUT_exp.sol](/src/test/2024-09/Caterpillar_Coin_CUT_exp.sol)

### Link reference

https://www.certik.com/zh-CN/resources/blog/caterpillar-coin-cut-token-incident-analysis

---

### 20240903 Penpiexyz_io - Reentrancy and Reward Manipulation

### Lost: 11,113.6 ETH (~$27,348,259 USD)

```sh
forge test --contracts ./src/test/2024-09/Penpiexyzio_exp.sol -vvv --evm-version shanghai
```
#### Contract

[Penpiexyzio_exp.sol](src/test/2024-09/Penpiexyzio_exp.sol)

### Link reference

https://x.com/peckshield/status/1831072098669953388

https://x.com/AnciliaInc/status/1831080555292856476

https://x.com/hackenclub/status/1831383106554573099

post-morten: https://x.com/Penpiexyz_io/status/1831462760787452240

---

### 20240828 AAVE - Arbitrary Call Error

### Lost: 52000

```sh
forge test --contracts ./src/test/2024-08/AAVE_Repay_Adapter.sol -vvv
```
#### Contract
[AAVE_Repay_Adapter.sol](src/test/2024-08/AAVE_Repay_Adapter.sol)

### Link reference

https://www.vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar

### 20240816 Zenterest - Price Out Of Date

### Lost: ~21000 USD

```sh
forge test --contracts ./src/test/2024-08/Zenterest_exp.sol -vvvv --evm-version shanghai
```
#### Contract

[Zenterest_exp.sol](src/test/2024-08/Zenterest_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1824579761383018564

---

### 20240814 NoName - Arbitrary Call

### Lost: ~5k

```sh
forge test --contracts ./src/test/2024-08/YodlRouter_exp.sol -vvv
```
#### Contract
[YodlRouter_exp.sol](src/test/2024-08/YodlRouter_exp.sol)
### Link reference

https://x.com/0xNickLFranklin/status/1823601087011807636

---

### 20240813 VOW - Misconfiguration

### Lost: ~ 1M USD

```sh
forge test --contracts ./src/test/2024-08/VOW_exp.sol -vvv
```
#### Contract
[VOW_exp.sol](src/test/2024-08/VOW_exp.sol)
### Link reference

https://x.com/Vowcurrency/status/1823407231658025300

---

### 20240812 iVest - Business logic flaw

### Lost: ~338 WBNB

```sh
forge test --contracts src/test/2024-08/IvestDao_exp.sol -vvv
```

#### Contract

[IvestDao_exp.sol](src/test/2024-08/IvestDao_exp.sol)

### Link reference

https://x.com/AnciliaInc/status/1822870201698050064

---

### 20240806 Novax - Price Manipulation

### Lost: ~25K USD

```sh
forge test --contracts ./src/test/2024-08/NovaXM2E_exp.sol -vvv
```

#### Contract

[NovaXM2E_exp.sol](src/test/2024-08/NovaXM2E_exp.sol)

### Link reference

https://x.com/EXVULSEC/status/1820676684410147276

---

### 20240801 Convergence - Incorrect input validation

### Lost: ~200K USD

```sh
forge test --contracts ./src/test/2024-08/Convergence_exp.sol -vvvv --evm-version cancun
```

#### Contract

[Convergence_exp.sol](src/test/2024-08/Convergence_exp.sol)

### Link reference

https://x.com/DecurityHQ/status/1819030089012527510

---

### 20240724 Spectra_finance - Incorrect input validation

### Lost: ~73K USD

```sh
forge test --contracts ./src/test/2024-07/Spectra_finance_exp.sol -vvv
```

#### Contract

[Spectra_finance_exp.sol](src/test/2024-07/Spectra_finance_exp.sol)

### Link reference

https://x.com/shoucccc/status/1815981585637990899

---

### 20240723 MEVbot_0xdd7c - Incorrect input validation

### Lost: ~18k USD

```sh
forge test --contracts src/test/MEVbot_0xdd7c_exp.sol -vvv --evm-version cancun
```

#### Contract

[MEVbot_0xdd7c_exp.sol](src/test/2024-07/MEVbot_0xdd7c_exp.sol)

### Link reference

https://x.com/SlowMist_Team/status/1815656653100077532

---

### 20240716 Lifiprotocol - Incorrect input validation

### Lost: ~10M USD

```sh
forge test --contracts ./src/test/2024-07/Lifiprotocol_exp.sol -vvv
```

#### Contract

[Lifiprotocol_exp.sol](src/test/2024-07/Lifiprotocol_exp.sol)

### Link reference

https://x.com/danielvf/status/1505689981385334784

---

### 20240714 Minterest - Reentrancy

### Lost: ~427 ETH

```sh
forge test --contracts ./src/test/2024-07/Minterest_exp.sol -vvv
```

#### Contract

[Minterest_exp.sol](src/test/2024-07/Minterest_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1813122959219040323

---

### 20240712 DoughFina - Incorrect input validation

### Lost: ~1.8M USD

```sh
forge test --contracts ./src/test/2024-07/DoughFina_exp.sol -vvv
```

#### Contract

[DoughFina_exp.sol](src/test/2024-07/DoughFina_exp.sol)

### Link reference

https://x.com/CertiKAlert/status/1811668992882307478

---

### 20240711 SBT - business logic flaw

### Lost: ~56K USD

```sh
forge test --contracts ./src/test/2024-07/SBT_exp.sol -vvv
```

#### Contract

[SBT_exp.sol](src/test/2024-07/SBT_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1811401263969673654

---

### 20240711 GAX - Lack of access control

### Lost: ~50K $BUSD

```sh
forge test --contracts ./src/test/2024-07/GAX_exp.sol -vvv
```

#### Contract

[GAX_exp.sol](src/test/2024-07/GAX_exp.sol)

### Link reference

https://x.com/EXVULSEC/status/1811348160851378333

---

### 20240708 LW - Integer Underflow

### Lost: ~7K USD

```sh
forge test --contracts ./src/test/2024-07/LW_exp.sol -vvv
```

#### Contract

[LW_exp.sol](src/test/2024-07/LW_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1810245893490368820

