Reproduced Exploits

AISOTH Presale Exploit — Same-Tx Buy+Claim of Below-Market Inventory, Dumped Into the Live AIS/USDT Pair

Loss · 30,314.76 USDT profit to the attacker (30314760842915494215340 wei), extracted from the A…

1. Presale (Presale.sol) sells AIS for USDT at a fixed administrative price of price = 35e15 (i.e. $0.035 per AIS, Presale.sol:58-59). It holds a real inventory of AIS d…

Ambient (CrocSwap) Exploit — Native-ETH Surplus Settlement Drained via a Self-Dealt Grid-Walk + Range Harvest

Loss · ~33.72 WETH + ~55,913.81 USDC extracted from Ambient's ETH/USDC pool in a single tx (33.7…

1. Ambient (CrocSwap) is a single-contract concentrated-liquidity AMM. Every user action — swap, mint, burn, harvest — is dispatched as a userCmd(callpath, cmd) into one…

ATM LP-Burn Exploit — Misplaced LP Tokens Are Burn-Redeemable by Anyone via PancakeV2 `burn()`

Loss · 1,603.99 WBNB redeemed out of the ATM/WBNB pair (~$1.6M-class drain of the pool's WBNB si…

1. The ATM/WBNB pair is a stock PancakeSwap V2 pair (PancakePair, Solidity 0.5.16). Its burn(address to) function redeems liquidity equal to balanceOf[address(this)] — i…

ATM Token Exploit — Per-Address Anti-Whale Guards Sidestepped by 30 Sybil "Farmer" Clones

Loss · ~$243,543 USDT gross drained from the ATM/USDT PancakeSwap pair in the cash-out tx (attac…

ATMToken is a PancakeSwap-listed "tax token" with a thick layer of anti-whale / anti-bot protections bolted onto its custom _transfer() (contracts_ATMToken.sol:85-210).…

Aztec Connect (V3) Exploit — `numRealTxs` proof-vs-settlement coverage mismatch

Loss · ~$2.19M total drained from the dormant Aztec Connect privacy bridge. This PoC reproduces…

1. RollupProcessorV3.decodeProof() (Decoder.sol:281) computes the publicInputsHash by SHA256-hashing the transaction data in full inner-rollup chunks. The number of non-…

Aztec Escape-Hatch Exploit (variant 2) — Unconstrained Inner `proof_id` Witness

Loss · educational reproduction (the Connect contracts were already drained via exp1); disclosur…

Per the embedded root cause: escape_hatch_circuit.cpp publishes the inner proof id with public_witness_ct(&composer, 0); // proof_id. public_witness_ct() makes the value…

Aztec V1 Escape-Hatch Exploit — Unbacked Withdrawals via Verifier-Trusted Rollup Proofs

Loss · ~$2.2M — 1,158 ETH + 150,000 DAI + 0.46963295 renBTC drained from the Aztec V1 rollup's p…

1. The Aztec V1 rollup exposes escapeHatch(bytes proofData, bytes signatures, bytes viewingKeys) (contracts_RollupProcessor.sol:347-356) — a permissionless exit path. Un…

BOSS Exploit — Helper Mint/Burn Drains the Pair's BOSS Reserve, then a Degenerate-Reserve Swap Loop Empties the USDT Side

Loss · ~10,207.54 USDT (PoC nets 10,210.15 USDT to the attacker EOA) drained from the BOSS/USDT…

1. The attacker borrows 1,250,000 USDT from a Moolah flash loan (output.txt:67) and enters its own onMoolahFlashLoan callback. 2. It calls the privileged BOSS helper's u…

BY Token Exploit — Permissionless `triggerAutoBurn()` Pool-Reserve Drain

Loss · ~$87,402 — 146.60 WBNB drained from the BY/WBNB PancakeSwap pair

BYToken is a deflationary token whose _autoBurn() routine, when the token contract's own balance is insufficient, burns BY tokens directly out of the AMM pair's balance…

DIP Exploit — Fee-on-Sell Transfer + `skim`/`sync` Reserve-Collapse on the DIP/AIC Pair

Loss · ~111,097.59 USDC (PoC header); the trace asserts 111,102.04 USDC profit drained from the…

1. DIP is a PancakeSwap-traded ERC20 with a custom _transfer override (contracts_flatten_nexus_dip.sol:1702-1732) that charges a 6% sell fee (sellFee = 6) on any transfe…

DLMC Exploit — Reserve-Derived `livePrice` Self-Inflation Drains the Token's Own USDT Backing

Loss · ~$222,560 — 222,560.22 USDT drained from DLMCToken's own USDT reserve (output.txt:337); t…

1. DLMCToken is an MLM-style "investment" token. Users buy() LPT with USDT, which is kept inside the token contract, and later sell() LPT back for USDT. The redemption p…

DTXT Exploit — 1-Wei USDT Donation Misclassifies a Sell as a Liquidity Add (Fee Bypass + Stale-Reserve Drain)

Loss · ~35,041.11 USDT drained from the DTXT/USDT PancakeSwap pair (the pool's entire ~35,637 US…

1. DTXT is a fee-on-transfer token. On a sell (a transfer to the AMM pair) it skims a 5% destroy/dividend fee in _transfer (DTXT.sol:933-940). But before charging any fe…

JB Exploit — Gateway-Driven `sell → PoolBurn(pool) + sync()` AMM-Reserve Drain (Venus-leveraged)

Loss · 49,958.06 USDT — drained from the JB/USDT PancakeSwap pair via the JB gateway (BSC; 18-de…

1. The attacker takes a free WBNB flash loan of 417,464.10 WBNB from a permissionless flash lender (output.txt:1646), supplies all of it to Venus as collateral (vWBNB.mi…

LBP (Little Boy Plus) Exploit — Reserve-Manipulated LP-Credit Inflates Mining Rewards Minted Into the Pool

Loss · 610.56 BNB total (≈ 592.41 BNB to the profit receiver + 5 BNB builder tip + gas/dust). Ne…

1. LBP is an immutable ERC-20 whose mining/hashrate accounting lives in a sibling contract LBPHashrate. Adding LP to the LBP/USDT pair grants the LP source hashrate, and…

NovaBox Exploit — Stale Dividend Checkpoint on Join + Constructor `extcodesize` Bypass

Loss · 56.73 ETH drained from the NovaBox dividend pot (~56.729621359923131444 ETH net profit as…

1. NovaBox is a 2018-era "ETH+NOVA dividend box" written in Solidity 0.4.25. Depositing ETH or NOVA levies an 11% fee; the fee is distributed to existing dual-asset depo…

OLPC Exploit — Owner `decimalsValue` Misconfig Amplifies Pair-Side Burn → `amountIn=0` Supporting-Fee Drain

Loss · ~1,115,903.66 USDT drained — the OLPC/LABUBU pair's LABUBU reserve was routed out through…

1. OLPCToken overrides ERC20 _update (OLPCToken.sol:1403-1481). When OLPC leaves the PancakeSwap pair (from == swapPair), the hook burns value decimalsValue OLPC out of…

RoyalRoyalties Exploit — Zero-Amount ERC-1155 Batch Transfer Inflates `tierBalanceOf` 100×

Loss · 261,162.93 USDC — drained from the Royalties payout float on Polygon

1. Royal1155LDA is an ERC-1155 that keeps a custom per-tier balance ledger (_BALANCES_[tierId][owner]) on top of standard ERC-1155 balances. The Royalties contract reads…

Thetanuts Exploit — Zero-Cost Index-Vault `mint()` via Rounding-Down Component Deposits

Loss · 105,471.50 USDC drained (plus residual AVAX/BNB/MATIC component-vault shares forwarded to…

1. The Thetanuts index vault is an "index of vaults": one index share is backed by a pro-rata basket of component vault shares (BTC-USD, ETH-USD, AVAX-USD, BNB-USD, MATI…

Thetanuts Finance Exploit — Integer-Division Truncation in `mint()` After the Vault Is Drained to ~0 `totalSupply`

Loss · ~$2.1M real-world (≈$2M rescued by a whitehat per the post-mortem). The reproduced PoC re…

1. The vault is a basket-share token: holding one share entitles you to a pro-rata slice of five underlying option tokens. mint(amount) is supposed to pull a deposit of…

TOP Exploit — Aragon Instant-Execution Governance Self-Mint + Balancer BPool Drain

Loss · 944.195477215074054197 WETH (~944.20 WETH) drained from the Balancer TOP/WETH BPool; atta…

1. TOP governance is built on Aragon: an AppProxyUpgradeable-fronted Voting app whose execution scripts run with the TokenManager's MINT_ROLE, plus a TokenManager exposi…

WHALE Exploit — Flash-Inflated AMM Reserve → Mining-Hashrate Over-Credit Drain

Loss · ~$3,460 — 3,460.42 USDT forwarded to the attacker EOA after repaying every borrow (output…

1. WHALE is a deflationary BSC token bolted onto a "mining / hashrate" reward engine. Adding liquidity to the WHALE/USDT pair credits the LP-adder a hashrate balance in…

Adshares Bridge Exploit — Compromised Minter Key Fabricates Cross-Chain Mints

Loss · ~$628K — 1,199,999.81 wADS minted from nothing (3 fake "wrap" mints)

WrappedADS is the Ethereum side of the Adshares cross-chain bridge. The native ADS chain is supposed to be the source of truth: a user locks ADS natively, an off-chain r…

AROS Exploit — Leaked `claimSigner` Key + AMM-Reserve Drain via Signed Claims

Loss · ~$295,314 — 295,314.04 USDT drained from the AROS/USDT PancakeSwap pair (the pool's entir…

AROS is a UUPS-upgradeable ERC20 with an EIP-712 signed claim system. Four claim entry points (claimPrincipal, claimYield, claimLucky, claimContribution) let a user pull…

DxSale Liquidity-Locker Exploit — Stealthy Ownership Takeover + Privileged Drain (~$7.3M BNB)

Loss · ~$7.3M in BNB across 1,400+ locked LP positions (per public post-mortems)

DxSale's liquidity lockers are custodial: users send their LP tokens to a locker contract and trust the contract to refuse withdrawals until each user's timelock elapses…

Ekubo Protocol Exploit — Flash-Accounting `pay()` Funded From a Victim's Standing Approval

Loss · ~$1.4M — 17.0 WBTC (1,700,000,000 at 8 decimals) drained from a single approving user

Ekubo is a singleton-style concentrated-liquidity DEX (the "all the tokens live in one Core contract" design, like Uniswap V4). All interactions happen inside a flash-ac…

ElevateFi Exploit — Fixed-USD Staking Packages Priced from Spot DAI/EFI Reserves

Loss · ~$16,000 — 6,264.86 EFI paid out of the ElevateFi staking vault (asserted profit 62648645…

1. ElevateFi's staking implementation lets a user open a fixed-USD package (e.g. package 7 = $25,000) by calling stakeEFI(packageId) (Staking_Implementation.sol#L1575-L1…

Fractal Protocol Exploit — Stale-Price / Retroactive-Yield Arbitrage via Permissionless `compute()`

Loss · 13,707.72 USDC.e (13,707,715,574 raw, 6 dp) — ≈ $13.7K, the entire withdrawal buffer + ac…

Fractal's Vault is a yield-bearing wrapper: you deposit() USDC.e and receive USDF receipt tokens priced at an internal tokenPrice (≈ how many USDC.e one USDF is worth).…

Huma Finance Exploit — Evaluation-Agent Approval Bypass via `refreshAccount()`

Loss · ~$101,390 — 82,315.571243 USDC + 19,074.730601 USDC.e drained from three Huma credit pool…

1. Huma Finance runs on-chain credit pools where large credit lines are supposed to be gated behind a privileged off-chain underwriter, the Evaluation Agent (EA). Only t…

INK Finance Exploit — Flash-Loan-Inflated, Permissionless `claimPayroll()` Treasury Drain

Loss · ~$140,180 — 140,180.175562 USDT0 (the treasury's entire balance)

INK Finance is a Polygon "on-chain payroll / DAO treasury" product. Employees are paid out of a shared Treasury vault. The Payroll contract exposes claimPayroll(uint256…

Joe Agent (JOE) Exploit — `removeLiquidityViaContract` Reentrancy on Pooled LP Custody

Loss · ~$45K — 62.5 BNB + 1,848,087 JOE drained from the protocol's pooled LP

JoeAgentToken lets users "zap" native BNB into a JOE/WBNB LP position that is custodied by the token contract itself and merely credited to the user via lpInfo[user].lpA…

LegendaryMoneyMonNft Exploit — `cliamRewred()` Signature Bypass via `ecrecover` → `address(0)` == `admin`

Loss · ~$85,519 — 24,306.53 MON drained from the NFT contract, swapped to 85,519.47 USDT

LegendaryMoneyMonNft.cliamRewred() lets any caller pull an arbitrary ERC20 amount out of the contract, gated only by an off-chain admin signature checked through verify(…

MAP Protocol Exploit — Unverified `retryMessageIn` Forges a Cross-Chain Message to Mint 1e33 MAPO

Loss · ~$180K — 1,000,000,000,000,000 MAPO (1e15 MAPO = 1e33 wei) minted out of thin air to the…

MAP Protocol's OmniService bridge (MOSV3) accepts inbound cross-chain messages through messageIn(...), which is gated by a light-client proof (lightNode.verifyProofDataW…

MetaSea (SEA Token) Exploit — `redeemPosition()` Over-Pays From an Unguarded Reward Distributor

Loss · ~$110K total across the attacker campaign — this single tx nets 13,904.94 USDT and drains…

MetaSea is a USDT "IDO / staking round" product. A user calls openPosition(usdtAmount, …) to deposit USDT; the MetaSea Round contract buys SEA, records the position, and…

Mure Distribution Exploit — Attacker-Controlled `source` Forges Both Verifier and Signature

Loss · ~5.45 ETH (≈ 4,848,683.8 QUEST drained from the victim, swapped to 5.4511 WETH)

MureDistribution is meant to let a user redeem a "distribution" of ERC-20 tokens that was authorized by a trusted pool's signer. The flaw is that nothing about the autho…

New Market Trading Exploit — Payload-Forgery Drain via Axelar "Express" Path on a Gnosis Safe Module

Loss · ~$3.98M total across 88 Gnosis Safes on Ethereum / Base / Arbitrum. This PoC drains one E…

SquidRouterModule is a Gnosis Safe module that lets a Squid/Axelar cross-chain message drive swap/approve actions on a Safe that has installed the module. It inherits Ax…

Renegade Darkpool Exploit — Re-Initializable Proxy → Attacker-Controlled `delegatecall`

Loss · ~$210K — 26 ERC-20 tokens drained from the Darkpool. Largest: 104,383.59 USDC + 0.3466 WB…

The Renegade Darkpool is an upgradeable proxy whose logic lives in an Arbitrum Stylus (Rust) implementation. Its initialize(...) function — which records core protocol a…

SKP Token Exploit — Owner Backdoor `ownerBurnLiquidityPairTokens()` Reserve Drain → Collateral Price Inflation

Loss · ~$212K USD — BTCB + USDT borrowed against artificially-inflated SKP collateral on Venus/L…

SKP is a fee-on-transfer "deflationary" BSC token whose owner retained a hidden backdoor: ownerBurnLiquidityPairTokens(uint256) (selector 0x4eb9b26d). When called by the…

SKP/USDT Exit-Scam Drain — Pre-Positioned 96.8%-of-Supply "Whitelist" Treasury + Pool Drain

Loss · ~$212,195 USDT on-chain / +233,967.42 USDT net in this PoC (no flash-loan fees) — the SKP…

This is not a conventional external hack — it is an exit scam with a vulnerability-shaped cover story, and the on-chain record proves it. Three facts establish that the…

SQ Token Staking Exploit — Hardcoded Owner Backdoor + Self-Minting Staking Rewards

Loss · ~$346.1K — 346,137.03 USDT drained from the staking contract and its SQi/USDT pool

Staking is an Ownable-derived staking/MLM contract. Its _checkOwner() was modified away from the standard OpenZeppelin implementation to add a second, hardcoded address…

Squid Router Module Exploit — Caller-Supplied Delegate on the Permissionless Axelar Express Path

Loss · 0.25361701 WBTC + 0.293599251 wTAO + ~0.0221 ETH (wrapped) + 0.000000000000001215 WETH —…

1. SquidRouterModule is an enabled module on a Gnosis Safe. It can drive the Safe (execTransactionFromModule) to approve tokens and route swaps — but only after it check…

TesseraSwap Exploit — CEI Violation: Treasury Pays the Output Token Before Collecting the Input Token

Loss · 13,065,334 USDC (6-decimals raw) ≈ $13.07 of USDC siphoned from the Tessera treasury per…

1. TesseraSwap.tesseraSwapWithCallback (src_TesseraSwap.sol:46-65) is a router-style swap: a caller specifies (tokenIn, tokenOut, amountSpecified, …), an off-chain "Tess…

TrustedVolumes Exploit — Permissionless Signer Registration + Wrong-Key Authorization Drains an RFQ Settlement Proxy

Loss · ~$5.87M USD — 1,291.16 WETH + 206,282.45 USDT + 16.939 WBTC + 1,268,771.49 USDC drained f…

TrustedVolumes runs an RFQ (request-for-quote) settlement proxy. A signed order says: a maker gives makerAmount of makerAsset, a taker gives takerAmount of takerAsset. T…

Verus–Ethereum Bridge Exploit — Forged Cross-Chain Import With No Source-Amount Validation

Loss · ~$11.58M — 1,625.367 ETH + 103.568 tBTC + 147,658.84 USDC drained from the bridge's Ether…

Verus is a PBaaS blockchain whose Ethereum bridge lets users move value between Verus and Ethereum. To release funds on Ethereum, the bridge requires a cross-chain impor…

WUSD Exploit — Sybil-Farmable `_englove()` Reward Mint + Thin-Pool GLO Drain

Loss · Reported ~$200K-class incident (free GLOVE emissions + LP drain across the on-chain campa…

WUSD.wrap() mints WUSD against a stablecoin (USDT/USDC) and, as a reward, calls the internal _englove() routine to mint free GLOVE (contracts_WUSD.sol:309-318).

YSDAO Exploit — Balance-vs-Reserve "Add/Remove Liquidity" Tax Bypass + Permissionless `Staking.sync()` Price Pump

Loss · ~19,490.91 USDT (≈ $19.49K) extracted from the YSDAO/USDT PancakeSwap V2 pair

YSDAO is a "fee-on-transfer" token. To avoid taxing legitimate LP mint/burn, its transfer hook tries to guess whether a pair-side transfer is a buy, a sell, an add-liqui…

Juicebox REVLoans Exploit — Trust-on-First-Use of a Caller-Supplied Loan Source Inflates Borrowable Surplus

Loss · ~21.76 ETH — 21.764969886576733610 ETH drained from Juicebox revnet #3's treasury via JBM…

1. REVLoans.borrowFrom() (src_REVLoans.sol:483-560) lets anyone open a loan against a revnet, passing a REVLoanSource{token, terminal} struct of their own choosing. The…

Kipseli PropAMM Exploit — USD-Scale Quote Misread as cbBTC Token Units

Loss · 0.92610395 cbBTC (raw 92,610,395, 8 decimals) drained from a Kipseli-controlled cbBTC hol…

1. PropAMMWrapper.swap(tokenIn, amountIn, tokenOut, minOutAmount, recipient) (src_PropAMMWrapper.sol#L34-L41) is a thin front-end to an external "PropAMM" pricing engine…

MONA / LisaVault Exploit — Self-Referral Node Farming + Insider LP Drain

Loss · 20,357.8 USDT net to the attack contract + 10,000 MONA dividends, sourced from (a) 25,831…

LisaVault sells "nodes." Each node:

PerpPair Exploit — Self-Dealt LP/Trader Pair Inflates Curve-Priced PnL out of the Shared Vault

Loss · 165,617.735181 USDC net profit asserted by the PoC (the real-world incident is quoted at…

PerpPair is a perpetuals AMM. Liquidity providers and traders both post USDC into one shared Vault; profit and loss are settled against that single pool. A position's Pn…

RWAVault Exploit — Overridden `ERC4626.withdraw` Drops the Allowance Spend

Loss · 398,655.47 USDC total vault outflow (392,763.999994 USDC principal pulled to the attacker…

1. RWAVault is an ERC4626 "real-world-asset" vault that custodies depositors' USDC, mints them shares, and pays monthly interest. At maturity, depositors call withdraw/r…

Saturn Protocol (sUSDat) — Withdrawal Freeze via `strcBalance`/`vestingAmount` Desync + 33% PROCESSOR Extraction

StakedUSDat tracks two pieces of accounting that must stay coupled but are updated by different functions:

Singularity dynBaseUSDCv3 Exploit — `totalAssets()` Inflation via a Mis-Configured (Fee-Tier-42 / Zero-Liquidity) Oracle Path

Loss · ~$413,132 — 413,132.022315 USDC drained from the vault's reserves, plus ~31,174 residual…

PermissionedDynaVault (deployed as dynBaseUSDCv3) is an ERC-4626-style multi-asset vault. Its totalAssets() sums the USDC value of every reserve token, pricing each non-…

Squid `SquidMulticall` Exploit — Arbitrary-Target `Default` Call Turns an Approved Multicall into a Universal `transferFrom` Proxy

Loss · 1.0 ETH (Binance-Peg ETH, 0x2170…33F8) drained from the victim in the reproduced transact…

1. SquidMulticall.run(Call[] calls) (contracts_router_SquidMulticall.sol#L18-L48) is a fully permissionless entry point: it iterates over a caller-supplied array of Call…

SubQuery (SQT) Exploit — Unprotected `Settings.setBatchAddress()` Role Hijack

Loss · 218,070,478.035174175990999309 SQT (~218.07M SQT) transferred to the attacker, plus a 0.1…

1. SubQuery routes every privileged-role lookup through a single Settings registry. The Staking contract decides "who is allowed to call me" by reading settings.getContr…

Thetanuts BTC/USD Vault Exploit — ERC4626-Style First-Depositor Share Rounding at `totalSupply() == 0`

Loss · 0.15177162 WBTC (15,177,162 sats) drained from the Thetanuts BTC/USD vault's pre-existing…

1. The Thetanuts BTC/USD covered-call vault at 0x80b8EEb3… was in a degenerate state: it held 15,179,557 sats of WBTC (output.txt:1592) while its totalSupply() was 0 (ou…

xLOOT Staking Exploit — Duplicate NFT IDs in `redeem(uint256[])` Claim the Same Epoch Reward Repeatedly

Loss · 6.21 ETH total in the live incident; the extracted PoC nets 4.110409994732514492 ETH prof…

1. xLOOT stakers earn a weekly epoch reward. Each xLOOT NFT can claim a fixed earning-per-NFT (epn) for every epoch it has not yet redeemed. A per-NFT cursor xloot.nextR…

AlkemiEarn Exploit — Self-Liquidation Storage-Aliasing Collateral Duplication

Loss · 43.4540 ETH (~$43.45k+ at the time) drained from the AlkemiEarn WETH market

AlkemiEarn is a Compound-style money market (a hard fork of Compound v1 era code). Its liquidateBorrow (AlkemiEarnPublic.sol:3444) lets a liquidator repay an underwater…

Curve LlamaLend (Inverse Finance sDOLA market) Exploit — Oracle / Band Manipulation Mass-Liquidation

Loss · ~$240,000 — extracted as 227,325.57 DOLA + 6.94 WETH

Curve LlamaLend is a lending market where collateral is continuously, automatically "soft-liquidated" inside a specialised AMM (LLAMMA) as the collateral price falls: as…

EST / BNBDeposit Exploit — `skim()`-Fed Proportional Reward Drain + AMM Reserve Manipulation

Loss · 150.16 WBNB (~150.2 WBNB per the incident header) — the entire WBNB reserve of the EST/WB…

BNBDeposit is a referral/LP-staking contract for the EST token. When a user transfers exactly 1 EST to it, the EST token calls back BNBDeposit.onTokenReceived(), which p…

Venus (vTHE) Exploit — Donation-Inflated Exchange Rate + `borrowBehalf` Drains a Victim's Pre-Approved Delegate

Loss · 913,858.26 CAKE + 1,972.53 WBNB borrowed onto the victim's account and walked off by the…

Venus is a Compound-V2 fork. A vToken's collateral value is vTokenBalance × exchangeRate × price × LTV, and the exchange rate is computed as

Whalebit Oracle Manipulation Exploit — Spot-Priced Level Staking Round-Trips a Manipulable Algebra Pool

Loss · 9,745.17 CES net intra-transaction profit (150,701.56 − 140,956.39 CES), drained out of W…

1. Whalebit sells fixed-size "levels". A user calls staking.deposit(level) and pays a fixed CES sticker amount for that level (level 12 = 6,426.84 CES, returned by level…

LAXO Token Exploit — Uncompensated Pool-Side Burn on Every Sell Breaks `x·y = k`

Loss · ~137,320 USDT (BSC-USD) drained from the LAXO/USDT PancakeSwap pair

LAXOToken is a deflationary "tax token." Whenever someone sells (transfers LAXO to the PancakeSwap pair), its _transfer override doesn't just tax the seller — it burns u…

Moonwell cbETH Oracle Incident — Mispriced Collateral Enables Near-Free Liquidation

Loss · ~$1.78M protocol-wide bad debt (cbETH $1.03M, WETH $479K, USDC $233K, EURC, cbBTC, cbXRP,…

Moonwell (a Compound-v2 fork on Base) values collateral and debt for liquidations through its ChainlinkOracle. For cbETH that oracle reads a ChainlinkOEVWrapper, which i…

XDK Exploit — Sell-Path "Recycle" Removes XDK from the Live Pair and `sync()`s

Loss · ~6.84 WBNB — 6.840316534082275362 WBNB (~$3–4K) forwarded to the attacker EOA, sourced fr…

1. XDK is a fee-on-transfer "deflationary + dividend" token on BSC. Its uniswapV2Pair is the live XDK/GPC PancakeSwap pair (GPC, ticker for the AMMToken contract, is the…

FutureSwap Perpetual Drain — Fee Unit-Mismatch (`addFee` token-units interpreted as bps/share)

Loss · ~394,742.852305 USDC.e net attacker profit; victim drained of 197,436.748947 USDC.e of st…

FutureSwap is a perpetual-swap engine. A user calls changePosition(deltaAsset, deltaStable, stableBound) to open/close/resize a position; the engine swaps the asset leg…

Makina Finance Exploit — Self-Referential AUM Oracle Manipulation via Permissionless Re-Accounting

Loss · ~$5.1M USDC drained from the DUSD/USDC pool (PoC reproduces $4,304,016 net profit over tw…

Makina is an on-chain asset-management vault. Users deposit USDC and receive DUSD (the MachineShare token). DUSD's "fair value" is the vault NAV per share: lastTotalAum…

MT Token Exploit — Fee-on-Transfer Overcharge Drains the AMM Pair via `skim()`+`sync()`

Loss · ~36,995.24 USDT net pool loss (gross USDT pulled from pair: ~226,722.24 USDT, the rest re…

MetaverseToken (MT) is a fee-on-transfer ERC20. On a normal transfer it takes a 5% fee (transactFeeValue = amount × 5 / 100) and is supposed to split that 5% among three…

PRXVT Staking Exploit — Transferable Reward-Receipt Token Resets `userRewardPerTokenPaid`

Loss · ~32.8 ETH (drain of the PRXVT staking reward reserve; reward reserve at the fork block ≈…

PRXVTStaking is a Synthetix-style staking contract whose receipt token stPRXVT is a plain, freely-transferable OpenZeppelin ERC20 (the contract is ERC20). Rewards are ac…

SynapLogic Exploit — Uncapped Cumulative Refunds in the Token Sale `buy` / `swap` Path

Loss · ~27.65 ETH (ETH attack) + ~3,450 USDC (USDC attack) — entire sale-contract balances; a th…

The SynapLogic presale lets a buyer purchase the project token while nominating a list of referral / refund recipients, each receiving some percentage of the buyer's own…

Truebit Exploit — Inverted `getPurchasePrice` Lets Anyone Buy TRU For Free, Then Sell For ETH

Loss · 8,539.41 ETH drained from the bonding-curve pool (the PoC starts with 1 ETH and ends with…

Truebit's bonding-curve pool prices TRU purchases with a function getPurchasePrice(amount) whose arithmetic is inverted: instead of returning numerator / denominator, it…

yETH Weighted-StableSwap Exploit — Invariant Rounding Drift Mints Unbacked LP

Loss · ~$9M — the pool's entire LSD reserve: ~2,587 ETH-equivalent across 8 liquid-staking tokens

The yETH pool is a Curve-style weighted stableswap whose invariant D (a.k.a. supply) is solved iteratively in _calc_supply() and whose per-asset terms use a rounded _pow…

Balancer V2 Exploit — ComposableStablePool Rounding-Error Drain via Rate-Scaled `_upscale`/`_downscale`

Loss · ~$120M total across many affected ComposableStablePools (BlockSec/SlowMist figures). This…

Balancer V2 prices every pool in 18-decimal fixed point. To do so it upscales raw token amounts by a per-token scalingFactor, runs StableMath on the scaled values, then…

DRLVaultV3 Exploit — Self-Referential Slippage Lets a Manipulated Pool Set Its Own "Minimum Out"

Loss · ~$100,000 — the vault's full 100,000 USDC balance, swapped for 0.0001205 WETH (≈ $0.43)

DRLVaultV3 is an automated Uniswap-V3 liquidity-management vault. To rebalance, it swaps USDC into WETH via swapToWETH(). That function is:

Moonwell Exploit — Corrupted wrsETH Oracle ⇒ Borrow ~$88K Against ~$0.07 of Collateral

Loss · ~$1M total across Moonwell markets; the reproduced single transaction nets 24.92 WETH ≈ $…

Moonwell prices its wrsETH collateral with a ChainlinkCompositeOracle that multiplies an ETH/USD feed by a "wrsETH→ETH exchange-rate" feed (ChainlinkCompositeOracle.sol:…

MIM Spell ("MIMSpell3") Exploit — Collateral-Free MIM Mint from Privileged Cauldrons

Loss · ~$1.7M — 1,793,766 MIM minted with no collateral, exited as 389.75 WETH

Abracadabra's CauldronV4 is the standard MIM lending engine: you cook() a sequence of actions — add collateral, borrow, repay, etc. A normal ACTION_BORROW sets a flag so…

Sharwa Finance Exploit — Margin Position Closed Against an Attacker-Manipulated Spot Pool (No Slippage Bound)

Loss · ~$146,000 total (real attack, multiple position cycles). This PoC reproduces one cycle, n…

Sharwa Finance is a margin-trading protocol. To open a "long WBTC" position the protocol borrows USDC from its LiquidityPool and swaps it for WBTC on Uniswap V3, sizing…

TokenHolder / BorrowerOperationsV6 Exploit — Privileged-Role Confused-Deputy Drain via `sell()`'s Arbitrary Call

Loss · 20 WBNB drained from the protocol's TokenHolder vault per sell() call (attacker netted 19…

TokenHolder is a small lending vault that holds WBNB and lends it out via privilegedLoan() — a function correctly guarded by onlyBorrowerRouter, so only an address holdi…

Kame Aggregator Exploit — Unvalidated `executor.call()` in `swap()` Drains User Approvals

Loss · 18,167.88 USD (USDC, 6 decimals — pulled from one approving user)

AggregationRouter is a DEX-aggregator router on Sei. To execute a swap it forwards the user's tokens to "an executor" and then performs a single, fully attacker-supplied…

NGP Token Exploit — Sell-Fee Burns NGP *Out of the Pair* and `sync()`s, Collapsing the AMM Reserve

Loss · ~493,467 USDT in this single simulated transaction (the campaign drained ~2M USDT total a…

NGP is a fee-on-transfer token. On every sell (any transfer where to == mainPair), its _update hook does something a token must never do: it moves the treasury fee + rew…

0x8d2e Exploit — Permissionless `uniswapV3SwapCallback` Drains the Contract's USDC

Loss · 40,000 USDC (≈ $40k) — the entire USDC balance of the victim contract

0x8d2e is some kind of trading/router contract that exposes a Uniswap-V3-style uniswapV3SwapCallback(int256 amount0Delta, int256 amount1Delta, bytes data). In a real Uni…

0xf340 VRF-Wrapper Exploit — Permissionless `initVRF()` Hijacks the LINK Payment Recipient

Loss · ~$4,000 — 160 LINK drained, swapped to 0.837736523415338256 ETH

0xf340 is a thin Chainlink VRF wrapper (a TransparentUpgradeableProxy delegating to implementation 0xd92A9110…). It holds a balance of LINK and, when randomness is reque…

ABCCApp Exploit — Permissionless `addFixedDay()` Vesting Time-Warp Drains the DDDD Reward Reserve

Loss · ~10,062 BUSD profit per cycle (≈ the protocol's DDDD reserve, sourced from prior deposito…

ABCCApp is a "deposit-and-earn" / referral scheme. A user deposits BUSD; the contract:

Bebop JAM Settlement Exploit — Signature-Bypass + Unconstrained Interactions Drain Stale Approvals

Loss · 20,069.560783 USDC (~$20.1K) drained from two pre-approving users; campaign total ≈ $21K

JamSettlement is the on-chain settlement engine for Bebop's "JAM" RFQ trading. A solver calls settle(order, signature, interactions, hooksData, balanceRecipient); the co…

Coinbase Fee-Account Drain — Confused-Deputy via 0x Settler `BASIC` Arbitrary Call

Loss · ~$300,000 total across multiple tokens. This PoC reproduces one leg: 105,493.58 ANDY drai…

The 0x Settler is a swap router that, by design, can be told to perform a raw external call to any address through its BASIC action (selector 0x38c9c147). The Settler is…

D3X AI Exploit — Proxy `exchange()` Prices D3XAT From A Manipulable PancakeSwap Spot Reserve

Loss · 190 BNB (≈ 135,919 USDT net intra-transaction profit, per the balance log)

D3X runs a small in-house "swap desk": a TransparentUpgradeableProxy exposing exchange(fromToken, toToken, amount) (first call: output.txt:1739). When you sell D3XAT int…

EverValueCoin (EVA) Exploit — Stale-Price Orderbook Settlement Arbitraged Against a Live AMM

Loss · 1.19331 WBTC drained from the order book (DeFiHackLabs header: ~$100k; ≈ $130k at the ~$1…

OrderBookFactory is a custom on-chain limit order book. When a new order matches a resting order, it settles instantly and atomically at the resting order's stored price…

Grizzifi Exploit — Sybil Milestone-Reward Farming via Self-Referral Chain

Loss · ~$61,000 USD on-chain (BSC-USD). The minimal PoC here nets +1,000 BSC-USD per round (600…

Grizzifi is a USDT (BSC-USD) staking / MLM-style protocol. Besides daily staking yield, it pays "team milestone" bonuses: when the count of people in your downline ("tea…

Hexotic (HEX-OTC) Exploit — Mispriced OTC Orders Arbitraged Against Uniswap-V3 Spot

Loss · ~$500 (the over-paid ETH escrowed in two mispriced orders). In this fork run the attacker…

HEXOTC is a tiny peer-to-peer OTC escrow for swapping ETH ⇄ HEX. A maker can lock ETH in the contract (an "ETH-escrowed" offer, escrowType == 1) declaring how much HEX t…

LUXERA (XERA) Exploit — Dangling Infinite Approval to Multicall3 Drained via `aggregate3`

Loss · ~$17K — 41.0347 WBNB drained from the XERA/WBNB PancakeSwap pair

The XERA token contract itself is a textbook OpenZeppelin-v5 ERC20 with fee/dividend extensions; its transferFrom/_spendAllowance are standard (ERC20.sol:154, ERC20.sol:…

PDZ / "TB Build" Exploit — Spot-Price `getAmountsOut` Reward Inflation

Loss · 3.3 BNB (per PoC @KeyInfo)

The PDZ ecosystem has a "burn-to-earn" mechanic. A user calls TOKENbnb.burnToHolder(amount, _invitation): they give up amount PDZ tokens (which get sent to the dead addr…

Size Credit `LeverageUp` Exploit — Arbitrary External Call via `GenericRoute` Swap Drains User Approvals

Loss · ~$19.7k — 20,000 PT-wstUSR-25SEP2025 drained from one approving user

LeverageUp is a "one-click leverage" helper on top of the Size Credit lending market. To build a leveraged position it has to swap tokens, and it supports several swap b…

WXC Token Exploit — Burn-From-Pool + `sync()` "Phantom Reserve" Drain

Loss · 37.55 WBNB net profit to the attacker (≈ the pool's honest WBNB liquidity, drained from t…

WXC is a sell-taxed, "deflationary" BEP-20. Its transfer logic treats a transfer to the LP pair as a sell, and as part of that path it burns the seller's net (post-tax)…

YuliAI Exploit — Buyback Priced off a Flash-Manipulated V3 Spot Price

Loss · ~$78,800 — 78,799.93 USDT drained from the YULIAI buyback contract

The contract at 0x8262…6282 is a YULIAI buyback desk: anyone can call sellToken(amount) to sell YULIAI to it, and it pays out USDT computed from the live YULIAI/USDT Pan…

FPC Token Exploit — Sell-Side `burnLpToken()` Drains the Pool's Own FPC Reserve

Loss · ~4.67M USDT (attacker net profit 4,671,608.07 USDT; reported headline ≈ $4.7M)

FPC is a "tax/deflation" token whose ERC-20 _update hook adds custom buy/sell logic. On a sell (any transfer into the FPC/USDT pair that the token classifies as a sell),…

GMX v1 Exploit — GLP Share-Price Manipulation via `globalShortAveragePrice`

Loss · ~$41M — GLP-pool reserves drained across 9 tokens (WETH, BTC/WBTC, USDC, USDe, LINK, UNI,…

GMX v1 prices its liquidity-provider token, GLP, off the Vault's Assets Under Management (AUM). For each non-stable token, AUM includes the aggregate unrealised PnL of a…

MulticallWithETH Exploit — Arbitrary-Call `aggregate()` Drains an Unlimited USDC Approval

Loss · ~10,536.89 USDC (10,536,885,633,853,077,370,507 wei, 18-dec USDC on BSC)

MulticallWithETH is a generic, Multicall3-style batch executor. Its core function aggregate() loops over a caller-supplied list of (target, callData, value, allowFailure…

RANT Token Exploit — Self-Transfer Triggers Un-compensated LP Reserve Burn

Loss · ~311.48 BNB (~$190K at the time) drained from the RANT/WBNB PancakeSwap pair

RANTToken is a "deflationary + auto-burn" meme token. Its _transfer override has a special branch: when a non-pair, non-whitelisted address sends RANT to the token contr…

Stepp2p Exploit — Double-Refund via `modifySaleOrder` on an Already-Cancelled Order

Loss · ~$43.8K — 43,782.41 USDT (BSC-USD) drained from the Stepp2p escrow contract

Stepp2p is a simple P2P USDT escrow: a seller deposits USDT into a sale order and the contract holds it until a buyer purchases or the seller cancels. The accounting rec…

SuperRare Staking Exploit — Permissionless `updateMerkleRoot()` + Single-Leaf Merkle Forgery