---

### 20240705 DeFiPlaza - loss of precision

### Lost: ~200K USD

```sh
forge test --contracts ./src/test/2024-07/DeFiPlaza_exp.sol -vvv
```

#### Contract

[DeFiPlaza_exp.sol](src/test/2024-07/DeFiPlaza_exp.sol)

### Link reference

https://x.com/DecurityHQ/status/1809222922998808760

---

### 20240703 UnverifiedContr_0x452E25 - lack-of-access-control

### Lost: 27 ETH

```sh
forge test --contracts ./src/test/2024-07/UnverifiedContr_0x452E25_exp.sol -vvv --evm-version "cancun"
```

#### Contract

[UnverifiedContr_0x452E25_exp.sol](src/test/2024-07/UnverifiedContr_0x452E25_exp.sol)

### Link reference

https://x.com/SlowMist_Team/status/1808334870650970514

---

### 20240702 MRP - Reentrancy

### Lost: 17 BNB

```sh
forge test --contracts ./src/test/2024-07/MRP_exp.sol -vvv
```

#### Contract

[MRP_exp.sol](src/test/2024-07/MRP_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1808309614443733005

---

### 20240628 Will - business logic flaw

### Lost: $52K

```sh
forge test --contracts ./src/test/2024-06/Will_exp.sol -vvv --evm-version "shanghai"
```

#### Contract

[Will_exp.sol](src/test/2024-06/Will_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1806704287252394238

---

### 20240627 APEMAGA - business logic flaw

### Lost: ~9 ETH

```sh
forge test --contracts ./src/test/2024-06/APEMAGA_exp.sol -vvv --evm-version "shanghai"
```

#### Contract

[APEMAGA_exp.sol](src/test/2024-06/APEMAGA_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1806297556852601282

---

### 20240618 INcufi - business logic flaw

### Lost: ~59K USD

```sh
forge test --contracts ./src/test/2024-06/INcufi_exp.sol -vvv
```

#### Contract

[INcufi_exp.sol](src/test/2024-06/Incufi_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1803317022513832301

---

### 20240617 Dyson_money - business logic flaw

### Lost: 52 BNB

```sh
forge test --contracts ./src/test/2024-06/Dyson_money_exp.sol -vvv
```

#### Contract

[Dyson_money_exp.sol](src/test/2024-06/Dyson_money_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1802634237667054052

---

### 20240616 WIFCOIN_ETH - business logic flaw

### Lost: ~3.4 ETH (WIF token)

```sh
forge test --contracts ./src/test/2024-06/WIFCOIN_ETH_exp.sol -vv --evm-version "shanghai"
```

#### Contract

[WIFCOIN_ETH_exp.sol](src/test/2024-06/WIFCOIN_ETH_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1802550962977964139

---

### 20240616 Crb2 - business logic flaw

### Lost: ~15K

```sh
forge test --contracts ./src/test/2024-06/Crb2_exp.sol -vv --evm-version shanghai
```

#### Contract

[Crb2_exp.sol](src/test/2024-06/Crb2_exp.sol)

### Link reference

---

### 20240611 JokInTheBox - business logic flaw

### Lost: ~9.2 ETH

```sh
forge test --contracts ./src/test/2024-06/JokInTheBox_exp.sol -vv --evm-version cancun
```

#### Contract

[JokInTheBox_exp.sol](src/test/2024-06/JokInTheBox_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1800355604692910571

---

### 20240610 Bazaar - Insufficient Permission Check

### Lost: 1.4M

```sh
forge test --contracts ./src/test/2024-06/Bazaar_exp.sol -vvv
```

#### Contract

[Bazaar_exp.sol](src/test/2024-06/Bazaar_exp.sol)

### Link reference

https://x.com/shoucccc/status/1800353122159833195

---

### 20240608 YYStoken - Business Logic Flaw

### Lost: $28K

```sh
forge test --contracts src/test/2024-06/YYS_exp.sol -vv
```

#### Contract

[YYS_exp.sol](src/test/2024-06/YYS_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1799610045589831833

---

### 20240606 SteamSwap - Logic Flaw

### Lost: ~$91k

```sh
forge test --contracts ./src/test/2024-06/SteamSwap_exp.sol -vvv --evm-version shanghai
```

#### Contract

[SteamSwap_exp.sol](src/test/2024-06/SteamSwap_exp.sol)

### Link reference

https://x.com/SlowMist_Team/status/1798905797440897386

---

### 20240606 MineSTM - Business Logic Flaw

### Lost: $13.8K

```sh
forge test --contracts src/test/2024-06/MineSTM_exp.sol -vv
```

#### Contract

[MineSTM_exp.sol](src/test/2024-06/MineSTM_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1798920774511898862

---

### 20240604 NCD - Business Logic Flaw

### Lost: $6.4K

```sh
forge test --contracts src/test/2024-06/NCD_exp.sol -vv
```

#### Contract

[NCD_exp.sol](src/test/2024-06/NCD_exp.sol)

### Link reference

https://x.com/SlowMist_Team/status/1797821034319765604

---

### 20240601 VeloCore - lack-of-access-control

### Lost: $6.88M

```sh
forge test --contracts src/test/2024-06/Velocore_exp.sol -vv
```

#### Contract

[Velocore_exp.sol](src/test/2024-06/Velocore_exp.sol)

### Link reference

https://x.com/BeosinAlert/status/1797247874528645333

---

### 20240531 Liquiditytokens - Business Logic Flaw

### Lost: ~200K USD

```sh
forge test --contracts ./src/test/2024-05/Liquiditytokens_exp.sol -vvv
```

#### Contract

[Liquiditytokens_exp.sol](src/test/2024-05/Liquiditytokens_exp.sol)

### Link reference

https://x.com/EXVULSEC/status/1796499069583724638

---

### 20240531 MixedSwapRouter - Arbitrary Call

### Lost: >10700USD(WINR token)

```sh
forge test --contracts ./src/test/2024-05/MixedSwapRouter_exp.sol -vvv
```

#### Contract

[MixedSwapRouter_exp.sol](src/test/2024-05/MixedSwapRouter_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1796484286738227579