Loss · ~$730K — 11,907,874.713 RARE drained from the staking contract (its entire RARE balance)

RareStakingV1.updateMerkleRoot() is meant to be callable only by the owner or one whitelisted address. Its guard is written with the comparison inverted:

SWAPP Staking Exploit — Unchecked `transferFrom` Return Value Lets a Free `deposit` Mint Staking Balance, Then `emergencyWithdraw` Drains the Vault

Loss · ~$32,196.28 — 1,286,577.59 cUSDC (raw 128,657,759,164,064, 8 decimals) drained from the S…

Staking.deposit() accepts an arbitrary tokenAddress. For any token that is not one of the three hard-coded stablecoins (USDC/USDT/DAI), it takes the "else" branch and ca…

VDS Exploit — `deposit()` Mints 5× VDS for AVD, Redemption Refunds AVD 1:1

Loss · ~$11,136 (≈ 11,136.14 BSC-USD) profit to the attacker, drained from the AVD/BSC-USD Panca…

VDS is a token whose deposit(token, amount) lets a user deposit AVD and receive freshly-minted VDS. From the live trace, the mint rate is 5 VDS per 1 AVD (depositing 69,…

weETH LRT Minter Exploit — Unprotected `0x03b79c24(address)` Token Sweep

Loss · ~$285.7K — 106.93 weETH swept, sold for 114.53 WETH (≈ $285.6K @ ~$2,494/ETH)

The vulnerable contract is a liquid-restaking-token (LRT) minter for weETH (its dispatch table exposes depositWeEth(uint256,address,address,bool), mintNrETH(), userLstBa…

WETC Token Exploit — Fee-on-Transfer + `skim`/`sync` Reserve Drain

Loss · ~$101k — attacker walked off with 101,421.95 USDT (net +101,395.4 USDT) drained from the…

WETC is a tax token. Its _transfer override taxes any transfer out of the pair as a "buy" (transferBuy, contracts_WETC.sol:104-117) and any transfer into the pair as a "…

"b5cb0555" Exploit — Permissionless `printMoney()` Forwarder Drains a Trusted Treasury (Confused Deputy)

Loss · ~$35.3K drained from the treasury (22.49 WBNB + 1.51 ETH + 5,713.6 USDT + 4,253.6 TUSD +…

The protocol is split into two contracts that share the b5cb0555 vanity-address family:

AaveBoost Exploit — Permissionless `proxyDeposit()` Subsidy Drain

Loss · ~$14.8K — ≈48.6 AAVE drained from the AaveBoost subsidy reserve

AaveBoost.proxyDeposit(asset, recipient, amount) is meant to be a "deposit booster": when a user deposits into the AavePool through it, the booster contract adds a fixed…

BankrollNetwork Stack Exploit — Stale `lastPayout` Instant-Drip Dividend Inflation

Loss · 24.586 WBNB net attacker profit (≈ 29.786 WBNB of honest user deposits drained from the c…

BankrollNetworkStack is a "drip pool" rewards contract (a fork of the well-known X-Perpetual / Bankroll family). Donations go into dividendBalance_, and a time-based dri…

BankrollStack (BankrollNetworkStack) Exploit — Flash-Loan Dividend-Drip Capture

Loss · 5,385.806 BUSD (~$5.4K) profit to the attacker, drained from the contract's dividend pool

BankrollNetworkStack is a "perpetual rewards" / POWH-style contract: users buy() shares with BUSD, pay an 8–10% fee that accumulates into a dividendBalance_ pool, and th…

Gangster Finance "OG Vault" Exploit — Stale `lastPayout` Drip-Pool Drain via Self-`donate()` + `harvest()`

Loss · ~0.1558 BTCB ≈ $16.5k drained from the vault's BTCB reserves

Gangster Finance's TokenVault is a yield "vault" where users stake a base token (here BTCB) and earn dividends from a drip pool (dripPoolBalance). The drip pool is paid…

Gradient Market Maker Pool Exploit — Mixed-Unit LP Share Accounting (ETH wei summed 1:1 with ERC-20 token units)

Loss · ~$5,000 — 3.0109 ETH of honest LP liquidity drained from the GRAY pool (PoC nets 2.346 WE…

GradientMarketMakerPool is a per-token "market maker" pool where users deposit ETH + a token and receive LP shares. The pool computes everything — LP shares, total liqui…

Meta Pool (mpETH) Exploit — Free `mint()` on a Native-ETH ERC4626 Vault

Loss · PoC measured profit: 8.892 ETH in cash + 77.79 mpETH (≈ 85.8 ETH @ 1.1029 ETH/mpETH) ≈ ~9…

Staking is Meta Pool's liquid-staking vault. mpETH is its ERC4626 share token, but the asset is native ETH, not the ERC20 _asset (WETH) that OpenZeppelin's ERC4626Upgrad…

MOMO Buyback-Bot Exploit — Permissionless, Slippage-Free `5ff02eae()` Sandwiched on a Thin USD1/MOMO Pool

Loss · ~$48.3K — 48,264.80 USD1 extracted from the MOMO buyback bot

0x8490… is a buyback/treasury bot for the MOMO token. It holds a pile of USD1 (48,758.887 USD1 at the fork block) and exposes a public function — selector 5ff02eae() — t…

Resupply Finance Exploit — Empty-Vault Share-Price Inflation → `exchangeRate = 0` → Uncollateralized Borrow

Loss · ~$9.6M — attacker netted 9,806,396.36 USDC from a 4,000 USDC flash-loan, zero starting ca…

Resupply lets users borrow its reUSD stablecoin against ERC-4626 vault shares (here, a CurveLend crvUSD/wstUSR lending vault). The collateral is priced by a one-line ora…

Stead Farm Exploit — Permissionless STEAD Drain via Un-Access-Controlled Function

Loss · ~$14.5k — 135,000 STEAD (6 decimals) drained from the Farm contract

The Stead protocol deployed a farming / staking contract (proxy 0xf9FF…, implementation 0xca9d57…) that was funded with STEAD tokens to pay out yield. Its decompiled dis…

Cork Protocol Exploit — Permissionless Market Creation with Attacker-Controlled `exchangeRateProvider`

Loss · ~$12M — 3,760.88 wstETH drained from the live wstETH↔weETH PSM/Vault market

Cork Protocol lets a "Module" (a PSM + Liquidity-Vault pair) be created for a Redemption-Asset / Pegged-Asset (RA/PA) couple. Each module mints two receipt tokens per ep…

IRYSAI Exploit — Backdoored `transferFrom` Lets the Tax Wallet Drain the LP Pool

Loss · ~$69.6K — 107.46 WBNB drained from the IRYSAI/WBNB PancakeSwap pair

IRYSAI's transferFrom contains a hidden privilege for the tax wallet: when msg.sender == _taxWallet, the function performs the balance move but skips the allowance deduc…

KRC Token Exploit — Fee-on-Transfer Token Burns From Its Own Pool, Desyncing Reserves

Loss · ~$7,155 — 7,154.81 USDT drained from the KRC/USDT PancakeSwap-V2 pair

KB (the KRC token) is a fee-on-transfer / reflection token. When tokens are transferred into the AMM pair, its _transfer override does something fatal: it burns a slice…

MBU Token Exploit — Decimal-Scaling Bug in `deposit()` Mints ~1e18× Too Many Tokens

Loss · ~2,157,126 BUSD (~$2.16M) drained from the MBU/USDT PancakeSwap pair

The deposit() entry point on 0x95e9… accepts a token (here WBNB), prices it in USDT via a spot AMM oracle, then mints MBU to the depositor based on that USD value divide…

Nalakuvara / LotteryTicketSwap50 Exploit — Fixed-Payout Redemption Drains the AMM Pool

Loss · 105,470 USDC (net profit to attacker, drained out of the NATA/USDC liquidity pool)

LotteryTicketSwap50 lets a user "buy lottery tickets" with USDC (transferToken) and later "destroy" those tickets to get a refund (DestructionOfLotteryTickets). The refu…

RICE / BentoBox-Clone Exploit — Signature-less `setMasterContractApproval` Lets Anyone Drain Any Depositor

Loss · ~34.52 WETH ($88.1K) — drained from a single depositor of a BentoBox/DegenBox-style vault

The vulnerable contract is a BentoBox/DegenBox clone (the function selectors, parameter layouts, and emitted events — LogRegisterProtocol, LogSetMasterContractApproval,…

Unwarp Exploit — Permissionless `unwrapWETH(amount, recipient)` Self-Balance Drain

Loss · 3.9813269016365735 WETH (≈ $9K) — the vulnerable contract's own pre-existing WETH balance

The vulnerable contract exposes a permissionless function unwrapWETH(uint256 amount, address recipient). It unwraps the contract's own WETH (WETH.balanceOf(this)) into n…

Usual Money Exploit — `VaultRouter.deposit` Routes Through an Attacker-Controlled Swap Venue With No Real Slippage Floor

Loss · ~$43,000 — 15.925 WETH extracted out of Usual's VaultRouter / WrappedDollarVault deposit…

VaultRouter.deposit(augustus, USD0++, amountIn, minTokensToReceive, …, swapData) lets a depositor hand in USD0++, which the router unwraps 1:1 into USD0 and then swaps i…

YDT Token Exploit — Permissionless `proxyTransfer()` Drains the Liquidity Pool

Loss · ~41,337 USDT drained from the YDT/USDT PancakeSwap pair (PoC reports a final balance of 4…

YDTMainContract is a fee-on-transfer ("tax") token whose sub-modules (tax, referral, deflation, liquidity, LP-tracking) are allowed to move tokens around without re-trig…

AIRWA Exploit — Permissionless `setBurnRate()` + Zero-Value Transfer Pool-Reserve Annihilation

Loss · ~56.73 BNB (≈ $34,205 of BSC-USD liquidity drained from the AIRWA/BSC-USD PancakeSwap pai…

AIRWA is a fee/burn token whose burn rate is settable by anyone through a public, unauthenticated setBurnRate(uint256) function (selector 0x189d165e, no onlyOwner). When…

BTNFT Exploit — Permissionless Reward Theft via a Broken `_update` Override

Loss · 19,025.92 BUSD received by the attacker (19,158.41 BTT reward drained, then dumped)

BTNFT is an ERC-721 (OpenZeppelin v5) where each NFT carries a 1-year linear vesting schedule of BTT tokens. To let an owner "redeem" an NFT's vested rewards, the contra…

Impermax V3 Exploit — Self-Liquidation Debt Wipe via `restructureBadDebt`

Loss · ~$300k total (per QuillAudits / SlowMist). This single reproduced run nets 34.60 WETH ≈ $…

Impermax V3 lets you deposit ERC-20s into a Borrowable pool (you get pool shares whose value is (cash + outstandingDebt) / totalSupply) and borrow against a tokenized Un…

Laundromat Exploit — Free Ring-Membership Drains a Dormant Mixer

Loss · ~$1.5K — 1.0 ETH (the entire pool, deposited by one honest participant)

Laundromat is an ancient on-chain mixer that implements a linkable ring signature (the academic "Möbius"/ring-signature ETH-mixing scheme). It is parameterised by a fixe…

Life Protocol Exploit — Asymmetric Bonding Curve: Pump the Buy Price, Dump at 90% of the Peak

Loss · ~18,045 BUSD drained in the reproduced transaction (the original incident is reported at…

LifeProtocolContract is a "bonding-curve"-style market maker for the LIFE token, priced in BUSD. It keeps a single mutable currentPrice (:1071).

R0AR (1R0R) Staking Exploit — Backdoored `user.amount` + Self-Capping `EmergencyWithdraw()` Drain

Loss · ~$777K — 100,000,000.0999 1R0R + 26.777 R0AR/WETH LP tokens drained from the staking cont…

R0ARStaking is a single-pool staking contract: users stake R0AR/WETH LP tokens and accrue 1R0R rewards. It exposes three withdrawal-ish paths: withdraw(), harvest(), and…

Unverified `0x607742A2` Exploit — Permissionless `uniswapV3SwapCallback` Approval Drain

Loss · ~$62.3K — 22.51 WETH + 27,260 USDC drained from a single approving wallet

The contract at 0x607742A2 is a generic "router/swap-executor" helper that interacts with Uniswap-V3-style pools. It implements uniswapV3SwapCallback(int256 amount0Delta…

YB Token Exploit — Sell-Triggered Uncompensated Pool-Reserve Burn (`sync()` price manipulation)

Loss · 15,261.68 BUSD (~$15.3K) drained from the YB/BUSD PancakeSwap pair

The YB token's transfer-fee machinery burns YB directly out of its own AMM pair's balance and then calls pair.sync() on every taxed sell. The relevant call lives in swap…

1inch Fusion V1 `Settlement` Exploit — Yul Calldata-Length Underflow Hijacks the Resolver Dynamic Suffix

Loss · ~$4.5M across affected resolvers (this PoC reproduces 1,000,000 USDC drained from a singl…

1inch Fusion's Settlement contract fills Fusion orders by calling the Aggregation Router V5's fillOrderTo, and appends a "dynamic suffix" (totalFee, resolver, token, rat…

Alkimiya SilicaPools Exploit — `uint128(shares)` Truncation Inflates Redemption Payout

Loss · ~$95.5K — 1.14015390 WBTC drained from the SilicaPools contract

SilicaPools issues paired ERC-1155 long and short tokens against collateral. The amount of collateral and the per-pool sharesMinted accumulator are tracked in uint128 st…

BBX Token Exploit — Stuck Daily-Burn Repeatedly Drains the Pool's BBX Reserve

Loss · ~11,673.92 BUSD (≈ $11,902) drained from the BSC-USD/BBX PancakeSwap pair

BBXToken's _transfer override contains a "daily deflation" feature: once a day, it burns burnRate (3%) of the liquidity pool's BBX balance directly out of the pair and t…

DCF Token Exploit — Transfer-to-Pair Reserve Burn Inflates DCF Price

Loss · ~442,028 BSC-USD (~$442K) drained from the DCF/BSC-USD and DCT/BSC-USD PancakeSwap pairs

DCF is a "deflationary" ERC20. Its overridden _transfer (contracts_DCF.sol:124-165) contains a hook that fires whenever someone transfers DCF to the liquidity pair. In t…

DUCKVADER Exploit — Permissionless Free-Mint via Broken `buyTokens()` + Storage Shadowing

Loss · ~5 ETH total in the live attack (200 mint-loops). The extracted PoC uses 10 loops and sti…

DUCKVADER's buyTokens(uint256 amount) is supposed to be a paid mint endpoint. It is catastrophically broken in three independent ways (Contract.sol:700-712):

H2O Token Exploit — `skim()`-Triggered Self-Minting Reward Drain

Loss · 22,470.89 USD (≈22,470 BSC-USD), drained from the H2O contract's own reserve via the H2O/…

H2O is a "reflection"-style token. On every transfer where the sender is the AMM pair, it runs a hidden reward routine _calulate() (Token.sol:509-562) that (a) mints sid…

Pump / TiPTAG Token Exploit — Permissionless Pre-Listing Liquidity Seeding Drains the Bonding-Curve Listing

Loss · ~11.29 BNB (~$6.4K) — net profit, drained across 4 Pump/TiPTAG tokens in one tx

The Pump (TiPTAG) launchpad mints tokens that live on a bonding curve until enough is sold, at which point buyToken() auto-lists the token by dumping liquidityAmount (20…

SamPrisonman (SBF) Exploit — Externally-Controlled Balance Write Lets an Attacker Zero the AMM Pool Reserve

Loss · ~$14K — 6.5793 WETH drained from the SBF/WETH Uniswap V2 pair

SamPrisonman is a "SBF / Sam Prisonman" meme token whose ERC20 _transfer does not decrement the sender's balance the normal way. Instead it makes an external call to a h…

SBR Token Exploit — `skim()` + broken token `transfer` zeroes a Uniswap-V2 reserve

Loss · ~8.495 ETH (8,495,031,867,920,840,930 wei) — the entire WETH side of the SBR/WETH pool

The SBR token has a broken transfer implementation: calling transfer(x, 0) (or otherwise transferring out a tiny/zero amount) wipes the entire balance of the caller inst…

SIR (Leverage) Exploit — Dirty Transient-Storage Slot Turns `uniswapV3SwapCallback` Into an Open Drain

Loss · ~$353.8K — 17,814.86 USDC + 1.4085 WBTC + 119.87 WETH drained from the SIR Vault singleton

SIR's Vault uses EVM transient storage (EIP-1153, tstore/tload) as scratch space during a leveraged mint:

wkeyDAO Exploit — Fixed-Price Presale `buy()` vs. Live AMM Price Arbitrage

Loss · ~$767 realized net (one attack tx)

WebKeyProSales is a presale contract. Calling buy() (contracts_webkey_Sales.sol:119-170) charges a fixed currentSaleInfo.price of 1,159 BUSD and immediately mints + tran…

Yzi AI (YziAI / YziLabs) Exploit — Hard-Coded `manager` Backdoor in `transferFrom`

Loss · ~376.07 BNB (≈ $222K @ ~$590/BNB) — the entire WBNB side of the YziAI/WBNB PancakeSwap po…

YziLabs is a vanilla-looking OpenZeppelin ERC20 with a booby-trapped transferFrom. The override contains a magic-number branch:

`0xD4F1…7Cb3` Exploit — Uninitialized `OwnableUpgradeable` Lets Anyone Become Owner and `withdrawFees()`

Loss · 23.00702629 BNB ≈ $15.2k (entire native balance of the contract)

The contract at 0xD4F1…7Cb3 is a PancakeSwap V2/V3 arbitrage / swap-helper bot built on OpenZeppelin's upgradeable base contracts (Initializable + OwnableUpgradeable). I…

Bybit Cold-Wallet Heist — `DelegateCall` masterCopy Overwrite of a Gnosis Safe

Loss · ~$1.46–1.5B — 401,346.77 ETH + 8,000 mETH + 15,000 cmETH + 90,375.55 stETH drained from B…

This was not an exploit of a flaw in the Gnosis Safe contracts. The Safe behaved exactly as designed. It was a supply-chain / signing-infrastructure compromise: the atta…

Four.meme Launchpad Exploit — Liquidity Migration Front-Run via Pre-Initialized Pancake V3 Pool

Loss · ~$186K total across ~20 meme tokens. This PoC demonstrates one token (snowboard): 23.4259…

Four.meme is a "pump.fun"-style launchpad: users buy a meme token along a bonding curve, and once market cap hits a graduation threshold (~24 BNB) the platform "migrates…

Hegic V8888 Put Pool Exploit — Re-withdrawable Liquidity Tranche (`withdrawWithoutHedge`)

Loss · ~$104M reported total drain of the Hegic V8888 pools; this PoC mechanically reproduces th…

HegicPool.withdrawWithoutHedge(trancheID) lets a tranche owner redeem their pool share for the underlying token. The redemption logic in _withdraw (contracts_Pool_HegicP…

Peapods Finance Exploit — Permissionless `depositFromPairedLpToken()` Forced Swap at Manipulated Spot Price

Loss · ~$3,500 — 141.11 pOHM drained from the protocol's TokenRewards contract + the pOHM/PEAS U…

Peapods TokenRewards periodically converts the paired LP token it accumulates (here pOHM) into the rewards token (PEAS) and distributes the proceeds to stakers. That con…

StepHeroNFTs Exploit — Reentrancy in `claimReferral()` Drains the Marketplace's BNB

Loss · 137.9 BNB (~$92K at the time) net profit, drained from the marketplace contract's BNB bal…

StepHeroNFTs is an NFT marketplace that pays referral commissions in native BNB. When an NFT is sold, a fixed commission (here 3 BNB) is credited to a "referral balance"…

Unverified "Slot" Staking Contract — `releaseSlot()` Reentrancy BNB Drain

Loss · ~$6,700 — 10.2 BNB drained from the contract's native balance (attacker walked off with 1…

The contract is a BNB "slot" staking / lottery product. A user calls unlockSlot(uint256) with BNB to activate a slot, and later calls releaseSlot(uint256) to get their d…

Venus (zkSync Era) Exploit — wUSDM ERC4626 Donation → Oracle Price Inflation → Self-Liquidation Drain

Loss · 86.72 WETH ≈ $201,600 extracted by the attacker (paid as a Venus self-liquidation drain).…

Venus's zkSync deployment listed wUSDM (an ERC4626 wrapper over the USDM stablecoin) as a market. wUSDM's USD price is computed by Venus's ERC4626Oracle, which simply re…

98Token ("98#") Exploit — Unprotected `public swapTokensForTokens()` Drains the Contract's Token Reserve

Loss · ~$28K — 27,995.39 USDT swept out of the USDT/98# PancakeSwap pair

The Main contract is a "car-racing / guild" GameFi app whose reward token is 98#. To run its game economy it embeds thin wrappers around the PancakeSwap router and, in i…

AI IPC Token Exploit — Sell-Triggered Pool Burn (`_destroy`) Drains the AMM Reserve

Loss · ~591,933 USDT (~$590K) drained from the IPC/USDT PancakeSwap pair

Token ("AI IPC") is a deflationary token with a "destroy → reproduce" mechanic. On every sell (an IPC transfer into the IPC/USDT pair), the token's _transfer hook calls…

AIXBT Forced-Swap Exploit — Public "Auth-Key" Selector Swaps Victim's Whole Balance into Attacker LP

Loss · 13,598.795675 USDC (13,598,795,675 raw, 6-dec) drained from the victim — tx 0x5a7462b79d6…

1. The victim contract 0x32cD8541… exposes a public function with selector 0x229e9756 that, when called with the right key, approves its entire token balance to the Unis…

AST Token Exploit — Faulty `transfer` Liquidity-Tracking Burns Pool Reserves Twice

Loss · ~$65,000 — 65,145 BUSD drained from the BUSD/AST PancakeSwap pair

AST is a fee-on-transfer token that tries to detect liquidity adds/removes by watching balances inside its own _transfer hook. The detection logic is broken in two compo…

HORS Exploit — Unprotected, Attacker-Callback `0xf78283c7` Drains the Pool's LP Tokens

Loss · 14.799349453861436868 WBNB (~$10.4K at ~$700/BNB on the day) — the entire HORS/WBNB liqui…

The HORS project deployed a helper contract at 0x6f3390…eaba that custodied the LP tokens of the HORS/WBNB PancakeSwap v2 pair. That contract exposes a function with sel…

JPulsepot / FortuneWheel Exploit — Permissionless `swapProfitFees()` + Spot-Price Fee Sizing

Loss · ~$21.5K — 30.968 WBNB profit, extracted from the FortuneWheel casino's accumulated fees /…

FortuneWheel is an on-chain casino. House profit accumulates per game in various tokens. A maintenance routine, swapProfitFees() (contracts_FortuneWheel_FortuneWheel.sol…

LAURA Token Exploit — Permissionless `removeLiquidityWhenKIncreases()` Reserve Burn

Loss · 12.340357077284305206 ETH (~$41.2K) drained from the LAURA/WETH Uniswap-V2 pair

LAURA (deployed by a pump.fun-style launchpad as a PumpToken) has a public, unprotected function removeLiquidityWhenKIncreases(). It reads the LAURA/WETH pair's reserves…

LPMine Exploit — Reward-Time Desync + Pool-Balance Reward Valuation Drains the Reward Pool

Loss · ~$24k — net +23,293.95 USDT to the attacker; the LPMine reward pool was drained of ≈402.2…

LPMine is a "stake-LP, earn-tokens" farm. A staker's claimable reward is computed in getCanClaimed() as

Mosca Exploit — `exitProgram()` Pays Out Internal Credit That Was Never Backed by a Deposit

Loss · ~$19K combined — both stablecoin sides of the contract were drained. The PoC's USDC-only…

Mosca is an MLM-style "citizenship" program that keeps per-user internal balances in three fields — balance (MOSCA credit), balanceUSDT, balanceUSDC (Mosca.sol:175-187).…

Mosca Exploit — Self-Compounding `join()` Balance Inflation Drains the Treasury

Loss · ~$37.6K — 11,395.25 BUSD + 26,254.20 USDC drained from the Mosca contract

Mosca is an on-chain MLM / "membership" program. Members join() by paying USDT (BUSD on BSC) or USDC, in exchange for an internal credit (users[me].balance) that they ca…

Odos Limit Order Router Exploit — Public ERC-6492 `isValidSigImpl(... allowSideEffects = true)` Arbitrary-Call Drain

Loss · 15,578.334373 USDC (≈ $15.6K) drained from the router; total campaign across chains repor…

The Odos limit-order router inherits the Ambire UniversalSigValidator implementation of ERC-6492 ("Signature Validation for Predeploy Contracts"). ERC-6492 lets a not-ye…

Paribus Exploit — Algebra/Camelot LP-NFT Collateral Priced from Manipulable Spot Price

Loss · ~$86K — borrowed assets (ETH + ARB + WBTC + USDT) drained from the Paribus lending market…

Paribus is a Compound-fork lending protocol on Arbitrum that, beyond ordinary ERC-20 markets, accepts concentrated-liquidity LP NFTs (Camelot/Algebra V1 and Uniswap V3 p…

RoulettePotV2 Exploit — Permissionless `swapProfitFees()` Drained Through a Manipulated WBNB/LINK Spot Price

Loss · 39.52 WBNB ≈ $27.7K (reported ~$28K) — extracted from the WBNB/LINK PancakeSwap V2 pool

RoulettePotV2.swapProfitFees() is a permissionless maintenance function that converts the casino's accumulated profit/fee tokens into BNB, then buys Chainlink LINK with…

Sorra Staking Exploit — Reward Recomputed In Full On Every Partial `withdraw`

Loss · ~8 ETH across the victim's three deposit/attack cycles (PoC header: 4.8 + 2.4 + 0.8 ETH).…

sorraStaking lets a user stake SOR in a tier (tier 0 = 14-day lock, 5% reward) and later withdraw(_amount) their principal plus a vesting reward. The reward is computed…

The Idols NFT Exploit — Self-Transfer Reward Double-Claim via `delete claimedSnapshots`

Loss · 97 stETH total across ~15 repeated transactions (~$329K at the time). This PoC reproduces…

IdolMain is an NFT ("god") that streams stETH rewards to its holders. It tracks a global cumulative reward index rewardPerGod and, per holder, a claimedSnapshots[addr] w…

UniLend V2 Exploit — Collateral Self-Withdrawal via Flawed Health-Factor Accounting

Loss · ~60.67 stETH (≈ $200K at the time) — the entire stETH liquidity of the USDC/stETH pool

UniLend V2 is an isolated-pair money market. Each pool holds two assets — here token0 = USDC, token1 = stETH. A user's position (an NFT) can simultaneously lend one asse…

Bizness Locker Exploit — Reentrancy in `splitLock` Refund Drains Locked Tokens

Loss · ~$15.7k — 4,412,545.597 BIZNESS double-claimed out of the shared Locker vault

The Bizness Locker lets anyone lock ERC20/NFT tokens until an unlockTime. splitLock is supposed to carve a portion of an existing lock into a new lock. But splitLock cha…

BTC24H `Lock` Exploit — Access-Control-Free `claim()` Drains a Token Vesting Lock

Loss · ~$85.7K — 4,953.03 USDT + 0.76433345 WBTC drained from two BTC24H Uniswap-V3 pools

Lock is a one-shot token-vesting contract that holds 110,000 BTC24H to be released to a beneficiary on Dec 15, 2024 (releaseDate = 1734220800). The release function is:

Clober DEX Exploit — `Rebalancer._burn` Reentrancy via Attacker-Controlled `burnHook`

Loss · ~$501K — 133.71 WETH drained from the Clober Rebalancer vault

Clober's Rebalancer is an LP-vault that wraps two Clober order-books. When you burn() your LP shares it computes your payout from the pool reserves, burns your shares, c…

JHY Token Exploit — Dividend Pool Drained via 100× Over-Credited `distributeCAKEDividends`

Loss · ~$11.2k — 11,231.38 BSC-USD (USDT) extracted (started with 26.54, ended with 11,231.38)

JHYToken charges a 3% tax on every sell into the Pancake pair: 2% burned to dead, 1% sent to a "dividend tracker" (dividendLPTracker, the DIVIDEND_JHYLP contract) so LP…

LABUBU Exploit — Self-Transfer Balance Inflation via Stale Cached Balances

Loss · 17.40 BNB (~$12,048) — drained from the VOVO/wBNB PancakeSwap V2 pair

LABUBU's _transfer (LABUBU.sol:119-141) reads both the sender's and the recipient's balance into local variables at the top of the function, then writes them back indepe…

MoonHacker Vault Exploit — Unauthenticated AAVE Flash-Loan Callback Drains the Vault

Loss · ~$318.9K total across the attacker's full campaign; 109,386.69 USDC drained from the mUSD…

MoonHacker is a "smart leverage" helper vault that wraps Moonwell (a Compound-fork lending market) positions behind AAVE V3 flash loans. The vault's AAVE callback, execu…

Pledge Exploit — Permissionless `swapTokenU()` Drains the Contract's Token Holdings

Loss · ~$15K — 14,994.30 USDT swapped out to the attacker

Pledge is a staking/referral ("pledge") front-end contract that holds a large balance of its own project token, MFT. To convert its MFT holdings into USDT it exposes a h…

SlurpyCoin Exploit — Attacker-Timed Token-Owned `BuyOrSell` Pool Manipulation

Loss · ~$3K (reported). PoC nets 7.4118 BNB of pool WBNB, intra-transaction, off a 40 WBNB flash…

SlurpyCoin is a "reflection + auto-liquidity" meme token. Its _transfer hook contains a BuyOrSell() routine (SlurpyCoin.sol:1123-1138) that fires automatically whenever…

0x Protocol "Settler" Exploit — Arbitrary External Call via `BASIC` Action Drains a Leftover Approval

Loss · ~$66,000 — 308,453,642.48 "Hold" (EVERYBODY) tokens drained from a single victim

0x Protocol's Settler is a swap router whose execute() entry point runs a list of "actions". One of those actions, BASIC, is a generic "call this pool with this data" pr…

AkashaOFT (AK1111) Exploit — Permissionless `nonblockingLzReceive1()` Free-Mint Backdoor

Loss · ~15,907.5 USDT drained from the AK1111/USDT PancakeSwap pair in this single PoC tx (incid…

AkashaOFT is a LayerZero OFT v1 (Omnichain Fungible Token) where new supply is normally minted only when a cross-chain message arrives through the LayerZero endpoint. Th…

ChiSale Exploit — Revenue-Share Computed on Full `msg.value` (Self-Referral ETH Drain)

Loss · ~$16.3k — 5.78078 ETH drained from the ChiSale contract's ETH reserves

ChiSale.buy() is a 2018-era token-sale contract. A buyer sends ETH; the contract gives out tokensToBuy = msg.value / 0.001 ETH CHI, refunds any unused ETH, and pays a 22…

CoW Protocol Solver-Router Exploit — Unvalidated `uniswapV3SwapCallback` Drains Settlement's Residual WETH

Loss · 5.373296932158610028 WETH drained from the GPv2Settlement contract (PoC-verified). The De…

A solver in CoW Protocol is an externally-operated agent that fills user orders by routing them through AMMs (Uniswap, Pancake, etc.). To do that, the GPv2Settlement con…

DeltaPrime Exploit — Unwhitelisted `claimReward()` Pair + Cross-Function Reentrancy Drains a SmartLoan's Borrowed Funds as "Reward"

Loss · 66.6195 WETH per loop drained from a DeltaPrime lending pool in the reproduced tx (≈ $211…

A DeltaPrime SmartLoan is an isolated borrowing account (a beacon proxy) with a TraderJoe-V2 integration facet. Its claimReward(ILBPair pair, uint256[] ids) function is…

ERC1967Proxy (0xb7E1…) Exploit — Unauthenticated "Order Settlement" Drains Proxy Reserves

Loss · ~$8.5k — 8,484.92 BEP20-USDT drained from the proxy, sold for 13.04 BNB

The contract at 0xb7E1… is an upgradeable order/escrow contract (an "order" data structure with a monotonic nextOrderId, per-order bytes32 payload, and a receipt/share t…

Matez Staking Exploit — `uint128` Truncation Lets Anyone Stake "for Free"

Loss · ~$80,000 — the staking contract pays out reward tokens it should never have owed

MatezStakingProgram.stake(uint256 amnt) is supposed to pull amnt-worth of deposit tokens from the user and credit them with an investment of amnt. But it computes the am…

MFT Token Exploit — Burn-on-Sell `sync()` Drains the PancakeSwap Pair

Loss · ~$33.7k — 33,695.36 USDT (BSC-USD) net profit drained from the MFT/USDT PancakeSwap pair

MFT is a "fee-on-transfer + auto-nuke-LP" meme token. On every sell into the pair, while a launch window is open (block.timestamp < _startTime1), _tokenTransfer calls bu…

NFTG Presale Exploit — Mispriced `PresaleWithUSDT()` Pays ~13× the USDT Deposited

Loss · ~$10,044 — 10,044.49 BEP20-USDT drained from the presale contract

The NFTG presale contract exposes a public function PresaleWithUSDT(uint256 amount, address recipient) (selector 0x85d07203). The intended flow is "deposit USDT, receive…

Polter Finance Exploit — Spot-Reserve Price Oracle Manipulation Drains an Aave-V2 Lending Market

Loss · ~$7M — attacker borrowed out the entire lending market against 1 BOO of "collateral". Thi…

Polter Finance is an Aave-V2 fork lending market on Fantom that accepted SpookySwap's BOO as a collateral asset. Its price oracle for BOO derived the BOO price from the…

RichPip (RPP) Token Exploit — Sell-Triggered LP Burn Pumps a Self-Manipulated Pool

Loss · +9,718.11 USDT profit reproduced in-fork (header reports total loss ≈ $14.1K)

RichPipToken is a deflationary token whose sell path runs _burnLpsToken(amount). That routine burns 2.06 × amount of RPP directly out of the AMM pair's balance and then…

Stake319 (X319) Exploit — Permissionless `claimEther()` drains the contract's BNB

Loss · 20.85 BNB ≈ $12.9k — 100% of the BNB held by the token contract

Stake319 is a BSC token that, at the time of the hack, held 20.85 BNB as its own native balance. It exposes a function claimEther(address receiver, uint256 amount) whose…

vETH (Lambo.win) Exploit — Unbacked `takeLoan` via `addVirtualLiquidity` Inflates an AMM Pair

Loss · ~$447K total across 3 attackers; this PoC reproduces the vETH-BIF leg = 132.51 ETH profit…

Lambo.win's VirtualToken ("vETH") exposes a privileged takeLoan(to, amount) (src_VirtualToken.sol:90-102) that mints brand-new vETH out of thin air — _mint(to, amount) —…

VRUG ("Vitalik's Rug") Exploit — Unsynced UniswapV2 Reserve Donation Harvest

Loss · ~$8.4K — 2.9038726878518077 WETH harvested out of the VRUG/WETH pair

Someone (the VRUG deployer / a holder) transferred 850,000,000 VRUG directly into the VRUG/WETH UniswapV2 pair without calling sync() or trading through it. A UniswapV2…

AIZPT314 Exploit — ERC-314 "Buy Mints 2× From Reserve" Price-Skew Drain

Loss · 34.88564338 WBNB (~$20K USD at the time) drained from the AIZPT314 token's own liquidity

AIZPT314 is an ERC-314 "no-router AMM" token: the token is its own liquidity pool. You send it BNB via receive() and it mints/transfers you tokens (buy); you transfer to…

CompoundFork (Pike Finance "uSUI") Exploit — Spot-Price Oracle Manipulation of a Compound v2 Fork

Loss · ~$1M total protocol drain; the reproduced WETH leg = 256.05 WETH (≈ $632K @ ~$2,470/ETH)

A Compound-v2 fork on Base (the "Pike"/uSUI markets) priced its uSUI collateral via a custom price feed 0xc112…7e0c that reads the instantaneous slot0().sqrtPriceX96 of…

Erc20transfer Exploit — Permissionless Arbitrary `transferFrom` Drainer (`amount==0` ⇒ "take it all")

Loss · $14,773.35 — 14,773.35 USDC drained from one victim wallet

0x43Dc865E… is a public "transfer helper" contract that exposes erc20TransferFrom(address token, address to, address from, uint256 amount) with no access control whatsoe…

FireToken Exploit — Deflationary "burn-from-pool + sync()" AMM Reserve Drain

Loss · 8.4556 WETH (~$20K USD) — drained from the FIRE/WETH Uniswap-V2 pair

FireToken advertises itself as an "ultra-hyper-deflationary token … Every time a sell occurs, 100% of the tokens sold are automatically transferred from the liquidity po…

HYDT Protocol Exploit — Spot-Reserve Oracle Lets `initialMint()` Print HYDT at a Manipulated BNB/USD Price

Loss · ~$5,800 USDT (TenArmor / BlockSec figure). Reproduced net profit in this PoC: 5,702.55 US…

HYDT is a USD-pegged stablecoin. Its InitialMintV2.initialMint() lets anyone send BNB and receive HYDT "at 1 HYDT per USD at current BNB/USD rates". The "current BNB/USD…

Lava Lending Exploit — Flash-Inflated Uniswap-V3-LP Collateral Drains an Aave-V2 Fork

Loss · ~$131.8K — 1 USDC, 125,795.6 USDC (cUSDC reserve), 0.00679 WBTC, 2.25 WETH

Lava Lending is an Aave-V2 fork that accepts a fungible wrapper token for a Uniswap-V3 WETH/USDC position (WETHUSDC_LP, 0x6700…) as collateral. The lending pool values t…

MorphoBlue PAXG/USDC Market Exploit — Misconfigured Oracle (1e12 Decimal-Scale Error)

Loss · 229,644.22 USDC (~$230,000) borrowed out of the PAXG/USDC Morpho Blue market and never re…

A new Morpho Blue isolated market PAXG (collateral) / USDC (loan) was created with a MorphoChainlinkOracleV2 instance whose immutable SCALE_FACTOR was computed in the co…

Ora AI (ORAAI) Exploit — Permissionless `stuckToken()` Allowance Grant Drains the Uniswap Pair

Loss · 45.93 WETH (~$131K) drained from the ORAAI/WETH Uniswap V2 pair

ORAAI ships a function that looks like a benign "rescue stuck tokens" helper:

P719 Token Exploit — Sell Price Inflated by an Un-Compensated Burn Inside `transfer()`

Loss · 547.18 BNB (~$312K) drained from the P719 token's internal BNB reserve

P719 is a "tax + burn" token that doubles as its own decentralized exchange. Sending BNB to the contract acts as a buy (it mints P719 and hands most of it to the buyer),…

SASHA Token Exploit — Draining a Deployer-Seeded, Massively Mispriced Uniswap V3 Pool

Loss · ~249.28 WETH (~$600K) drained from the SASHA/WETH Uniswap V3 pool

There were two SASHA/WETH liquidity pools on-chain priced more than a million times apart:

Vista Finance Exploit — Flash-Mint Burns Through the Staking Lock to Sell Free Collateral

Loss · ~29,000 USDT (PoC nets 32,720.67 USDT at the fork block) drained from the Vista "sell/buy…