---

### 20240529 SCROLL - Integer Underflow

### Lost: 76 ETH

```sh
forge test --contracts ./src/test/2024-05/SCROLL_exp.sol -vvv
```

#### Contract

[SCROLL_exp.sol](src/test/2024-05/SCROLL_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1795650745448169741

---

### 20240529 MetaDragon - Lack of Access Control

### Lost: ~ $180k

```sh
forge test --contracts src/test/2024-05/MetaDragon_exp.sol -vvvvv --evm-version shanghai
```

#### Contract

[MetaDragon_exp.sol](src/test/2024-05/MetaDragon_exp.sol)

### Link reference

https://x.com/Phalcon_xyz/status/1795746828064854497

---

### 20240528 Tradeonorion - Business Logic Flaw

### Lost: ~645K

```sh
forge test --contracts ./src/test/2024-05/Tradeonorion_exp.sol -vvv
```

#### Contract

[Tradeonorion_exp.sol](src/test/2024-05/Tradeonorion_exp.sol)

### Link reference

https://x.com/MetaSec_xyz/status/1796008961302258001

---

### 20240528 EXcommunity - Business Logic Flaw

### Lost: 33BNB

```sh
forge test --contracts ./src/test/2024-05/EXcommunity_exp.sol -vvv
```

#### Contract

[EXcommunity_exp.sol](src/test/2024-05/EXcommunity_exp.sol)

### Link reference

https://x.com/SlowMist_Team/status/1795648617530995130

---

### 20240527 RedKeysCoin - Weak RNG

### Lost: $12K

```sh
forge test --contracts ./src/test/2024-05/RedKeysCoin_exp.sol -vvv --evm-version shanghai
```

#### Contract

[RedKeysCoin_exp.sol](src/test/2024-05/RedKeysCoin_exp.sol)

### Link reference

---

### 20240526 NORMIE - Business Logic Flaw

### Lost: $490K

```sh
forge test --contracts ./src/test/2024-05/NORMIE_exp.sol -vv
```

#### Contract

[NORMIE_exp.sol](src/test/2024-05/NORMIE_exp.sol)

### Link reference

https://x.com/lookonchain/status/1794680612399542672

---

### 20240522 Burner - sandwich ack

### Lost: 1.7 eth

```sh
forge test --contracts ./src/test/2024-05/Burner_exp.sol -vv
```

#### Contract

[Burner_exp.sol](src/test/2024-05/Burner_exp.sol)

### Link reference

https://x.com/0xNickLFranklin/status/1792925754243625311

---

### 20240516 TCH - Signature Malleability Vulnerability

### Lost: $18K

```sh
forge test --contracts ./src/test/2024-05/TCH_exp.sol -vvv
```

#### Contract

[TCH_exp.sol](src/test/2024-05/TCH_exp.sol)

### Link reference

https://x.com/DecurityHQ/status/1791180322882629713

---

### 20240514 Sonne Finance - Precision loss

### Lost: $20M

```sh
forge test --contracts ./src/test/2024-05/Sonne_exp.sol -vvv
```

#### Contract

[Sonne_exp.sol](src/test/2024-05/Sonne_exp.sol)

### Link reference

https://neptunemutual.com/blog/taking-a-closer-look-at-sonne-finance-exploit/

---

### 20240514 PredyFinance - Reentrancy

### Lost: $464K

```sh
forge test --contracts ./src/test/2024-05/PredyFinance_exp.sol -vvv
```

#### Contract

[PredyFinance_exp.sol](src/test/2024-05/PredyFinance_exp.sol)

### Link reference

https://twitter.com/Phalcon_xyz/status/1790307019590680851

---

### 20240512 TGC - Business Logic Flaw

### Lost: $32K

```sh
forge test --contracts ./src/test/2024-05/TGC_exp.sol -vvv
```

#### Contract

[TGC_exp.sol](src/test/2024-05/TGC_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1789490986588205529

---

### 20240510 GFOX - lack of access control

### Lost: 330K USD

```sh
forge test --contracts ./src/test/2024-05/GFOX_exp.sol -vvv --evm-version shanghai
```

#### Contract

[GFOX_exp.sol](src/test/2024-05/GFOX_exp.sol)

### Link reference

https://twitter.com/CertiKAlert/status/1788751142144401886

---

### 20240510 TSURU - Insufficient Validation

### Lost: 140K

```sh
forge test --contracts ./src/test/2024-05/TSURU_exp.sol -vvv --evm-version shanghai
```

#### Contract

[TSURU_exp.sol](src/test/2024-05/TSURU_exp.sol)

### Link reference

https://base.tsuru.wtf/usdtsuru-exploit-incident-report

---

### 20240508 GPU - self transfer

### Lost: ~32K USD

```sh
forge test --contracts src/test/2024-05/GPU_exp.sol -vvv
```

#### Contract

[GPU_exp.sol](src/test/2024-05/GPU_exp.sol)

### Link reference

https://twitter.com/PeckShieldAlert/status/1788153869987611113

---

### 20240507 SATURN - Price Manipulation

### Lost: ~15 BNB

```sh
forge test --contracts src/test/2024-05/OSN_exp.sol -vvv
```

#### Contract

[SATURN_exp.sol](src/test/2024-05/SATURN_exp.sol)

### Link reference

https://twitter.com/ChainAegis/status/1787667253435195841

---

### 20240506 OSN - Reward Distribution Problem

### Lost: ~109K USD

```sh
forge test --contracts src/test/2024-05/OSN_exp.sol -vvv --evm-version shanghai
```

#### Contract

[OSN_exp.sol](src/test/2024-05/OSN_exp.sol)

### Link reference

https://twitter.com/SlowMist_Team/status/1787330586857861564

---

### 20240430 Yield - Business Logic Flaw

### Lost: 181K

```sh
forge test --contracts ./src/test/2024-04/Yield_exp.sol -vvv
```

#### Contract

[Yield_exp.sol](src/test/2024-04/Yield_exp.sol)