VistaFinance is an ERC20FlashMint token that also enforces a staking lock: transfer and transferFrom revert unless the caller's free balance (balanceOf − sumOfActiveStak…

`0x16D0…` Exploit — Permissionless `multiCallWithRevert` Arbitrary-Call Allowance Drain

Loss · 329.455616 USDT ≈ $329 — the victim's entire USDT balance

The contract at 0x16D0… exposes a fully permissionless function multiCallWithRevert(address token, bytes[] data). For each entry in data, it executes token.call(data[i])…

0x71cd Swap-Helper Exploit — Permissionless `pancakeV3SwapCallback` Drains a Pre-Approved Victim

Loss · ~$100 — 0.18416 WBNB pulled from the victim's pre-approved WBNB allowance

The contract at 0x71cd31a5… is a small swap-helper / router-like contract that exposes a public pancakeV3SwapCallback(int256 amount0Delta, int256 amount1Delta, bytes dat…

AIRBTC Exploit — Permissionless `done()` Token-Sweep Drain of a Helper Contract

Loss · ~$6.8k — 6,818.14 BSC-USD drained from the AIRBTC/BSC-USD PancakeSwap pair

The helper contract 0x12050… (unverified, AIRBTC-related, owner() = 0xff3F3A…) held a huge balance of AIRBTC tokens — 1,009,907,600,196,326,551,673,167,843 wei (≈ 1.01e9…

Bankroll Network Stack Exploit — Self-Buy Dividend Inflation via `buyFor(bankRoll, …)`

Loss · ~404.46 WBNB net profit (≈ 412.46 WBNB drained from the BankrollNetworkStack contract)

BankrollNetworkStack is a "dividend / staking pool" token (a TRX/ETH-clone "dapp" contract). Every purchase pays a 10% entry fee, and one-fifth of that fee is paid out i…

Bedrock DeFi (uniBTC) Exploit — `mint()` Prices Native ETH 1:1 as Native BTC

Loss · ~$1.7M total during the incident; this PoC reproduces a single flash-loan round netting 6…

Bedrock's Vault.mint() payable function mints uniBTC (a 1:1 BTC-pegged token, 8 decimals) in exchange for the chain's native coin, treating msg.value as if it were nativ…

Caterpillar Coin (CUT) Exploit — LP-Removal "Value Preservation" Mints Free Tokens

Loss · ~$1.26M — 1,260,378 BUSD net profit drained from the BUSD/CUT PancakeSwap pool (PoC heade…

CUT (token name CUT, but the verified contract is named BEP20USDT) is a "DeFi marketing token" that overloads _transfer with bespoke buy/sell/add-LP/remove-LP behaviors,…

DOGGO Exploit — Attacker-Triggered Tax Auto-Sell Self-Sandwich

Loss · ~$7K — net 2.7177 ETH extracted by the attacker in one transaction

DOGGO is a Uniswap-style meme token with an "auto-swap the accumulated sell tax to ETH" feature. Inside every transfer it checks whether its own DOGGO balance has crosse…

HANA Token Exploit — Tax-Swap Self-Dump Price Manipulation via Forced Auto-Sell

Loss · ~$283 — 0.10833 ETH extracted by the attacker EOA

HANA is a Shib-style "tax token." On every sell it can auto-liquidate its own accumulated tax tokens — but the routine swapTokensForEth(...) (HANA.sol:310-322) sells tho…

INUMI Exploit — Unprotected `setMarketingWallet()` Hijacks the `rescueEth()` Recipient

Loss · ~$11,000 — 5.0 ETH drained from the INUMI token contract

The INUMI token contract has two privileged-looking maintenance functions:

MARA (MaraToken) Exploit — Permissionless Mint via an Unprotected "Buy" Proxy that is a Token Keeper

Loss · ~8.8 WBNB (≈ \$4.8K at ~\$550/BNB, Sep 2024) — drained from the MARA/WBNB PancakeSwap pair

MaraToken exposes a privileged mint function, releaseTokenFromEventOfProject(amount, _to, _mode), guarded only by require(_onlyKeeper[msg.sender]) (MaraToken.sol:704-712…

Onyx Protocol (OnyxDAO) Exploit — Empty-Market Exchange-Rate Inflation + Attacker-Controlled `oTokenRepay` Liquidation

Loss · ~$3.8M — 4,107,530 VUSD borrowed (3.81M VUSD net), 7,350,326 XCN, 5,148 DAI, 0.2299 WBTC,…

Onyx Protocol is a Compound-v2 fork. Two facts make it exploitable:

OTSea Staking Exploit — `claim()` Re-Arms Already-Withdrawn Deposits (Double-Withdraw Drain)

Loss · ~$26K — 43,944,445 OTSea tokens drained from the staking contract (99.999% of its holding…

OTSeaStaking lets a user manage many individual deposits (a Deposit[] per account). A deposit's rewardReferenceEpoch field doubles as both its reward-accounting anchor a…

Penpie Exploit — Fake-Market Reward Inflation via Attacker-Controlled `getRewardTokens()`

Loss · This PoC slice nets 1,367.72 agETH + 901.79 rswETH (~2,270 ETH, ≈ $5.6M @ ~$2.5k/ETH). Th…

Penpie is a Pendle "boosting" layer: users deposit their Pendle LP market tokens into Penpie's PendleStaking contract, Penpie stakes them in Pendle for boosted yield, an…

PESTO (Pesto The Baby King Penguin) Exploit — Flash-Loan-Driven Tax Auto-Swap Self-Sandwich

Loss · ~0.5039 ETH profit to the attacker (~$1.3–1.4K at Sept-2024 prices)

PestoTheBabyKingPenguin is a "tax token". Wallet-to-wallet transfers are taxed 70% (_transferTax), and the tax accumulates inside the token contract itself. On any sell…

Planet Finance (PLN) Exploit — Zero-Amount Transfer Triggers Uncompensated Pool Burn

Loss · ~$400k — 164.99 WETH net drained from the WETH/PLN Uniswap-V2 pair (attacker received 165…

PLNTOKEN is a "deflationary" meme token (Planet Finance). Inside its _transfer it has a special branch: when a fee-exempt address sends tokens to the dead address it cal…

Pythia Staking Exploit — Reward-Debt Reset via Receipt-Token Transfer

Loss · ~21 ETH (per PoC header). In the reproduced fork, the attacker turned a 0.5 ETH stake (≈3…

PythiaTokenStaking is ERC20 + AbstractRewards. When you stake(amount) it mints you amount of the staking receipt token SPythia and books a "reward debt" (pointsCorrectio…

Shezmu Exploit — Unprotected `mint()` on the Vault Collateral Token

Loss · ~$4.9M realized (attacker minted 98,999,168,398 ShezUSD of fake stablecoin, then sold wha…

Shezmu is an over-collateralized CDP/stablecoin protocol: deposit a whitelisted collateral token into a ERC20Vault, and the vault lets you borrow() up to ~70% of the col…

Sniper-Bot Exploit — Unprotected Arbitrary-Call Function Drains a Standing WETH Allowance

Loss · ~$12K — 5.049899842444876795 WETH drained from the victim

The victim (0x7c243E…, an EOA whitelisted by the bot) had granted the bot a near-infinite WETH approval (99,999,999,999.998 WETH) so the bot could trade WETH on their be…

Unverified `0x03F9…` Exploit — Permissionless Uniswap V3 Swap-Callback WETH Drain

Loss · ~$1.7k — 0.737035470365687848 WETH (the victim contract's entire WETH balance)

The victim contract 0x03F911…62c0 is a small (≈2.9 KB) helper that holds WETH and exposes an external uniswapV3SwapCallback(int256,int256,bytes) (selector 0xfa461e33). A…

Unverified `0xb309…28Cb` MEV Router — Unprotected `uniswapV3SwapCallback` Token Drain

Loss · 0.36 WETH drained in this tx (≈ $0.9k at Sept-2024 prices; the campaign across the two kn…

0xb309…28Cb is a MEV / arbitrage router that performs Uniswap-V3 flash swaps. A V3 swap works by optimistically sending the output to the recipient and then swap() invok…

WXETA (Wrapped Xeta) Exploit — Unprotected Diamond-Facet `initialize()` → Unlimited Mint → AMM Pool Drain

Loss · ~49,847.5 BUSD drained from the WXETA/BUSD PancakeSwap pair, swapped to 88.30 WBNB (≈ $11…

WXetaDiamond is an EIP-2535 "Diamond" proxy whose token logic lives in a single WXETA facet. That facet keeps its own state in an independent diamond-storage namespace (…

0x8DE7…34E9 Exploit — Permissionless `grantRole` Lets Anyone Self-Grant Admin and Drain the Bridge/Custody Handler

Loss · 10,463.638549999999999999 DAI (≈ $10.5k) drained from the custody/handler contract

The vulnerable contract 0x8DE7…34E9 is an OpenZeppelin-AccessControl-based admin router. Its privileged adminWithdraw(...) function is correctly protected — calling it w…

AAVE ParaSwap Repay Adapter — Lingering Allowance + Arbitrary-Call Collateral Drain

Loss · ~$56,000 across all tokens left in the adapter. PoC steals only the wstETH leg: 0.4259665…

ParaSwapRepayAdapter is a helper contract that lets an Aave user "repay debt with collateral": it pulls the user's aTokens, withdraws the underlying collateral, sells it…

COCO COIN Incident — Abused USDT Allowance Drained via the COCO/USDT Pool

Loss · 280 BNB total across the campaign (per the PoC header / TenArmor). The reproduced slice m…

Despite the way the PoC is framed (and the empty "Vulnerable Contract" field in its header), there is no exploitable code defect in either the COCO token or the PancakeS…

Convergence Finance Exploit — Unvalidated `claimContracts` Lets a Fake Staking Contract Mint the Entire Staking Allocation

Loss · ~$200,000 — 58,718,395.06 CVG minted out of thin air (the entire unminted staking allocat…

The Convergence reward path CvxRewardDistributor.claimMultipleStaking() accepts a claimContracts array directly from the caller and, for each element, calls claimContrac…

iVestDAO Exploit — `skim()` Re-Routed Through a Reflection Token's Burn-Donation Hook

Loss · ~338.28 WBNB (~$190K at the time) — net profit drained from the iVest/WBNB pair

iVESTDAO is an RFI-style reflection token (4 decimals, 1e9 max supply) with a "donations & karma" layer bolted on top. Inside its _transfer (iVESTDAO.sol:1445-1532):

NovaX M2E Exploit — Stake/Withdraw USD-Value Sandwich via Manipulable AMM Oracle

Loss · ~$25,223 — net 25,223.19 USDT extracted in a single transaction

TokenStake lets users stake the NovaX (M2E) token and later withdraw the same dollar value they staked. The catch is how "dollar value" is measured. At stake time the co…

OMPxContract Exploit — Purchase/BuyBack Price Asymmetry Round-Trip Drain

Loss · 4.372869914943298 ETH (~$11,527 at the time) — the entire ETH reserve of OMPxContract

OMPxContract lets users purchase() OMPX with ETH and buyBack() OMPX for ETH. Both sides price OMPX off the same formula — getBuyBackPrice = (contractEthBalance − feeBala…

VOW / Vow Finance Exploit — Permissionless 100× VOW→vUSD `tokensReceived` Mint Mispricing

Loss · ~$1.0M — 175.48 ETH + 595,970.52 USDT + 5,801,632.71 VOW extracted, draining the VOW/WETH…

VSCTokenManager implements the VOW→vUSD conversion: send VOW to it (via the ERC777 tokensReceived hook), it burns the VOW and mints you vUSD ("VSC", a $1-pegged stableco…

Yodl Router Exploit — Permissionless `transferFee()` Drains Pre-Approved User Allowances

Loss · 47,809.355551 USDC (~$47.8K; the PoC header rounds to "~5k", but the on-chain drain repro…

YodlRouter exposes a public, unauthenticated helper transferFee(amount, feeBps, token, from, to) (src_AbstractYodlRouter.sol:162-187). Every single parameter is attacker…

Zenterest Exploit — Stale-Oracle Collateral Mispricing on a Compound Fork

Loss · ~$21,000 — the attacker drained zenWHITE's available cash by borrowing 89.91 WHITE agains…

ZenterestPriceFeed is a push-style oracle: an off-chain reporter periodically signs/submits prices via updatePrice / updateDelegatedPrice, each carrying an updatedAt tim…

DeFiPlaza Exploit — Constant-Product `swap` Degenerates When the Input Reserve Is Drained to Zero

Loss · ~$200K — the entire honest liquidity of the DeFiPlaza 16-token pool drained as a basket (…

DeFiPlaza is a single-contract, 16-token DEX where every trade follows a pairwise x·y=k curve priced directly off IERC20(token).balanceOf(address(this)). The swap math i…

DoughFina Exploit — Permissionless Flash-Loan Connector Drains Any User's DSA

Loss · ~$1.81M (multiple victim DSAs drained; this PoC reproduces one DSA → 596.74 WETH ≈ $1.78M…

DoughFina users each get their own DSA (DeFi Smart Account, a DoughDsa proxy) that holds their Aave V3 position. A "deleverage" connector (ConnectorDeleverageParaswap, C…

GAX Swap Exploit — Caller-Dictated Output Amount With No Input/Price Check

Loss · ~$49,583.84 — the contract's entire 49,583.844 USDT (BEP20 0x55d3…7955) balance

The vulnerable contract is a simple "sell GAX, receive USDT" desk. Its swap entry point (selector 0x6c99d7c8) takes three raw uint256 arguments — effectively swap(uint25…

LI.FI Protocol Exploit — Arbitrary External Call via Unvalidated `depositToGasZipERC20`

Loss · ~$10M across many approved wallets / multiple tokens

LI.FI's GasZipFacet.depositToGasZipERC20() is a public, unguarded function that forwards a fully attacker-controlled LibSwap.SwapData straight into LibSwap.swap() (GasZi…

LinkingTheWorld (LW) Exploit — `_internalSwap` Underflow Mints Infinite Self-Balance & Drains the Fee Pool

Loss · ~7,395.94 BUSDT (≈ $7.4K) drained from the LW/BUSDT PancakeSwap pool

DexToken is a fee-on-transfer ("tax") token. On every taxed sell it converts part of the seller's tokens into the pool's quote asset (BUSDT) by calling pair.swap() direc…

MEV Bot `0xDd7c…3685` Exploit — Forgeable Uniswap-V3 Callback Authentication

Loss · ~$19K — 3.481 WETH + 4,021.32 USDT + 3,023.95 USDC drained from another MEV bot (ETH ≈ $3…

The vulnerable contract is a Uniswap-V3-style MEV / arbitrage bot. Like every V3 integrator, its uniswapV3SwapCallback(int256, int256, bytes) (selector 0xfa461e33) must…

Minterest (Mantle) Exploit — Stale Exchange-Rate in `lendRUSDY` Inflates mUSDY Collateral

Loss · ~427 ETH — 223 WETH + 204 mETH (~$1.36M at the fork-block WETH price of $3,193) drained f…

Minterest deployed a special market, mUSDY, that lets users supply collateral denominated in Ondo's rebasing rUSDY token while the market accounts internally in the unde…

MRP / WMRP Exploit — ERC314 Add/Remove-Liquidity Reserve Drain via Re-entrant Self-Buy

Loss · ~17.96 BNB drained from the WMRP internal AMM pool (≈ the pool's entire ~18.28 BNB tradea…

WMRP is an ERC-314-style "self-contained AMM" token: instead of using an external pair, the token contract itself holds BNB and WMRP and prices swaps off its own balance…

SmartBank (SBT) Exploit — Self-Referential Spot-Price Oracle Manipulation

Loss · ~56,470 BUSD (the SmartBank's entire USDT/BUSD reserve)

Smart_Bank runs a tiny in-house "DeFi bank": you can buy/sell its SBT token and take USDT loans against SBT collateral. Every price it uses is computed live from its own…

Spectra Finance Exploit — Arbitrary External Call via the Router's `KYBER_SWAP` Command

Loss · ~$73,000 — 188,013.365 asdCRV drained from a single victim's wallet

Spectra's Router is a Uniswap-Universal-Router-style command dispatcher: callers pass a byte string of commands and a matching array of ABI-encoded inputs to execute(...…

Unverified MEV/Arb Contract `0x452E25…` — Unauthenticated `uniswapV3SwapCallback` Drains Its Own WETH

Loss · 27.349 WETH (~$90.3K @ ≈ $3,300/ETH on the day) drained from the contract's own balance

The vulnerable address is an unverified contract — almost certainly a private MEV/arbitrage helper that performs Uniswap V3 swaps and therefore implements the Uniswap V3…

APEMAGA Exploit — Public `family()` Backdoor Burns 99.9% of the Pool's Token Reserve

Loss · ~9.25 WETH (~$34k at the time) — the entire WETH side of the APEMAGA/WETH pool

APEMAGA (verified contract name Tonken) ships a public, unauthenticated function family(address) that forwards to an internal _approve_. Despite the innocuous name, _app…

Bazaar (Ryolo LBP) Exploit — Missing `exitPool` Authorization Burns a Victim's Pool Shares to the Attacker

Loss · ~$1.4M total. PoC asserts the WETH leg: 392.368916743742801361 WETH drained, plus 880,539…

BazaarVault is a minimal re-implementation of the Balancer V2 IVault interface that backs the project's LBP (Liquidity Bootstrapping Pool) tokens. Its exitPool(poolId, s…

CRB2 Token Exploit — Fee-on-Transfer Reflection Drain via Self-`sellToken` Loop

Loss · ≈ 15,125.83 USDT (~$15.1K) extracted to the attacker EOA

CRB2 is a heavily-modified fee-on-transfer ("reflection") token. Two design choices combine into a free-money bug:

Dyson.money Exploit — Permissionless `harvest()` Sandwich Steals Pending Yield from a Near-Empty Vault

Loss · ~52 BNB — attacker turned 910 USDT + 910 USDC (≈ $1,820) into 15,003 USDT + 18,001.8 USDC…

DysonVault is a Beefy-style auto-compounding yield vault. It mints share tokens against balance() — the amount of want LP held by the vault's strategy — and lets anyone…

INcufi (AkitaDefender) Exploit — Self-Referral Commission Farming + Un-collateralized 1:1 `swapCommision`

Loss · ~$59,643 — 59,643.218325 BUSD (the staking contract's entire BUSD balance, drained to the…

INcufi is a referral-staking program. You stake BUSD; the contract pays your upline (sponsor / 2nd-level sponsor / country head) commissions denominated in a separate to…

JokInTheBox Staking Exploit — Missing `unstaked` Guard ⇒ Infinite Re-Unstake Drain

Loss · ~9.28 ETH of profit to the attacker (≈ $33–34k at the time); the JOK/WETH Uniswap-V2 pool…

JokInTheBoxStaking.unstake(stakeIndex) is supposed to return a stake's tokens exactly once. It sets a per-stake unstaked = true flag (JokInTheBoxStaking (1).sol:424.sol#…

MineSTM Exploit — `sell()` Redeems the Protocol's Own LP at an Attacker-Manipulated Price

Loss · ~$13.8K — 13,852.73 BUSDT of MineSTM-owned pool liquidity

MineSTM is a referral-tree "mining" / staking contract that accumulates a large LP position in the BUSDT/STM PancakeSwap-V2 pair (it auto-adds liquidity every time a use…

NCD Exploit — Uncapped Self-Mint Staking Reward Farmed Across Disposable Contracts

Loss · ~$6,496 — 6,496.24 USDT (BSC-USD) drained from the NCD/USDT PancakeSwap pair

The NCD token has a built-in "mining" reward: any address whose mineStartTime[addr] is set accrues 1.5% of its own balance per day, and that reward is freshly minted to…

SteamSwap (MineSTM) Exploit — `sell()` Redeems the Protocol's Own LP To Any Caller

Loss · ~$91.5k — 91,514.91 BUSD (USDT, 0x55d3…) net profit drained from MineSTM's pool position

MineSTM is the staking/mining core of "SteamSwap". Users deposit USDT via lpMint(); the contract converts that USDT into BUSD/STM liquidity and holds the resulting LP to…

UwuLend (2nd hack) — Hardcoded `$1.04` sUSDE Oracle + Live 80% Liquidation Threshold

Loss · ~$3.73M — drained across 7 reserves (350.19 WETH + crvUSD + DAI + USDT + FRAX + LUSD + CR…

This is the second UwuLend exploit, ~13 days after the first one ($19.3M, sUSDE Curve-EMA oracle manipulation). After the first hack, UwuLend tried to "patch" sUSDE pric…

UwuLend Exploit (#1) — sUSDe Oracle Manipulation via Curve Spot Prices in the Median

Loss · ~$19.3M total drained from UwuLend (this PoC nets 811.50 WETH, the WETH-denominated resid…

UwuLend prices sUSDe through a custom feed, sUSDePriceProviderBUniCatch.getPrice(). That feed collects 11 candidate prices of USDe-in-USD across five Curve pools plus on…

Velocore V2 Exploit — `feeMultiplier` Overflow Turns a Withdrawal Into a Pool Drain

Loss · $6.88M total across all Velocore pools. This PoC reproduces the drain of the USDC.e/ETH p…

Velocore's weighted/constant-product pool charges an escalating withdrawal fee to discourage sandwiching a single large exit across several smaller exits in the same blo…

WIFCOIN (WIFStaking) Exploit — Time-Ungated `claimEarned()` Reward Loop Drains the Staking Pool

Loss · ~3.41 ETH profit to the attacker; the entire WIF balance of the staking contract (~1.137…

WIFStaking.claimEarned() pays out staking rewards computed as a fixed fraction of the staked principal (amount × apr / 10000) but never checks elapsed time and never enf…

WILL "Trading" Exploit — Over-Sized, Slippage-Free `settleExpiredPositions()` Buy-Back Sandwich

Loss · ~52,434 USDT (~$52,777) drained from the trading contract's USDT balance

trading is a leverage "short-selling" protocol on BSC. A user opens a short with placeSellOrder(usdtAmount, margin, minUsdtReceived): the contract pulls usdtAmount USDT,…

YYS / YYSCoin Exploit — `sell()` Returns the Tokens It "Sold" (Double-Payout Drain)

Loss · ~$28.9K — 28,937.96 BUSD-T net, drained from the YYS/BUSD-T PancakeSwap pair and the proj…

The YYS project runs a custom MLM/reward contract (the "invest" contract at 0xcC0F…, unverified) that offers a sell(uint256 amount) helper so users can liquidate their Y…

EXcommunity (EXboy / EXgirl) Exploit — `purchasedAmount` Inflation via Zero-Value `transferFrom` + Pool Donation

Loss · ~32.89 BNB (~$18–20K at the time) net profit to the attacker

EXgirl is a "smart rebalancing" ERC20 paired with BUSDT. Whenever tokens move from the pair (i.e. someone buys EXgirl), its _update hook tries to measure how much BUSDT…

Galaxy Fox (GFOX) Exploit — Permissionless `setMerkleRoot()` Lets Anyone Forge an Airdrop Claim

Loss · ~$330K — 1,335,339,824.39 GFOX drained from the airdrop distributor (75% of its entire 1.…

The GFOX airdrop distributor verifies claims against a Merkle root: claim(to, amount, proof) recomputes the leaf keccak256(to, amount), walks the supplied proof to a roo…

GPU Token Exploit — Self-Transfer Balance Doubling

Loss · ~$32K — attacker BUSD balance grew from 26.54 BUSD → 32,624.62 BUSD (≈ +32,598 BUSD net)

GPU is a fee-on-transfer "DeFi" token. Buried under its tax/auto-liquidity machinery, every plain transfer that is not to/from the AMM pair eventually calls the inherite…

Liquidity Tokens (TLN / VOW / VUSD) Exploit — LP-Stake Reward Inflation & 1:1 TLN→vUSD Redemption

Loss · ~$200K — attacker netted 108,028.99 BUSD (USDT) + 1,463,194.51 VOW after repaying a 19M-U…

The protocol lets a user stake VOW/VUSD LP tokens into a staking pool (0x85F8…A5f8). The pool mints fresh TLN as a staking reward, and the reward size is computed from t…

MetaDragon (P404) Exploit — Permissionless NFT Burn Mints Free ERC20

Loss · ~$180K reported by the original disclosure (aggregate across the full attack). This singl…

MetaToken is an ERC-404-style dual asset: a small tokenId (≤ 30000) is treated as an ERC721, while a large value is treated as the fractional ERC20. Sending the "ERC721…

MixedSwapRouter Exploit — Arbitrary `transferFrom` via Fake "Pool" + Same-Token Path

Loss · ~293,182 WINR (≥ $10,000 USD per the PoC header) drained from a victim's wallet

MixedSwapRouter lets a caller supply the pool[] array for a swap, and treats any contract that exposes a non-reverting fee()/token0()/token1()/swap() ABI as a valid "V3…

NORMIE Exploit — Phantom Self-Mint via the `premarket_user` Flag + `skim()` Recycling

Loss · ~$490K — the WETH/NORMIE pool's WETH reserve drained from 173.04 → 21.14 WETH (≈ 151.9 WE…

NORMIE is a meme token with an auto-liquidity / fee-distribution tax engine. Buried inside its _transfer is this branch (NORMIE.sol:906-912):

OSN Exploit — LP-Dividend Farming via Instant `setBalance`→`processAccount` Reward Payout

Loss · +1,757.97 USDT net to the attacker; ~12,163 USDT of sell-tax dividends siphoned into atta…

OSN is a "reflection / dividend" token: a 3.5% sell tax is swapped to USDT and distributed pro-rata to liquidity providers through a DividendTracker. A holder's dividend…

pNetwork `Burner` Exploit — Permissionless `convertAndBurn()` + Slippage-Free Kyber Trade → Sandwich

Loss · ~1.726 WETH (≈ $5–6K at the time) extracted from the Burner contract's fees + PNT/WETH po…

Burner is pNetwork's fee-burning helper: it accumulates protocol fees in various tokens (ETH, WBTC, USDT, …), and its convertAndBurn(tokens[]) swaps each of those into t…

Predy Finance Exploit — Permissionless Pair Registration + Lock-Settlement Bypass Drains the Shared Pool

Loss · ~$464K — 83.91 WETH + 219,585.74 USDC drained from the shared PredyPool

PredyPool is a single monolithic contract that custodies all assets for all trading pairs. Two design flaws compose into a free, single-transaction drain of the entire p…

RedKeys Game Exploit — Predictable On-Chain "Randomness" Lets the Player Always Win

Loss · ~$12K — house bankroll of the RedKeysGame contract drained in REDKEYS

RedKeysGame is an on-chain coin-flip casino. You call playGame(choice, ratio, amount), stake some REDKEYS, and if your choice matches the game's "random" _betResult you…

SATURN Token Exploit — `AutoNukeLP` Burns the Pool's Reserve on Every Sell

Loss · ~15 BNB — net 14.17 WBNB drained from the SATURN/WBNB PancakeSwap pair

Saturn is a "deflationary" token that, on any transfer into its own liquidity pair, burns SATURN tokens directly out of the pair's balance and then calls pair.sync() (co…

SCROLL Token Exploit — Uniswap `UniversalRouter` Drained via a `balanceOf == type(uint256).max` Trap Token

Loss · 76.36 WETH (≈ 76 ETH, ~$290K at the May-2024 ETH price) drained out of the SCROLL/WETH Un…

The Uniswap UniversalRouter is a stateless multicall router: it is intended to hold no funds between transactions, and its execute(commands, inputs) entry point is permi…

Sonne Finance Exploit — Empty-Market Exchange-Rate Inflation (CompoundV2 Donation Attack)

Loss · ~$724,290 USDC in this reproduced transaction; ~$20M total across the Sonne campaign on O…

Sonne Finance is a CompoundV2 fork. Each lending market (CErc20) prices its cToken against the underlying with the classic formula exchangeRate = (cash + totalBorrows -…

TCH Exploit — Signature-Replay Loophole + Pool-Reserve `_burn`/`sync()` Price Manipulation

Loss · ~$18,589 — 18,589.29 BUSDT skimmed from the BUSDT/TCH PancakeSwap pair

TCHtoken.burnToken() lets anyone present an off-chain ECDSA signature from an authorizedSigner to trigger a "deflation": it removes 0.4% of the pool's TCH balance and ca…

TGC Exploit — Broken Pledge-Reward Math Mints 113,000× the Stake

Loss · ~$29.6K (PoC, this block) / ~$32K reported — ≈29,729 USDT drained from the TGC/USDT Panca…

The TGC "pledge" contract lets a user stake TGC (joinPledge(amount), selector 0x836aefb0) and later claim accrued rewards (claim(), selector 0xfd5a466f). The reward form…

Trade On Orion (Orion Protocol BSC) Exploit — `redeemAtomic` Missing Position Check + Liability-Free `requestReleaseStake`

Loss · ~$645K — drained from the Orion Exchange vault as 498,921.92 ORN + 79.90 BNB + 62,444.73…

Orion's Exchange keeps an internal ledger of user balances as signed integers (mapping(address => mapping(address => int192)) assetBalances). A negative balance is allow…

TSURU Wrapper Exploit — Unprotected `onERC1155Received` Free-Mint Drains the LP

Loss · ~$140K — 137.904209005799603676 WETH drained from the TSURU/WETH Uniswap V3 pool

TSURUWrapper is an ERC-20 "wrapper" that is supposed to mint TSURU only when someone actually transfers in a backing ERC-1155 (or ERC-721) NFT. The minting logic lives e…

ATM Token Exploit — Forced Zero-Slippage Auto-Swaps Drained via `transfer` + `skim`

ATM is a "tax token" that, on every sell, takes a 3% fee in ATM into its own balance and then runs distributeCurrency() (Token.sol:1102). That routine sells the contract…

BigBangSwap Exploit — `sellRewardToken` Pays Out Against a Richer Pool Than the Seller Bought From

Loss · ~5,085 BUSD extracted from the protocol (≈ $5,085); attacker net profit ≈ 3,984.6 BUSD af…

BigBangSwap lets BGG holders "sell" their BGG to the protocol via sellRewardToken(amount) on the proxy 0xa45D43…. Internally the function:

BNBX Exploit — Unprotected Public `transferFrom` Drains Every Approver

Loss · ~5 BNB (~$2.8K at the time) — BNBX siphoned from every wallet that had approved the helpe…

Helper contract 0x389A…1C24 exposes a public, unauthenticated function (selector 0x11834d4c, one address argument) whose entire body is:

Chainge Finance Exploit — Arbitrary External Call in `MinterProxyV2.swap()` Drains Approvals

Loss · ~$200K across 12 tokens (USDT, SOL, AVAX, BabyDoge, FLOKI, ATOM, TLOS, IOTX, 1INCH, LINK,…

MinterProxyV2 is the cross-chain bridge "minter/vault" contract for Chainge Finance. Its swap() function is meant to take a user's input token, route it through an aggre…

FIL314 Exploit — Permissionless `hourBurn()` Crushes the Self-Contained AMM Reserve

Loss · ~14.08 BNB drained from FIL314's built-in BNB reserve (header reports "~14 BNB")

FIL314 is an ERC314-style token: instead of pairing with PancakeSwap, it embeds its own single-sided AMM inside the token contract. The "reserves" are two contract field…

GFA (Generation Finance Academy) Exploit — Permissionless `setReward` / `generateReward` Self-Mint

Loss · ~$14,697 — net 14,697.5 BUSD drained from the GFA/BUSD PancakeSwap pair

The GFA token has a "pawn-to-mine" reward system. Real users lock ("pawn") GFA via _toPawn, and the token's internal Reward bookkeeper records a future payout for them (…

GROKD Exploit — Permissionless `updatePool()` + `depositFromIDO()` Reward Pool Drain

Loss · ~129.8 BNB in this fork reproduction (~$72.7K at ~$560/BNB, Apr 2024); the live attack ac…

The GROKD project ran a MasterChef-style staking / IDO contract behind an ERC-1967 proxy. It is the GROKD token's LiquiditySharePool — the contract that receives the tok…

Hackathon Token Exploit — `sender == recipient == pair` Double-Credit Balance Inflation via `skim()`

Loss · ~$20,911 — 20,910.97 BUSD net profit (drained from the Hackathon/BUSD pair's BUSD reserve)

The Hackathon BEP20 token has a fee-on-transfer _transfer that splits behaviour into a BUY branch and a SELL branch — but it uses two independent if statements instead o…

Hedgey Finance Exploit — Dangling Approval to Attacker-Controlled `tokenLocker`

Loss · 1,303,910.12 USDC drained from the ClaimCampaigns contract in a single tx. Total Hedgey i…

ClaimCampaigns is a shared, multi-tenant escrow: many token projects deposit tokens into the same contract to fund their airdrop "claim campaigns." For locked/vesting ca…

Hoppy The Frog Exploit — Tax-Token Auto-Swap Reserve Manipulation

Loss · ~0.38 WETH profit to the attacker (PoC: 0 → 0.378824808020857200 WETH); the victim pool a…

Hoppy is a copy-paste "OpenZeppelin-style" meme tax token. On every taxed transfer it skims a fee into its own balance, and whenever a sell into the pair arrives while t…

MARS Exploit — Flash-Loan Reflection/Reserve Desync on a Fee-on-Transfer Pair

Loss · > $100K — the PoC nets ~14 WBNB of risk-free profit on a 350 WBNB flash loan, repeating a…

MARS is a reflection / fee-on-transfer token: every _transfer skims a tax and redistributes it as extra MARS balance to existing holders, including the liquidity pair. A…

NGFS (FENGSHOU) Exploit — Permissionless Privilege-Escalation Chain → Unlimited Mint

Loss · ~$95,902 reproduced in this PoC (one USDT-pool drain); ~$190K total across the USDT + WBN…

NGFSToken ships three "uniswap proxy" helper functions whose access checks form a bootstrap chain that any unprivileged caller can walk:

OpenLeverage (OPBorrowing) Exploit — Self-Liquidation Bad-Debt Drain via 1inch-Callback Price Manipulation

Loss · ~234,000 USD (per PoC header) — drained from the OpenLeverage OPBorrowing market #24 (WBN…

OpenLeverage's OpenLevV1.marginTrade() lets a caller supply arbitrary dexData that is executed by the DEX aggregator. When the dex id encodes the 1inch path (0x12aa3caf…

Pike Finance Exploit — Unguarded `initialize()` → UUPS Upgrade Hijack → ETH Drain

Loss · 479.39 ETH (≈ $1.58M at April 2024 prices). The PoC header's "$1.4M" total aggregates bot…

Pike Finance's custodial proxy is a UUPS-style upgradeable proxy whose initialize(owner, wNative, uniswapHelper, token, swapFee, withdrawFee) function lacked an effectiv…

Rico / Ricobank Exploit — Arbitrary-Target `flash()` Drains the Bank's Reserves

Loss · ~$36K — every token the BankDiamond held was drained (10,375.58 USDC + 2,478.24 ARB + 69.…

Ricobank's flash-loan entry point, Vat.flash(address code, bytes calldata data) (src_vat.sol:286-300), does:

SATX Exploit — Permissionless `destroyPoolToken()` Reserve Manipulation + `skim()` Drain

Loss · ~49.34 WBNB (≈ $28K at the time) drained from the SATX/WBNB PancakeSwap pair

SATX is a tax/deflation token whose _transfer override calls destroyPoolToken() (SATX.sol:949-957) every time any holder transfers SATX to the liquidity pair (_isPairs[t…

SQUID Token Exploit — Permissionless 1:1 V1→V2 Migration + Public `sellSwappedTokens` Drain

Loss · ~$87K — 147.56 WBNB net profit extracted (10,000 WBNB flash-borrowed, repaid)

SquidTokenSwap is a "trustless" V1→V2 migration contract (contracts_SquidV1toSquidV2TokenSwap.sol). It offers two public functions:

Sumer Money Exploit — Reentrancy via `repayBorrowBehalf` Refund Inflates the ETH cToken Exchange Rate

Loss · ~$350K — 310,570.85 USDC + 10.877 cbETH (~$3,490 at ETH≈$3,377) taken from Sumer's markets

Sumer Money is a Compound-v2 fork on Base where the Ether cToken (CEther/sdrETH) reimplements repayBorrowBehalf. To refund overpayments it calls msg.sender.call{value: r…

Unverified Contract `0x00C409` Exploit — Manipulable AMM Callback Drains WETH Reserves

Loss · ~18.27 WETH (≈ $56K at late-April-2024 ETH prices)

The unverified contract at 0x00C409…003b exposes a Balancer-style swapExactAmountIn-like entrypoint (selector 0xba381f8f) but, instead of reading pool reserves and prici…

UPS (UtopiaSphere) Exploit — Sell-Side `_swapBurn` Drains the LP Pair via `skim`

Loss · ~$28,147 USDT drained from the UPS/USDT PancakeSwap V2 pair (the PoC comment reports ~$28…

UPS._update overrides ERC20 so that every sell into the pair (i.e. any transfer where to == pairAddress) silently calls _swapBurn(amount - fee), which does:

WSM Presale Exploit — Spot-Oracle Price Manipulation in `buyWithBNB()` via Flash-Loan Pool Crash

Loss · ~2,517,438 WSM (≈ $18K at the time) — tokens minted/transferred from the presale contract…

PresaleBSCV5.buyWithBNB() prices the WSM it sells with fetchPrice() (PresaleBSCV5Flat.sol:897-903), which calls Uniswap V3's Quoter.quoteExactOutputSingle() on the live…

XBridge Exploit — Permissionless `listToken()` Hijacks Token Ownership Then Drains Bridge Reserves

Loss · ~$1.6M total (ETH + STC + SRLTY + Mazi tokens held by the bridge)

XBridge is an upgradeable cross-chain bridge whose vault holds tokens that legitimate listers have deposited. The ownership of each token — i.e. who is allowed to call w…

YIEDL SpotVault Exploit — Zero-Share `redeem()` Token-Drain via Attacker-Controlled Swap Routing

Loss · ~127.48 BNB (≈ $77K at the time) drained from the YIEDL SpotVault portfolio

YIEDL's SpotVault.redeem() lets the caller pass an arbitrary bytes[] calldata dataList, then blindly forwards each entry to the trusted 1inch AggregationRouterV5 via fun…

Yield Protocol Strategy Exploit — Live-Balance `burn()` Donation Inflation

Loss · PoC realizes 95,158.56 USDC (~$95.2K) from a single 400K-USDC flash-loan cycle; the live…

Yield Protocol's Strategy vault (sources/Strategy_3b4FFD/.../Strategy.sol) issues ERC20 strategy shares against pool tokens (LP tokens of a YieldSpace pool). When a hold…

Z123 (SesameCloudToken) Exploit — Custom-Router `update()` Pool-Burn Arbitrage

Loss · ≈ 135,290 USD (BSC-USD, a.k.a. USDT) drained from the Z123/USD PancakeSwap V2-style pair

SesameCloudToken (ticker Z123) exposes an onlyMinter-gated update(address pair, uint256 amount) function (SesameCloudToken.sol:413-415) that does _transfer(pair, 0x…dEaD…