### Link reference

https://twitter.com/peckshield/status/1785121607192817692

https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50

---

### 20240430 PikeFinance - Uninitialized Proxy

### Lost: 1.4M

```sh
forge test --contracts ./src/test/2024-04/PikeFinance_exp.sol -vvv
```

#### Contract

[PikeFinance_exp.sol](src/test/2024-04/PikeFinance_exp.sol)

### Link reference

https://twitter.com/Phalcon_xyz/status/1785508900093194591

---

### 20240427 BNBX - precission loss

### Lost: ~75 $BNB

```sh
forge test --contracts ./src/test/2024-04/BNBX_exp.sol -vvv --evm-version shanghai
```

#### Contract

[BNBX_exp.sol](src/test/2024-04/BNBX_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1784431544557514896

---

### 20240425 NGFS - Bad Access Control

### Lost: ~190K

```sh
forge test --contracts ./src/test/2024-04/NGFS_exp.sol -vvv --evm-version shanghai
```

#### Contract

[NGFS_exp.sol](src/test/2024-04/NGFS_exp.sol)

### Link reference

https://twitter.com/CertiKAlert/status/1783476515331616847

---

### 20240424 XBridge - Logic Flaw

### Lost: >200k USD(plus a lot of STC, SRLTY, Mazi tokens)

```sh
forge test --contracts ./src/test/2024-04/XBridge_exp.sol -vvv
```

#### Contract

[XBridge_exp.sol](src/test/2024-04/XBridge_exp.sol)

---

### 20240424 YIEDL - Input Validation

### Lost: 150k USD

```sh
forge test --contracts ./src/test/2024-04/YIEDL_exp.sol -vvv
```

#### Contract

[YIEDL_exp.sol](src/test/2024-04/YIEDL_exp.sol)

### 20240422 Z123 - price manipulation

### Lost: 136k USD

```sh
forge test --contracts ./src/test/2024-04/Z123_exp.sol -vvv
```

#### Contract

[Z123_exp.sol](src/test/2024-04/Z123_exp.sol)

### Link reference

https://twitter.com/PeckShieldAlert/status/1782322484911784385

---

### 20240420 Rico - Arbitrary Call

### Lost: 36K

```sh
forge test --contracts ./src/test/2024-04/Rico_exp.sol -vvv
```

#### Contract

[Rico_exp.sol](src/test/2024-04/Rico_exp.sol)

### Link reference

https://twitter.com/ricocreditsys/status/1781803698940781009

---

### 20240419 HedgeyFinance - Logic Flaw

### Lost: 48M USD

```sh
forge test --contracts ./src/test/2024-04/HedgeyFinance_exp.sol -vvv
```

#### Contract

[HedgeyFinance_exp.sol](src/test/2024-04/HedgeyFinance_exp.sol)

### Link reference

https://twitter.com/Cube3AI/status/1781294512716820918

---

### 20240417 UnverifiedContr_0x00C409 - unverified external call

### Lost: ~ 18 eth

```sh
forge test --contracts src/test/2024-04/UnverifiedContr_0x00C409_exp.sol -vvv
```

#### Contract

[UnverifiedContr_0x00C409_exp.sol](src/test/2024-04/UnverifiedContr_0x00C409_exp.sol)

### Link reference

https://x.com/CyversAlerts/status/1780593407871635538

---

### 20240416 SATX - Logic Flaw

### Lost: ~ 50 BNB

```sh
forge test --contracts src/test/2024-04/SATX_exp.sol -vvv
```

#### Contract

[SATX_exp.sol](src/test/2024-04/SATX_exp.sol)

### Link reference

https://x.com/bbbb/status/1780341239801393479

---

### 20240416 MARS - Bad Reflection

### Lost: >100K

```sh
forge test --contracts src/test/2024-04/MARS_exp.sol -vv
```

#### Contract

[MARS_exp.sol](src/test/2024-04/MARS_exp.sol)

### Link reference

https://twitter.com/Phalcon_xyz/status/1780150315603701933

---

### 20240415 GFA - business-logic-flaw

### Lost: ~14K USD

```sh
forge test --contracts src/test/2024-04/GFA_exp.sol -vvv
```

#### Contract

[GFA_exp.sol](src/test/2024-04/GFA_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1779809931962827055

---

### 20240415 Chainge - Input Validation

### Lost: ~200K

```sh
forge test --contracts ./src/test/2024-04/Chainge_exp.sol -vvv
```

#### Contract

[Chainge_exp.sol](src/test/2024-04/Chainge_exp.sol)

### Link reference

https://twitter.com/CyversAlerts/status/1779875922381860920

---

### 20240414 Hackathon - business logic flaw

### Lost: ~20K

```sh
forge test --contracts ./src/test/2024-04/Hackathon_exp.sol -vvv
```

#### Contract

[Hackathon_exp.sol](src/test/2024-04/Hackathon_exp.sol)

### Link reference

https://x.com/EXVULSEC/status/1779519508375613827

---

### 20240412 FIL314 - Insufficient Validation And Price Manipulation

### Lost: ~14 BNB

```sh
forge test --contracts ./src/test/2024-04/FIL314_exp.sol -vvv
```

#### Contract

[FIL314_exp.sol](src/test/2024-04/FIL314_exp.sol)

### Link reference

---

### 20240412 SumerMoney - Reentrancy

### Lost: 350K

```sh
forge test --contracts ./src/test/2024-04/SumerMoney_exp.sol -vvv
```

#### Contract

[SumerMoney_exp.sol](src/test/2024-04/SumerMoney_exp.sol)

### Link reference

https://twitter.com/0xNickLFranklin/status/1778986926705672698

---

### 20240412 GROKD - lack of access control

### Lost: $~150 BNB

```
forge test --contracts ./src/test/2024-04/GROKD_exp.sol -vvv
```

#### Contract

[GROKD_exp.sol](src/test/2024-04/GROKD_exp.sol)

### Link reference

https://x.com/hipalex921/status/1778482890705416323?t=KvvG83s7SXr9I55aftOc6w&s=05

---

### 20240410 BigBangSwap - precission loss

### Lost: $~5K $BUSD

```
forge test --contracts ./src/test/2024-04/BigBangSwap_exp.sol -vvv
```

#### Contract

[BigBangSwap_exp.sol](src/test/2024-04/BigBangSwap_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1778254222288621912