ALP (ApolloX) Exploit — Public `_swap()` Drains the Portfolio Vault's LP Tokens

Loss · ~$10,611 USDT (10,610.966044 USDT) — the vault's full ALP position, cashed out at market

StableCoinVault is an ERC4626-style "portfolio" vault that holds LP positions (here ApolloX ALP). Its internal helper _swap(tokenForSwap, aggregatorData) is the function…

ARK Exploit — Public, Rate-Limit-Free `autoBurnLiquidityPairTokens()` AMM Reserve Drain

Loss · ~377.20 WBNB (~$130K at the time) drained from the ARK/WBNB PancakeSwap pair

ARK is an 18-decimal ERC-20 whose "auto-nuke LP" routine, autoBurnLiquidityPairTokens() (AbsToken.sol:776-786), is public and has no access control and no rate-limit che…

BBT Exploit — Permissionless `setRegistry()` + `mint()` Infinite-Mint Drain

Loss · 5.063858 ETH (~$17.2K at March 2024 ETH) drained from four Uniswap-V2 pools holding BBT/B…

BBToken (BBT) is an ERC-20 whose mint(address,uint256) is supposed to be callable only by authorized protocol modules — it checks that msg.sender == registry.getContract…

Binemon (BIN) Exploit — Permissionless `sweepTokenForMarketing()` Price-Manipulation Arbitrage

Loss · ~0.2 BNB (PoC-reproduced: +0.207952 WBNB). Real on-chain value extracted is small; the ve…

Binemon is a fee-on-transfer token that accrues a sell-fee pile of BIN inside its own contract (_transfer sends the 5% sell fee to address(this), Binemon.sol:1197-1208).…

Curio Governance Token (CGT) Exploit — DAO Governance Takeover via Fake `DSChief` Vote + Timelocked `vat.suck` / `DSToken.mint`

Loss · Unauthorized mint of 1,000,000,000 CGT (≈ the entire intended supply) + 1,000,000,000 DAI…

Curio reused MakerDAO's governance primitives (DSChief voting + DSPause timelock) but backed DSChief voting weight with CGT, a token that had essentially no liquid marke…

ETHFIN Exploit — Permissionless `doBuyback()` Buyback-Pot Drain via Holder-Count Manipulation

Loss · ~2.13 BNB (~$1.24K) — drained from ETHFIN's on-contract BuybackPotBNB reserve

EthernalFinanceII.doBuyback() (EthernalFinanceII.sol:1940-1974) is declared public with no access control. It is supposed to be an internal maintenance routine that the…

GHT Exploit — Permissionless `transferFrom` Drains the Uniswap V2 Pair

Loss · ~$57K — 15.4386 WETH drained from the GHT/WETH pair

GHT is an ERC404 token (ERC20 + ERC721 hybrid) deployed behind an ERC1967 proxy. Its transferFrom(from, to, amount) implementation does not enforce the spender allowance…

IntrospectionToken (IT) Exploit — Inflationary Repricing Mint Drains the IT/USDT Pancake Pair

Loss · ~13,357 USDT (≈ $13.4K) drained from the IT/USDT PancakeSwap V2 pair

IntrospectionToken tries to defend its USDT price by minting free IT to the liquidity pool whenever someone buys IT out of the pool (mintToPoolIfNeeded, BEP20.sol:380-41…

JuiceStaking Exploit — Uncapped `stakeWeek` Bonus Multiplier Inflation

Loss · ~30.086 ETH (~$54K at the time), minted to the attacker as 332,238 JUICE and dumped into…

JuiceStaking.harvest() pays a staker pending + bonus, where bonus is computed as pending (stakingWeek - 1) 9 / 100 (contracts_JuiceStaking.sol:140). The stakingWeek valu…

LavaLending Exploit — WrapperOracle Price-Depeg Lets Manipulated LP Drain the Aave Pool

Loss · ~$340K — ~234K stablecoins (USDC + USDCe + USDT) + 20.33 WETH + 8.53 wstETH drained from…

LavaLending is an Aave-v3 fork on Arbitrum that lists a UniV3-wrapped USDC/USDCe LP token (USDC_USDC_LP at 0x10bdA0…) as collateral. Its value is supplied to the lending…

MO Token Exploit — Self-Recycling Borrow Burns Pool Reserves to Inflate `price()` and Drain USDT

Loss · ~572,316 USDT (~$572K) extracted from the Loan contract + the MO/USDT pair

The Loan contract prices its borrows off the live MO/USDT Uniswap-V2 pair via price() (contracts_Loan.sol:177-185). But every borrow() burns 90% of the borrowed MO direc…

ParaSwap AugustusV6 Exploit — Callback Hijack Drains Pre-Approved User Tokens

Loss · ~$24K (whitehat-recovered). PoC demonstrates the mechanism by siphoning 21,382.11 OPSEC w…

AugustusV6 implements Uniswap V3's uniswapV3SwapCallback as a public function with no access control at the entry point. Internally it only checks that the pool which ca…

Prisma Finance Exploit — Unauthorised `MigrateTroveZap` Flash-Loan Callback Drains Trove Collateral

Loss · ~$11M total on-chain; this PoC demonstrates the per-trove primitive (~1.282 wstETH ≈ $5.3…

MigrateTroveZap is a thin wrapper meant to let a Prisma borrower migrate their own trove between two TroveManagers for the same collateral. It implements the ERC-3156 on…

SSS Exploit — Self-Transfer Balance-Doubling Lets Attacker Mint Phantom SSS and Drain the WETH Pool

Loss · ~$4.8M — 1,393.21 WETH drained from the SSS/WETH Thruster pair

The SSS token overrides ERC-20's _update so it can apply buy/sell tax, but it writes the recipient balance from a stale snapshot taken before the sender side was debited:

TGBS Exploit — Repeated Permissionless Pool Burns via Self-Transfer Draining the TGBS/WBNB Pair

Loss · ~$150K — 366.806 WBNB drained from the TGBS/WBNB PancakeSwap pair

TGBS is a tax-on-transfer token whose _transfer hook calls _burnPool() on every non-exempt, non-swap-pair transfer (contracts_tgbs.sol:903-906). _burnPool() destroys 0.3…

Unizen "UnizenIO2" Exploit — Arbitrary-Call `TradeAggregator.swap` Token Theft

Loss · ~$2.1M — 83,222.657 VRA plus residual balances of ~30 other tokens drained across the cal…

Unizen's TradeAggregator.swap(Info info, Call[] calls) (selector 0x1ef29a02) is the on-chain backend that the Unizen front-end uses to settle a user's quote. A legitimat…

Unizen Exploit — Arbitrary `call` in the Unizen Aggregator Drains Any User Who Approved It

Loss · ~$2.1M total across the attacker's transactions; this PoC reproduces one such tx, drainin…

Unizen's aggregator proxy exposes a swap(bytes, bytes) entry point (0x1ef29a02) that lets the caller embed arbitrary calldata under a "route" field. The aggregator blind…

WooFi (WooPPV2) Exploit — Slippage-Model Price Collapse Drain

Loss · ~$8M (≈ 522.3 WETH + 141,603 USDCe extracted net)

WooFi's WooPPV2 is a single-pool, oracle-priced swap venue. Every swap writes the trade's implied new price back into the Wooracle via postPrice(base, newPrice) (contrac…

ZongZi / ZZF Exploit — Manipulated-Price Reward Drain via `burnToHolder` + `receiveRewards`

Loss · ~$223K — 383.44 WBNB stolen from the ZONGZI token contract's BNB reserve

ZZF is a "burn ZONGZI tokens, receive BNB" reward contract. Its burnToHolder(amount) converts the burn size into BNB by calling the router's getAmountsOut(amount, [ZongZ…

ADC Exploit — Permissionless `calcStepIncome()` Drains the MainPool

Loss · ~18.1 ETH (attacker funded 18 ETH, walked away with 36.1 ETH) — DeFiHackLabs tags it "~20…

ADC is a "join-the-game-to-earn" Ponzi-style dApp. Users buy an ADC token via Ticket.buyADC(), then deposit ETH into MainPool.joinGame() to become a player. Players are…

Affine DeFi LidoLevV3 Exploit — Flashloan-Triggered `upgradeTo` Drains All Aave Collateral

Loss · 33.699 aEthwstETH (~$115K at the time) — the strategy's entire remaining Aave collateral

LidoLevV3 uses Balancer flashloans internally to rebalance and to migrate assets to a new strategy on upgrade. The Balancer callback receiveFlashLoan (LidoLevV3.sol:82-1…

Babyloogn Exploit — Permissionless Airdrop Drain via Zero-Value NFT "Stake"

Loss · ~2.24 WBNB (≈ $700 at the time) — drained from the Babyloogn/WBNB PancakeSwap pair

The Babyloogn project shipped an "airdrop" contract whose claim function (0xfbe81135) hands out 285 Babyloogn per call to any caller who (a) has approved the Airdrop as…

Blueberry Protocol Exploit — Oracle Decimal Mismatch Enables ~$1.4M Under-Collateralized Borrow

Loss · ~$1,375,900 in borrowed assets (8,616 OHM, 913,262 USDC, 6.866 WBTC) taken against ~$2,98…

Blueberry's money market is a Compound v2 fork. The Comptroller's getHypotheticalAccountLiquidityInternal values a borrow as oraclePrice borrowBalance and collateral as…

BurnsDeFi / BurnsBuild Exploit — Spot-AMM Price-Oracle Manipulation in `burnToHolder`

Loss · ~$67K — ~31.15 BNB drained from BurnsBuild plus ~64,310 BUSDT + ~56,299 Burns tokens sent…

BurnsBuild.burnToHolder(amount, invitation) lets a user "burn" Burns tokens and, in exchange, receive BNB from the contract. The amount of BNB the user is owed is comput…

Compound v2 cUNI Exploit — Stale-Oracle Discount Borrow (Open Oracle `UniswapAnchoredView`)

Loss · ~$439,537 in bad debt created across the Compound v2 cUNI market (this PoC demonstrates t…

Compound v2 prices cTokens via the Open Oracle UniswapAnchoredView (contracts_Uniswap_UniswapAnchoredView.sol:132-143). That contract stores a per-symbol prices[symbolHa…

DeezNutz (DN404) Exploit — Self-Transfer Balance Inflation in a Reflection-Fork of DN404

Loss · ~$170K — 47.14 WETH of genuine pool liquidity drained

DeezNutz is a fork of Vectorized's DN404 (hybrid ERC-20/ERC-721) that bolts a SafeMoon-style reflection accounting layer on top. The reflection layer rewrites the core _…

DN404 Exploit — Unguarded `init()` Lets Anyone Re-init a Vesting Proxy and Drain Its Tokens

Loss · ~169,577 USDT (~$170K) — realized by dumping the stolen 685,000 FLIX into the FLIX/USDT p…

The LinearVesting contract is deployed behind an OpenZeppelin TransparentUpgradeableProxy. Its init(initToken, initPeriods, initInterval) function — the one that sets to…

DualPools Exploit — Donation-Inflated Exchange Rate Lets 2 wei of dLINK Borrow the Whole Pool

Loss · ~$41,893 — assets borrowed across 5 DualPools markets (50.07 WBNB, 0.1716 BTCB, 3.99 ETH,…

DualPools is a Venus/Compound fork. Each money-market token (dLINK, dWBNB, …) prices its own shares with the classic Compound formula exchangeRate = (cash + totalBorrows…

EGGX Exploit — ERC404 Flash-Mintable NFTs Drain a Per-NFT Token Airdrop

Loss · 1.9878 WETH (~2 ETH) net to the attacker — paid out of the EGGX per-NFT airdrop reserve a…

EGGX is an ERC404 token: balances and NFTs are coupled. Every _getUnit() = 10000 1018 of fractional balance corresponds to exactly one NFT, and NFTs are minted/burned au…

GAIN (GainOS) Exploit — Path-Dependent `balanceOf` Rebase Bug Drains the AMM Reserve

Loss · ~6.4329 WETH (≈ 18 ETH per the PoC header / SlowMist; the on-chain fork drains the single…

GAIN is a "gamified rebasoor." Every holder is secretly placed on one of two teams — SideA or SideB — and a holder's reported balance is computed with a different diviso…

Game (TheGame / Anciliainc) Exploit — Reentrancy + Stale `bidEther` Refund in `makeBid()`

Loss · ~20 ETH (on-chain). The extracted PoC scales the seed capital to 0.6 ETH and turns it int…

Game's auction lets anyone outbid the current high bid via makeBid(). When a new bid arrives, the contract first refunds the previous high bidder their full bidEther and…

MINER (ERC-X / ERC404-style) Exploit — Fractional-Transfer NFT Mint/Burn Asymmetry Drains the Uniswap V3 Pool

Loss · ~$140 ETH reported by the original disclosure; the reproduced PoC at this fork block nets…

MINER is an "ERC-X" hybrid (the same family as ERC-404): one contract that is simultaneously an ERC-20 and an NFT collection. Every tokensPerNFT = 1e18 units of the ERC-…

MINER (ERC404) Exploit — Self-Transfer Balance Inflation via `skim()`

Loss · ~3.5 WBNB (≈ the entire WBNB side of the MINER/WBNB pool)

MINER is an "ERC404"-style hybrid that keeps both an ERC20 ledger (_balances) and an ERC1155/721 NFT ledger, minting/burning NFTs as a holder's ERC20 balance crosses who…

Pandora's Nodes 404 Exploit — `transferFrom` Allowance Underflow Lets Anyone Move Tokens Out of the Pool

Loss · ~$17,000 — 7.548 WETH drained from the BLOCK/WETH Uniswap V2 pair

PandorasNodes404 is an early ERC404 token (the experimental "mixed ERC20/ERC721" standard). Its transferFrom (contracts_ERC404.sol:206-259) has a fatal authorization hol…

Particle Trade Exploit — Forged-Lien `accountBalance` Mint via `onERC721Received`

Loss · ~50.1 ETH per draining lien (PoC withdraws 50.126827091960426151 ETH); the live incident…

ParticleExchange is an NFT margin-trading / lending protocol. To save users a separate setApprovalForAll, it overrides onERC721Received so that an NFT transfer can piggy…

RuggedArt (RuggedMarket) Exploit — Reentrant `targetedPurchase` Buys NFTs With Self-Staked Collateral

Loss · ~1.024 WETH (≈ $3.5K at the time) drained from the RUGGED/WETH Uniswap V3 pool

RuggedMarket.targetedPurchase(tokenIds, swapParam) (src_Market.sol:277-289) is meant to: take ETH from the caller, swap it for RUGGED via the Uniswap Universal Router, a…

Seneca Protocol Exploit — Arbitrary External Call Abuses User Approvals

Loss · ~$6.4M total (all users who had approved a Seneca Chamber). PoC drains one victim: 1,385.…

Seneca's Chamber lending contract exposes a generic batch executor, performOperations(actions, values, datas) (contracts_Chamber2.sol:408-485). One of the supported acti…

SMOOFS Staking Exploit — Reentrant `Withdraw()` Drains the Reward-Token Pool via `safeTransferFrom` Callback

Loss · The attacker walked away with a net +4,350 MOOVE in this PoC slice (52,850 → 57,200 MOOVE…

SMOOFSStaking.Withdraw() returns a staked NFT to the caller with nftCollection.safeTransferFrom(address(this), msg.sender, _tokenId) and only afterwards pays out the car…

Swarm Markets (XToken) Exploit — Public `mint()` / `burnFrom()` Mint-and-Unwrap Drain

Loss · ~$7,733 — 7,729.32 DAI + 3.516232 USDC drained from the XTokenWrapper

Swarm Markets wraps real ERC20 collateral (DAI, USDC) into 1:1 "xTokens" through an XTokenWrapper. The wrapper is the sole intended minter: wrap() pulls in the underlyin…

ZoomerCoin Exploit — Spot-Priced Upfront Staking Reward Drained via AMM Price Manipulation

Loss · ~14.39 ETH — drained from the ZOOMER staking contract's ETH balance (4 successful claims…

The ZOOMER staking contract at 0x9700204D… exposes a deposit function (selector 0x72c4cff6(address token, uint256 amount)) that, at the moment of deposit, values the dep…

Abracadabra / MIM Spell V2 Exploit — `repayForAll` Rebase De-sync + Rounding-Up Debt Inflation

Loss · ~$6.5M — attacker walked off with 349,003.46 MIM + 1,807.68 WETH (post-laundering balance…

Abracadabra's CauldronV4 tracks all borrower debt in a single BentoBox-style Rebase struct, totalBorrow { uint128 elastic; uint128 base; } (CauldronV4.sol:89). elastic i…

Barley Finance Exploit — Flash-Loaned Collateral Double-Counted as `bond()` Deposit

Loss · ~$130K — 52.13 WETH (drained 7,876,244 BARL from the wBARL index, swapped via DAI to WETH)

wBARL is a "podded" index token: you bond() underlying BARL into it and receive wBARL share tokens 1:1 (minus a 1% fee); you debond() your wBARL to redeem a pro-rata sli…

Bridge Mutual `BMIZapper` Exploit — Arbitrary External Call Drains Pre-Approved User Funds

Loss · 114,146.247097 USDC (~$114K) drained from a single victim

BMIZapper.zapToBMI() lets a caller pass an arbitrary _aggregator address together with an arbitrary _aggregatorData byte string. Deep in the conversion path, the zapper…

Citadel Finance Exploit — Spot-Price Oracle Manipulation in `CitadelRedeem.redeem()`

Loss · ~$93K total across several redeem txs; this PoC reproduces one redeem netting ≈ 21.33 WET…

CitadelRedeem.redeem() lets a staker burn their redeemable CIT and receive an equivalent amount of the treasury's WETH. To convert "CIT worth $X" into "amount of WETH",…

DAO SoulMate Exploit — Permissionless `redeem()` Drains the DAO's SetToken Basket

Loss · ~$319K — the full underlying basket of an 18-token Set (USDC, DAI, WETH, UNI, AAVE, MATIC…

The "SoulMate" DAO contract owns 2,786.53 BUI — units of a Set Protocol index token (BUI) that is collateralized by a basket of 18 blue-chip ERC20s held inside the SetTo…

Freedom (FREE / FREEB) Exploit — Slippage-less Treasury Buy at an Attacker-Manipulated Price

Loss · ~74.15 WBNB (≈ the BNB the FREEB "market-cap" contract wasted buying FREE high)

FREEB is the "market-cap management" sidekick of the FREE token. It holds BNB in its own treasury and exposes a permissionless buyToken(uint256 listingId, uint256 expect…

Gamma Strategies (UniProxy / Hypervisor) Exploit — Spot-Price Vault-Share Inflation

Loss · ~$6.3M across Gamma's affected Hypervisors (multiple vaults drained in the incident). Thi…

Gamma's Hypervisor is an automated Uniswap-V3/Algebra liquidity-manager. Users deposit token0+token1 through UniProxy.deposit; the proxy asks Clearing.clearDeposit to va…

LQDX / LiquidXv2Zap Exploit — Arbitrary-`account` `deposit()` Spends Anyone's Approval

Loss · Every WETH (or any token) a user has approved to the Zap is spendable by anyone. This PoC…

LiquidXv2Zap.deposit() lets the caller pass an arbitrary account address and then pulls funds from that account via safeTransferFrom (contracts_LiquidXv2Zap.sol:397-440):

MIC Token Exploit — LP-Fee Distributor Pays the Same LP Tokens Over and Over

Loss · ~$500K cumulative on-chain (SlowMist); the forked single-tx PoC recovers 1,876.86 BUSDT n…

MICToken accrues a "LP fee" in amountLPFee (a slice of every buy's volume). Anyone can call the public swapManual(), which calls swapAndSendLPFee(msg.sender). That funct…