---

### 20240409 UPS - business logic flaw

### Lost: $~28K USD

```
forge test --contracts ./src/test/2024-04/UPS_exp.sol -vvv
```

#### Contract

[UPS_exp.sol](src/test/2024-04/UPS_exp.sol)

### Link reference

https://twitter.com/0xNickLFranklin/status/1777589021058728214

---

### 20240408 SQUID - sandwich attack

### Lost: $~87K USD

```
forge test --contracts ./src/test/2024-04/SQUID_exp.sol -vvv
```

#### Contract

[SQUID_exp.sol](src/test/2024-04/SQUID_exp.sol)

### Link reference

https://twitter.com/bbbb/status/1777228277415039304

---

### 20240404 wsm - manipulating price

### Lost: $~18K USD

```
forge test --contracts ./src/test/2024-04/WSM_exp.sol -vvv
```

#### Contract

[WSM_exp.sol](src/test/2024-04/WSM_exp.sol)

### Link reference

https://hacked.slowmist.io/#:~:text=Hacked%20target%3A%20Wall%20Street%20Memes

---

### 20240402 HoppyFrogERC - business logic flaw

### Lost: ~0.3 ETH

```
forge test --contracts ./src/test/2024-04/HoppyFrogERC_exp.sol -vvv --evm-version shanghai
```

#### Contract

[HoppyFrogERC_exp.sol](src/test/2024-04/HoppyFrogERC_exp.sol)

### Link reference

https://x.com/ChainAegis/status/1775351437410918420

---

### 20240401 ATM - business logic flaw

### Lost: $~182K USD

```
forge test --contracts ./src/test/2024-04/ATM_exp.sol -vvv
```

#### Contract

[ATM_exp.sol](src/test/2024-04/ATM_exp.sol)

### Link reference

https://twitter.com/0xNickLFranklin/status/1775008489569718508

---

### 20240401 OpenLeverage - business logic flaw

### Lost: ~234K

```
forge test --contracts src/test/2024-04/OpenLeverage2_exp.sol -vvv
```

#### Contract

[OpenLeverage2_exp.sol](src/test/2024-04/OpenLeverage2_exp.sol)

### Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

---

### 20240329 ETHFIN - lack of access control

### Lost: ~$1.24K (2.13 BNB)

```sh
forge test --contracts ./src/test/2024-03/ETHFIN_exp.sol -vvv --evm-version shanghai
```
#### Contract

[ETHFIN_exp.sol](src/test/2024-03/ETHFIN_exp.sol)

### Link reference

https://app.blocksec.com/explorer/tx/bsc/0xfe031685d84f3bae1785f5b2bd0ed480b87815c3f23ce6ced73b8573b7e367c6

---

### 20240329 PrismaFi - Insufficient Validation

### Lost: $~11M

```sh
forge test --contracts ./src/test/2024-03/Prisma_exp.sol -vvv
```

#### Contract

[Prisma_exp.sol](src/test/2024-03/Prisma_exp.sol)

### Link reference

https://twitter.com/EXVULSEC/status/1773371049951797485

---

### 20240328 LavaLending - Business Logic Flaw

### Lost: ~340K

```
forge test --contracts src/test/2024-03/LavaLending_exp.sol -vvv
```

#### Contract

[LavaLending_exp.sol](src/test/2024-03/LavaLending_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1774727539975672136

https://twitter.com/Phalcon_xyz/status/1773546399713345965

https://hackmd.io/@LavaSecurity/03282024

---

### 20240325 ZongZi - Price Manipulation

### Lost: ~223K

```
forge test --contracts src/test/2024-03/ZongZi_exp.sol -vvv
```

#### Contract

[ZongZi_exp.sol](src/test/2024-03/ZongZi_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1772195949638775262

---

### 20240323 CGT - Incorrect Access Control

### Lost: 996B (CGT token)

```sh
forge test --contracts ./src/test/2024-03/CGT_exp.sol -vvv
```

#### Contract

[CGT_exp.sol](src/test/2024-03/CGT_exp.sol)

### Link reference

https://x.com/AnciliaInc/status/1771598968448745536

---

### 20240321 SSS - Token Balance Doubles on Transfer to self

### Lost: 4.8M

```sh
forge test --contracts ./src/test/2024-03/SSS_exp.sol -vvv
```

#### Contract

[SSS_exp.sol](src/test/2024-03/SSS_exp.sol)

### Link reference

https://twitter.com/dot_pengun/status/1770989208125272481

---

### 20240324 ARK - business logic flaw

### Lost: ~348BNB

```
forge test --contracts src/test/2024-03/ARK_exp.sol -vvv
```

#### Contract

[ARK_exp.sol](src/test/2024-03/ARK_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1771728823534375249

---

### 20240320 Paraswap - Incorrect Access Control

### Lost: ~24K

```
forge test --contracts src/test/2024-03/Paraswap_exp.sol -vvv --evm-version shanghai
```

#### Contract

[Paraswap_exp.sol](src/test/2024-03/Paraswap_exp.sol)

#### Link reference

https://medium.com/neptune-mutual/analysis-of-the-paraswap-exploit-1f97c604b4fe

---

### 20240314 MO - business logic flaw

### Lost: ~413k USDT

```
forge test --contracts src/test/2024-03/MO_exp.sol -vvv
```

#### Contract

[MO_exp.sol](src/test/2024-03/MO_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1768184024483430523

---

### 20240313 IT - business logic flaw

### Lost: ~13k USDT

```
forge test --via-ir --contracts src/test/2024-03/IT_exp.sol -vvv
```

#### Contract

[IT_exp.sol](src/test/2024-03/IT_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1768171595561046489

---

### 20240312 BBT - business logic flaw

### Lost: ~5.06 ETH

```
forge test --contracts src/test/2024-03/BBT_exp.sol -vvv
```

#### Contract

[BBT_exp.sol](src/test/2024-03/BBT_exp.sol)

#### Link reference

https://x.com/8olidity/status/1767470002566058088

---

### 20240311 Binemon - precission-loss

### Lost: ~0.2 BNB

```
forge test --contracts src/test/2024-03/Binemon_exp.sol -vvv
```

#### Contract

[Binemon_exp.sol](src/test/2024-03/Binemon_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/bsc/0x1999bb5c11a8d8bfa7620fc5cc37f5bc59c1a99d7a9250a8d6076c93bbdbeb5f

---

### 20240309 Juice - Business Logic Flaw

### Lost: ~54 ETH

```sh
forge test --contracts ./src/test/2024-03/Juice_exp.sol -vvv --evm-version shanghai
```

#### Contract

[Juice_exp.sol](src/test/2024-03/Juice_exp.sol)

### Link reference

https://medium.com/@juicebotapp/juice-staking-exploit-next-steps-95e218b3ec71

---

### 20240309 UnizenIO - unverified external call

### Lost: ~2M

```
forge test --contracts src/test/2024-03/UnizenIO_exp.sol -vvvv
```

#### Contract

[UnizenIO_exp.sol](src/test/2024-03/UnizenIO_exp.sol) | [UnizenIO2_exp.sol](src/test/2024-03/UnizenIO2_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1766274000534004187

https://twitter.com/AnciliaInc/status/1766261463025684707

---

### 20240307 GHT - Business Logic Flaw

### Lost: ~57K

```
forge test --contracts ./src/test/2024-03/GHT_exp.sol -vvv
```

#### Contract

[GHT_exp.sol](src/test/2024-03/GHT_exp.sol)

#### Link reference

---

### 20240306 ALP - Public internal function

### Lost: ~10K

Testing

```
forge test --contracts ./src/test/2024-03/ALP_exp.sol -vvv
```

#### Contract

[ALP_exp.sol](src/test/2024-03/ALP_exp.sol)

#### Link Reference

https://twitter.com/0xNickLFranklin/status/1765296663667875880

---

### 20240306 TGBS - Business Logic Flaw

### Lost: ~150K

```
forge test --contracts ./src/test/2024-03/TGBS_exp.sol -vvv
```

#### Contract

[TGBS_exp.sol](src/test/2024-03/TGBS_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1765290290083144095

https://twitter.com/Phalcon_xyz/status/1765285257949974747

---

### 20240305 Woofi - Price Manipulation

### Lost: ~8M

```
forge test --contracts ./src/test/2024-03/Woofi_exp.sol -vvv
```

#### Contract

[Woofi_exp.sol](src/test/2024-03/Woofi_exp.sol)

#### Link reference

https://twitter.com/spreekaway/status/1765046559832764886
https://twitter.com/PeckShieldAlert/status/1765054155478175943

---

### 20240228 Seneca - Arbitrary External Call Vulnerability

### Lost: ~6M

```
forge test --contracts ./src/test/2024-02/Seneca_exp.sol -vvv
```

#### Contract

[Seneca_exp.sol](src/test/2024-02/Seneca_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1763045563040411876

---

### 20240228 SMOOFSStaking - Reentrancy

### Lost: Unclear

```
forge test --contracts ./src/test/2024-02/SMOOFSStaking_exp.sol -vvv
```

#### Contract

[SMOOFSStaking_exp.sol](src/test/2024-02/SMOOFSStaking_exp.sol)

#### Link reference

https://twitter.com/AnciliaInc/status/1762893563103428783

https://twitter.com/0xNickLFranklin/status/1762895774311178251

---

### 20240223 Zoomer - Business Logic Flaw

### Lost: ~14 ETH

```
forge test --contracts ./src/test/2024-02/Zoomer_exp.sol -vvv --evm-version "shanghai"
```

#### Contract

[Zoomer_exp.sol](src/test/2024-02/Zoomer_exp.sol)

#### Link reference

https://x.com/ChainAegis/status/1761246415488225668

---

### 20240223 CompoundUni - Oracle bad price

### Lost: ~439,537 USD

```
forge test --contracts ./src/test/2024-02/CompoundUni_exp.sol -vvv
```

#### Contract

[CompoundUni_exp.sol](src/test/2024-02/CompoundUni_exp.sol)

#### Link reference

https://twitter.com/0xLEVI104/status/1762092203894276481

---

### 20240223 BlueberryProtocol - logic flaw

### Lost: ~1,400,000 USD

```
forge test --contracts ./src/test/2024-02/BlueberryProtocol_exp.sol -vvv
```

#### Contract

[BlueberryProtocol_exp.sol](src/test/2024-02/BlueberryProtocol_exp.sol)

#### Link reference

https://twitter.com/blueberryFDN/status/1760865357236211964

---

### 20240222 SwarmMarkets - lack of validation

### Lost: ~7k $DAI

```
forge test --contracts ./src/test/2024-02/SwarmMarkets_exp.sol -vvv
```

#### Contract

[SwarmMarkets_exp.sol](src/test/2024-02/SwarmMarkets_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/eth/0xa4d7ee2ddb9db06961a17e2a5ae71743a266bcb720be138670f4a10e8dfc13e9

---

### 20240221 DeezNutz 404 - lack of validation

### Lost: ~170k

```
forge test --contracts ./src/test/2024-02/DeezNutz404_exp.sol -vvv
```

#### Contract

[DeezNutz404_exp.sol](src/test/2024-02/DeezNutz404_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1760481343161700523

---

### 20240221 GAIN - bad function implementation

### Lost: ~6.4 ETH

```
forge test --contracts ./src/test/2024-02/GAIN_exp.sol -vvv
```

#### Contract

[GAIN_exp.sol](src/test/2024-02/GAIN_exp.sol)

#### Link reference

https://twitter.com/0xNickLFranklin/status/1760559768241160679

---

### 20240220 EGGX - reentrancy

### Lost: ~2 ETH

```
forge test --contracts ./src/test/2024-02/EGGX_exp.sol -vvv
```

#### Contract

[EGGX_exp.sol](src/test/2024-02/EGGX_exp.sol)

#### Link reference

https://x.com/PeiQi_0/status/1759826303044497726

---

### 20240219 RuggedArt - reentrancy

### Lost: ~10k

```
forge test --contracts ./src/test/2024-02/RuggedArt_exp.sol -vvv
```

#### Contract

[RuggedArt_exp.sol](src/test/2024-02/RuggedArt_exp.sol)

#### Link reference

https://twitter.com/EXVULSEC/status/1759822545875025953

---

### 20240216 ParticleTrade - lack of validation data

### Lost: ~50k

```
forge test --contracts ./src/test/2024-02/ParticleTrade_exp.sol -vvv
```

#### Contract

[ParticleTrade_exp.sol](src/test/2024-02/ParticleTrade_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1758028270770250134

---

### 20240215 DualPools - precision truncation

### Lost: ~42k

```
forge test --contracts ./src/test/2024-02/DualPools_exp.sol -vvvv
```

#### Contract

[DualPools_exp.sol](src/test/2024-02/DualPools_exp.sol)

#### Link reference

https://medium.com/@lunaray/dualpools-hack-analysis-5209233801fa

---

### 20240215 Babyloogn - lack of validation

### Lost: ~2 $BNB

```
forge test --contracts ./src/test/2024-02/Babyloogn_exp.sol -vvvv
```

#### Contract

[Babyloogn_exp.sol](src/test/2024-02/Babyloogn_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/bsc/0xd081d6bb96326be5305a6c00dd51d1799971794941576554341738abc1ceb202

---

### 20240215 Miner - lack of validation dst address

### Lost: ~150k

```
forge test --contracts ./src/test/2024-02/Miner_exp.sol -vvv --evm-version shanghai
```

#### Contract

[Miner_exp.sol](src/test/2024-02/Miner_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1757777340002681326

---

### 20240213 MINER - Price Manipulation

### Lost: ~3.5 WBNB

```sh
forge test --contracts ./src/test/2024-02/MINER_bsc_exp.sol -vvv --evm-version shanghai
```
#### Contract

[MINER_bsc_exp.sol](src/test/2024-02/MINER_bsc_exp.sol)

### Link reference

https://app.blocksec.com/explorer/tx/bsc/0x15ab671c9bf918fa4b6a9eed9ccb527f32aca40e926ede2aec2c84dfa9c30512?line=6

---

### 20240211 Game - Reentrancy && Business Logic Flaw

### Lost: ~20 ETH

```
forge test --contracts ./src/test/2024-02/Game_exp.sol -vvv
```

#### Contract

[Game_exp.sol](src/test/2024-02/Game_exp.sol)

#### Link reference

https://twitter.com/AnciliaInc/status/1757533144033739116

---

### 20240210 FILX DN404 - Access Control

### Lost: 200K

```sh
forge test --contracts ./src/test/2024-02/DN404_exp.sol -vvv
```

#### Contract

[DN404_exp.sol](src/test/2024-02/DN404_exp.sol)

---

### 20240208 Pandora - interger underflow

### Lost: ~17K USD

```
forge test --contracts ./src/test/2024-02/PANDORA_exp.sol -vvv
```

#### Contract

[PANDORA_exp.sol](src/test/2024-02/PANDORA_exp.sol)

#### Link reference

https://twitter.com/pennysplayer/status/1766479470058406174

---

### 20240205 BurnsDefi - Price Manipulation

### Lost: ~67K

```
forge test --contracts ./src/test/2024-02/BurnsDefi_exp.sol -vvv
```

#### Contract

[BurnsDefi_exp.sol](src/test/2024-02/BurnsDefi_exp.sol)

#### Link reference

https://twitter.com/pennysplayer/status/1754342573815238946

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408 (similar incident)

---

### 20240202 ADC - incorrect-access-control

### Lost: ~20 eth

```
forge test --contracts ./src/test/2024-02/ADC_exp.sol -vvv
```

#### Contract

[ADC_exp.sol](src/test/2024-02/ADC_exp.sol)

#### Link reference

https://x.com/EXVULSEC/status/1753294675971313790

---

### 20240201 AffineDeFi - lack of validation userData

### Lost: ~88K

```
forge test --contracts ./src/test/2024-02/AffineDeFi_exp.sol -vvv
```

#### Contract

[AffineDeFi_exp.sol](src/test/2024-02/AffineDeFi_exp.sol)

#### Link reference

https://twitter.com/Phalcon_xyz/status/1753020812284809440

https://twitter.com/CyversAlerts/status/1753040754287513655

---

### 20240130 XSIJ - Business Logic Flaw

### Lost: ~51K USD

```
forge test --contracts ./src/test/2024-01/XSIJ_exp.sol -vvv
```

#### Contract

[XSIJ_exp.sol](src/test/2024-01/XSIJ_exp.sol)

#### Link reference

https://x.com/CertiKAlert/status/1752384801535918264

---

### 20240130 MIMSpell - Precission Loss

### Lost: ~6,5M

```
forge test --contracts ./src/test/2024-01/MIMSpell2_exp.sol -vvv
```

#### Contract

[MIMSpell2_exp.sol](src/test/2024-01/MIMSpell2_exp.sol)

#### Link reference

https://twitter.com/kankodu/status/1752581744803680680

https://twitter.com/Phalcon_xyz/status/1752278614551216494

https://twitter.com/peckshield/status/1752279373779194011

https://phalcon.blocksec.com/explorer/security-incidents

---

### 20240129 PeapodsFinance - Reentrancy

### Lost: ~1K $DAI

```
forge test --contracts ./src/test/2024-01/PeapodsFinance_exp.sol -vvv
```

#### Contract

[PeapodsFinance_exp.sol](src/test/2024-01/PeapodsFinance_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/eth/0x95c1604789c93f41940a7fd9eca11276975a9a65d250b89a247736287dbd2b7e

---

### 20240128 BarleyFinance - Reentrancy

### Lost: ~130K

```
forge test --contracts ./src/test/2024-01/BarleyFinance_exp.sol -vvv
```

#### Contract

[BarleyFinance_exp.sol](src/test/2024-01/BarleyFinance_exp.sol)

#### Link reference

https://phalcon.blocksec.com/explorer/security-incidents

https://www.bitget.com/news/detail/12560603890246

https://twitter.com/Phalcon_xyz/status/1751788389139992824

---

### 20240127 CitadelFinance - Price Manipulation

### Lost: ~93K

```
forge test --contracts ./src/test/2024-01/CitadelFinance_exp.sol -vvv
```

#### Contract

[CitadelFinance_exp.sol](src/test/2024-01/CitadelFinance_exp.sol)

#### Link reference

https://medium.com/neptune-mutual/how-was-citadel-finance-exploited-a5f9acd0b408

---

### 20240125 NBLGAME - Reentrancy

### Lost: ~180K

```
forge test --contracts ./src/test/2024-01/NBLGAME_exp.sol -vvv
```

#### Contract

[NBLGAME_exp.sol](src/test/2024-01/NBLGAME_exp.sol)

#### Link reference

https://twitter.com/SlowMist_Team/status/1750526097106915453

https://twitter.com/AnciliaInc/status/1750558426382635036

---

### 20240122 DAO_SoulMate - Incorrect Access Control

### Lost: ~319K

```
forge test --contracts ./src/test/2024-01/DAO_SoulMate_exp.sol -vvv --evm-version 'shanghai'
```

#### Contract

[DAO_SoulMate_exp.sol](src/test/2024-01/DAO_SoulMate_exp.sol)

#### Link reference

https://twitter.com/MetaSec_xyz/status/1749743245599617282

---

### 20240117 BmiZapper - Arbitrary external call vulnerability

### Lost: ~114K

```
forge test --contracts ./src/test/2024-01/Bmizapper_exp.sol -vvv
```

#### Contract

[BmiZapper_exp.sol](src/test/2024-01/BmiZapper_exp.sol)

#### Link reference

https://x.com/0xmstore/status/1747756898172952725

---

### 20240115 Shell_MEV_0xa898 - lack of access control

### Lost: ~1K $BUSD

```
forge test --contracts ./src/test/2024-01/Shell_MEV_0xa898_exp.sol -vvv
```

#### Contract

[Shell_MEV_0xa898_exp.sol](src/test/2024-01/Shell_MEV_0xa898_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/bsc/0x24f114c0ef65d39e0988d164e052ce8052fe4a4fd303399a8c1bb855e8da01e9

---

### 20240112 SocketGateway - Lack of calldata validation

### Lost: ~3.3Million $

```
forge test --contracts ./src/test/2024-01/SocketGateway_exp.sol -vvv --evm-version shanghai
```

#### Contract

[SocketGateway_exp.sol](src/test/2024-01/SocketGateway_exp.sol)

#### Link reference

https://twitter.com/BeosinAlert/status/1747450173675196674

https://twitter.com/peckshield/status/1747353782004900274

---

### 20240112 WiseLending - Bad HealthFactor Check

### Lost: ~464K

```
forge test --contracts ./src/test/2024-01/WiseLending02_exp.sol -vvv --evm-version shanghai
```

#### Contract

[WiseLending02_exp.sol](src/test/2024-01/WiseLending02_exp.sol)

#### Link reference

https://twitter.com/danielvf/status/1746303616778981402

---

### 20240110 Freedom - lack of access control

### Lost: 74 $WBNB

```
forge test --contracts src/test/2024-01/Freedom_exp.sol -vvv
```

#### Contract

[Freedom_exp.sol](src/test/2024-01/Freedom_exp.sol)

#### Link reference

https://app.blocksec.com/explorer/tx/bsc/0x309523343cc1bb9d28b960ebf83175fac941b4a590830caccff44263d9a80ff0

---

### 20240110 LQDX - Unauthorized TransferFrom

### Lost: unknown

```
forge test --contracts src/test/2024-01/LQDX_alert_exp.sol -vvv
```

#### Contract

[LQDX_alert_exp.sol](src/test/2024-01/LQDX_alert_exp.sol)

#### Link reference

https://twitter.com/SlowMist_Team/status/1744972012865671452

---

### 20240104 Gamma - Price manipulation

### Lost: ~6.3M

```
forge test --contracts ./src/test/2024-01/Gamma_exp.sol -vvv
```

#### Contract

[Gamma_exp.sol](src/test/2024-01/Gamma_exp.sol)

#### Link reference

https://twitter.com/officer_cia/status/1742772207997050899

https://twitter.com/shoucccc/status/1742765618984829326

---

### 20240102 MIC - Business Logic Flaw

### Lost: ~500K

```
forge test --contracts ./src/test/2024-01/MIC_exp.sol -vvv
```

#### Contract

[MIC_exp.sol](src/test/2024-01/MIC_exp.sol)

#### Link reference

https://x.com/MetaSec_xyz/status/1742484748239536173

---

### 20240102 RadiantCapital - Loss of Precision

### Lost: ~4,5M

```
forge test --contracts ./src/test/2024-01/RadiantCapital_exp.sol -vvv
```

#### Contract

[RadiantCapital_exp.sol](src/test/2024-01/RadiantCapital_exp.sol)

#### Link reference

https://neptunemutual.com/blog/how-was-radiant-capital-exploited/

https://twitter.com/BeosinAlert/status/1742389285926678784

---

### 20240101 OrbitChain - Incorrect input validation

### Lost: ~81M

```
forge test --contracts ./src/test/2024-01/OrbitChain_exp.sol -vvv
```

#### Contract

[OrbitChain_exp.sol](src/test/2024-01/OrbitChain_exp.sol)

#### Link reference

https://blog.solidityscan.com/orbit-chain-hack-analysis-b71c36a54a69

---

### View Gas Reports

Foundry also has the ability to [report](https://book.getfoundry.sh/forge/gas-reports) the `gas` used per function call which mimics the behavior of [hardhat-gas-reporter](https://github.com/cgewecke/hardhat-gas-reporter). Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.

Every poc in this repository can produce a gas report like this:

```bash
forge test --gas-report --contracts -vvv
```

For Example:
Let us find out the gas used in the [Audius poc](src/test/2022-07/Audius_exp.sol)

**Execution**

```bash
forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv
```

_Demo_

![](./AudiusPocGasReport.gif)

### Bug Reproduce

Moved to [DeFiVulnLabs](https://github.com/SunWeb3Sec/DeFiVulnLabs)

### FlashLoan Testing

Moved to [DeFiLabs](https://github.com/SunWeb3Sec/DeFiLabs)