NBLGAME (NblNftStake) Exploit — ERC721 `onERC721Received` Reentrancy Double-Withdraw

Loss · ~$180K — 164,967.66 USDT + 6.90 WETH extracted (the stake contract's entire 1,773,100,000…

NblNftStake.withdrawNft() returns a slot's staked NFT and staked NBL to the caller, but it performs the asset transfers before it clears the slot's stored amounts (NblNf…

Orbit Chain Bridge Exploit — Forged Validator Signatures Drain the ETH Vault

Loss · ~$81.5M total across 5 assets (ETH, WBTC, USDT, USDC, DAI). This PoC reproduces the WBTC…

Orbit Bridge mints/releases assets on the destination chain only after a quorum of validator signatures is presented to the vault's withdraw(). The ETH vault verifies th…

Peapods Finance Exploit — Free Index-Token Mint via `flash()` + `bond()` Self-Collateralization

Loss · ~$1K (PoC extracts 0.1256 WETH + dust; protocol's PEAS backing siphoned, index ppPP suppl…

DecentralizedIndex (the base of every Peapods pod, here the WeightedIndex instance "ppPP") exposes a fee-only flash loan of its own underlying index asset — flash() (con…

Radiant Capital Exploit — Empty-Market `liquidityIndex` Inflation + `rayDiv` Rounding Drain

Loss · ~$4.5M total across markets; this PoC realizes 90.055 WETH (≈ the WETH borrowed against a…

Radiant is an Aave-V3 fork. Each reserve tracks a liquidityIndex (a RAY-scaled, 1e27 share price): a depositor's true balance is scaledBalance · liquidityIndex / RAY, an…

SHELL MEV-Bot Drain — Permissionless Arbitrage Function with Attacker-Chosen Recipient

Loss · ~$1,000 (≈ 1,250 BUSD of the victims' stablecoin balances; SlowMist lists ~$1K). Two MEV-…

Two BSC MEV/arbitrage bots ("Robot1", "Robot2") expose a permissionless function with selector 0x5f90d725. The bot owners had pre-approved the bots to spend their BUSD a…

Socket Gateway Exploit — Arbitrary `call` in `WrappedTokenSwapperImpl` Drains User Approvals

Loss · ~$3.3M across all approved users (multi-victim sweep). The PoC reproduces a single victim…

SocketGateway is a router whose executeRoute(routeId, routeData) blindly delegatecalls into the route implementation at routes[routeId] (src_SocketGateway.sol:87-102). A…

Wise Lending — Lending-Share Price Inflation via Deposit/Withdraw Rounding Asymmetry

Loss · ~$464,000 (live incident, multiple drained pools)

WiseLending is a share-based money market. Each lending pool tracks two numbers — a token accumulator pseudoTotalPool and a share accumulator totalDepositShares — and th…

Wise Lending Exploit — Lending-Share Price Inflation via Rounding Asymmetry + Bad-Debt Donation

Loss · ~$464K — ~73.50 WETH + 93.79 wstETH + ~469.4 LPT (Pendle wstETH LP) drained from the pool

WiseLending is a pooled lending market where each pool tracks two scalars, pseudoTotalPool (the underlying owed to all lenders) and totalDepositShares (the receipt share…

XSIJ (GGGTOKEN) Exploit — Repeatable, Un-reset `autoBurnLiquidityPairTokens()` Pool Drain

Loss · ~51,722.57 USDT (≈ $51.7K) drained from the XSIJ/USDT PancakeSwap pair

GGGTOKEN (XSIJ) is a meme/fee token with an "auto-nuke LP" mechanic. Whenever someone sells XSIJ into the pair, _transfer checks a state variable removePoolAmount and, i…

BCT Token Exploit — Self-Funding Referral-Reward Drain of the Promotion Pool

Loss · ~10.15 BNB profit to attacker (drained from the BCT promotion-reward pool, monetized via…

BCT is a "DeFi tokenomics" ERC20 with a multi-level marketing (MLM) referral system. On every buy or sell routed through its liquidity pair, the token pays referral bonu…

BEARN/Bvaults `convertDustToEarned()` Exploit — Permissionless, Slippage-Free Dump of a Strategy's "Dust" Balance

Loss · ~$769K — attacker walked away with 761,101.18 BUSD + residual WBNB (~$10K) after fully re…

BvaultsStrategy is an Alpaca-yield "auto-compound" strategy. Its housekeeping routine convertDustToEarned() is meant to mop up leftover want tokens (BUSD) by swapping th…

BOBO_BOY (BOB) Exploit — Broken `_transfer` Fee Branches Desync Pool Reserves

Loss · ~3.008 BNB profit drained from the BOB/WBNB PancakeSwap pair (PoC header: "~3 BNB")

BOBO_BOY is a fee-on-transfer token whose _transfer (BOBO_BOY.sol:470-503) splits its fee logic into two independent if blocks — one for isMarket(from) (a "buy"), one fo…

bZx / Fulcrum `iToken` Exploit — Empty-Pool Share-Price Inflation (ERC4626-style Donation Attack)

Loss · ~$208K — drained the iETH, iWBTC (and other) Fulcrum lending pools

A Fulcrum iToken is a yield-bearing lending share, priced as tokenPrice = underlyingHeld * 1e18 / totalSupply (LoanTokenLogicStandard.sol:848-860). When totalSupply and…

CCV Exploit — Permissionless Treasury-Proxy Forced Liquidation Sandwich

Loss · ~3,207.63 BUSD drained from two protocol-owned treasury proxies via a sandwiched forced s…

The CCV protocol parks its working liquidity in two upgradeable proxy contracts:

Channels Finance Exploit — Compound-Fork Exchange-Rate Inflation via Donated Underlying

Loss · ~$320,000 across 7 markets (WBNB, BUSD, USDT, USDC, DAI, ETH, BTCB)

cCLP_BTCB_BUSD is a Channels Finance money-market backed by the PancakeSwap BTCB/BUSD LP token as its underlying. Like every Compound-v2 cToken, its exchange rate is

Channels Finance Exploit — cToken Exchange-Rate Inflation via Direct LP Donation + LP-Oracle Manipulation

Loss · ~$4.4K — attacker walked away with 1,283.97 BUSD + 3,128.84 USDC (≈ $4.41K) of pool liqui…

Channels Finance is an unverified Compound v2 fork on BSC. One of its markets, cCLP_BTCB_BUSD (0x9379…8F4C), accepts a PancakeSwap BTCB/BUSD LP token as collateral and p…

DominoTT Exploit — thirdweb `Multicall` + `ERC2771` `_msgSender()` Spoofing Burns the Pool's Tokens

Loss · ~4.84 WBNB net profit to the attacker (≈5 WBNB drained from the DominoTT/WBNB pair); fund…

"DominoTT" is a thirdweb TokenERC20 — an off-the-shelf ERC20 that bundles three features that compose into a critical hole:

Elephant Money (ElephantStatus) Exploit — Spot-Price Oracle Manipulation of `sweep()`

Loss · ~$114K — 114,385.96 BUSD extracted (PoC). DeFiHackLabs header cites ~$165K total across t…

Elephant Money runs a "bonding/treasury" mechanism (the ElephantStatus contract behind Elephant.sweep()). Periodically — and permissionlessly — anyone can call sweep().…

FCN-TRUST Staking Exploit — Unverified Staking Contract Pays Unbounded FCN Rewards Drained Through a Pre-Inflated FCN/BUSDT Pool

Loss · ~$500K — the FCN/BUSDT PancakeSwap pool's ~512,963 BUSDT reserve was drained

The FCN-TRUST staking contract at 0x431Abb… (deployed unverified) lets users "stake" by burning tiny amounts of four project tokens (KLEN, TRUST, MDAO, FCN) and then cla…

Floor Protocol Exploit — Permissionless `extMulticall()` Drains User-Approved NFTs

Loss · ~$1.6M total across all victims (BAYC, MAYC, Pudgy Penguins, …). This PoC reproduces one…

Floor Protocol ("Flooring Lab") fractionalises blue-chip NFTs. To deposit, users setApprovalForAll on the FlooringPeriphery contract so it can pull their NFTs into the p…

GoodDollar `GoodCompoundStaking` Exploit — Slippage-Free COMP Reward Swap into a Pre-Manipulated Pool

Loss · ~$13K — 250.63 COMP extracted (attacker COMP balance 7.42 → 258.05)

GoodDollar's GoodCompoundStaking contracts earn COMP from supplying assets to Compound. When interest is harvested, the staking contract sells its entire COMP reward bal…

GoodDollar Exploit — Unvalidated `collectInterest` Staking-Contract Callback → Reentrant Bonding-Curve Drain

Loss · ~$2M — drained from the GoodDollar reserve as 625,140.23 DAI + 10,213,394,832.90 G$ (Good…

GoodDollar's GoodFundManager.collectInterest(address[] _stakingContracts, bool _forceAndWaiverRewards) is a permissionless keeper function that loops over a caller-suppl…

HNet Exploit — ERC-2771 + Multicall `_msgSender()` Spoofing Burns the Pool's Tokens

Loss · ~2.4 WBNB drained from the HNet/WBNB pool in the live attack (~$550 at ~$230/WBNB). This…

HNet is a clone of thirdweb's TokenERC20 preset. That preset inherits both ERC2771ContextUpgradeable (meta-transaction support) and MulticallUpgradeable (TokenERC20.sol:…

HYPR Exploit — Uninitialized `L1StandardBridge` Proxy → Cross-Domain Messenger Spoof → Bridge Drain

Loss · ~$200,000 — 2,570,000 HYPR drained from the project's L1 standard bridge

HYPR deployed an OP-Stack L1StandardBridge behind a legacy L1ChugSplashProxy, but the proxy was never initialized. The bridge implementation's initialize(CrossDomainMess…

KEST (KEKESANTA) Exploit — Fee-on-Transfer Reserve De-Sync + `skim()` Pool Drain

Loss · ~$2.3K — 9.295 WBNB drained from the KEST/WBNB PancakeSwap pair (attacker net profit 9.11…

KEKESANTA (KEST) is a deflationary BEP-20 that charges a 2% fee on every buy and sell against its own PancakeSwap pair. Crucially, the fee is applied to the recipient cr…

MAMO (Matmo) Exploit — Permissionless Mint via Whitelisted `BuyToken` → `giveawayOne`

Loss · ~$3.3K — attacker netted 5.7958 WBNB + 95,000,000 MAMO; the MAMO/USDT pair was drained of…

The MAMO token exposes two mint-like functions, giveaway() and giveawayOne() (MAMO.sol:329-382), that emit Transfer(0x0, addr, amount) and credit a "treasury" balance fo…

NFTTrader Exploit — Reentrancy via `editCounterPart()` During Swap Settlement

Loss · ~$3M total across victims (per hacked.slowmist.io); this PoC drains 5 CloneX NFTs from on…

NFTTrader is a peer-to-peer NFT swap escrow. A user creates a swap intent listing the NFTs they offer (nftsOne) and the NFTs they expect from a counterpart (nftsTwo), an…

PHIL (PhilC) Exploit — Public, Unrestricted `simpleToken()` Mint Drains the AMM Pool

Loss · ~2.0987 WBNB (~$510 at the Dec-2023 BNB price) drained from the PHIL/WBNB PancakeV3 pool

PHIL exposes a public, parameter-less function simpleToken() that mints the entire initial token supply — 120,000,000 PHIL — directly to msg.sender, with no access contr…

Pine Protocol Exploit — Shared-Vault `flashLoan` Invariant Bypassed by Cross-Pool `repay()`

Loss · ~$90K total (per hacked.slowmist.io); the PoC reproduces the drain of NFT id 3324 alone —…

Pine Protocol runs two NFT lending pools (an "old" ERC721LendingPool02 and a "new" one) that share the same lender vault (_fundSource = 0xc490…037e, a Gnosis Safe). Each…

Telcoin Exploit — Uninitialized `CloneableProxy` Hijacked via Public `initialize()`

Loss · ~$1.24M total across the incident; 6,018,296.75 TEL drained from this one proxy clone in…

Telcoin deployed a fleet of upgradeable CloneableProxy contracts as EIP-1167 minimal clones that forward all calls to a shared logic contract 0x10d0…E853. That logic exp…

TIME (ChronoTech) Exploit — ERC-2771 + Multicall Arbitrary `_msgSender()` Spoofing → Pool-Reserve Burn

Loss · ~84.59 ETH (≈ $185K at the time) — gross +89.51 WETH drained from the TIME/WETH Uniswap-V…

The thirdweb TokenERC20 is both an ERC-2771 meta-tx recipient (it trusts a Forwarder and reads the transaction's logical sender from the last 20 bytes of calldata) and a…

Transit Finance (TransitSwap V5) Exploit — Forged "Pool" in `exactInputV3Swap` Drains Router-Held Funds

Loss · ~$43,841 — 43,841.87 USDT held by the router, swapped out as 173.907 BNB to the attacker.…

TransitSwapRouterV5.exactInputV3Swap() lets the caller pass an arbitrary list of "pools" (params.pools[]). For each entry the router (1) reads token0()/token1()/fee() of…

"bot" / MEV-bot Router Exploit — Permissionless, Zero-Slippage Forced Swaps + Sandwich Drain

Loss · ~$2,000,000 (per PoC header) — in this fork-block reproduction the attacker nets 819.63 W…

The victim is an unverified MEV/arbitrage bot router that held a working inventory of stablecoins and blue-chips (USDC, USDT, WBTC, WETH) and exposed a helper, selector…

3913 Token Exploit — `skim`-Driven Invite-Bonus / LP-Burn Vault Drain

Loss · ~31,354 USD (31,354.82 BUSD, single tx; this was one of several attack txs)

3913 is a deflationary "MLM/dividend" token. Its _transfer (T3913.sol:909-995) wires three independent payout mechanisms onto plain ERC20 transfers:

9419 (8633/0cCa) Exploit — Permissionless `autoAddLp()` / `autoSwapAndAddToMarketing()` Reserve Manipulation

Loss · ~$52K (per the PoC @KeyInfo header); net attacker take this run ≈ 26,362 USDT transferred…

Coin9419 (V2 = 0x0cCa…, V3 = 0x8633…) is a "tax token with DeFi features." On every taxed transfer it pokes two external helper contracts:

AI SPACE (AIS) Exploit — Permissionless `PendingMint` Inflation + Unprotected Vault Drain

Loss · ~$60.7k — 60,686.88 USDT extracted from the AIS/USDT PancakeSwap-V2 pair

The AIS token bolts a "market reward" mint mechanism onto a standard OZ ERC20. Every transfer that touches a registered AMM pair bumps a global counter PendingMint by 4–…

BrandPad (BRAND) Exploit — Permissionless `buyToken()` Buyback-Bot Sandwich

Loss · ~23.18 WBNB profit to the attacker; ~25.3 BNB drained from the BRAND buyback bot

The BRAND project deployed a "buyback" / market-maker bot at 0x831d6F…EEeFD4 and pre-funded it with ~25.3 BNB. The bot exposes a function buyToken() (selector 0xa4821719…

Burntbubba (LevX / FarmingLPToken) Exploit — Spot-Price Share Minting Manipulated via Attacker-Created Routing Pools

Loss · ~$3K — 1,597.51 USDC + 0.6549 WETH extracted by the attacker contract (≈ the underlying U…

FarmingLPToken is an ERC-4626-flavoured wrapper that takes a SushiSwap LP token (here the USDC/WETH pair), farms it in MasterChef, and mints "fLP" shares to the deposito…

CAROL Protocol Exploit — Reentrancy in `sell()` via Mid-Function ETH Payout to Attacker

Loss · ~$53K — attacker ended with 28.471 ETH (net +28.40 ETH) from a 0.07 ETH stake

CAROLProtocol.sell() is a "burn my receipt → get ETH" function. It does three things in order:

EEE-COIN Exploit — Flash-Loan Reserve Manipulation via a Compromised LP-Holder Router

Loss · ~$22,814 USDT (22,840.94 USDT net to the attacker)

EEECOIN is a fee-on-transfer ("tax") token whose EEE/USDT PancakeSwap pair had no defence against reserve manipulation. A helper router (swap_router 0x5002F2D9…) — which…

EHX (Eterna) Exploit — Fee-on-Transfer / AMM `skim` Drain

Loss · Not separately quantified by the project (@KeyInfo - Total Lost : Unclear). The PoC recov…

Eterna (EHX) is a fee-on-transfer token: every transfer between non-excluded accounts silently skims 25% of the moved amount into the token contract itself (Token.sol:11…

FiberRouter Exploit — Arbitrary External Call Drains a Victim's Token Approval

Loss · ~59.01 USDC stolen from a single victim in this tx (the bug is generic — every account th…

FiberRouter.swapAndCrossOneInch() is meant to perform a local 1inch swap and then forward the proceeds cross-chain. To execute the "1inch swap," it makes a raw low-level…

GROK Token Exploit — Fee-on-Transfer Tax Auto-Swap Reserve Desync

Loss · ~26.39 WETH (≈ $50K at the time) drained from the GROK/WETH Uniswap-V2 pair

GROK is a stock "meme-token" template: a 24% transfer tax that accrues into the token contract, plus an automatic tax-swap (swapTokensForEth, GROK.sol:272-284) that dump…

KR Token Exploit — Permissionless `sellKr()` Liquidity-Pool Drain

Loss · ~15,223 BUSD (≈$15,223) drained from the KR/BUSD PancakeSwap pair

The KR token contract holds the LP tokens for its own KR/BUSD PancakeSwap pair — i.e. the project's liquidity was parked in the token contract rather than time-locked or…

KyberSwap Elastic Exploit — Tick-Boundary Precision Loss Doubles Pool Liquidity

Loss · 2.1347 WETH + 6.365 frxETH drained (~$23K at the time); part of the ~$46M total incident

KyberSwap Elastic is a Uniswap-V3-style concentrated-liquidity AMM. Active liquidity (baseL) is adjusted as the price crosses initialized ticks by adding/subtracting tha…

LinkDao Exploit — Mis-scaled Constant-Product `K` Check in a Custom Uniswap-V2 Fork

Loss · ~$30K — 29,662.36 USDT drained from the LKD/USDT pair in a single flash swap

LinkdaoDexPair is a fork of Uniswap V2 whose swap() re-implements the constant-product (x·y ≥ k) safety check with the protocol's own fee parameters. The fork got the sc…

MahaLend Exploit — Empty-Reserve Liquidity-Index Inflation + Share-Rounding Theft

Loss · ~$20K (per the PoC's @KeyInfo). The attacker walked off with a free over-collateralized l…

MahaLend is a verbatim Aave-V3 fork. Aave's per-reserve accounting tracks a liquidityIndex (a RAY-scaled 1.0-based exchange rate from scaled aToken shares to underlying)…

MetaLend Exploit — Empty-Market Exchange-Rate Inflation via `selfdestruct` Donation

Loss · ~$4,000 — 1.9841441 WETH extracted (≈ all of the mWBTC market's lendable WBTC: 0.10999999…

MetaLend is a Compound-V2 / CREAM fork. Each market (mETH, mWBTC, …) mints an interest-bearing receipt token whose redemption value is governed by the exchange rate:

MEV Bot `0x8c2d` Exploit — Permissionless Asset-Harvester Drains a Pre-Approved Victim

Loss · 366,058.04 BUSDT (~$365K) swept from the victim MEV bot; attacker net +364,956.56 BUSDT a…

The victim — a private MEV bot at 0x8c2d… — outsourced its asset custody / sweeping to a shared "asset harvesting" contract at 0x19a2… and had pre-approved that harveste…

MEV-Bot Fleet Exploit (`0xa247…`) — Unprotected `removeAdmin()` Lets Anyone Seize and Drain 24 Bot Contracts

Loss · ~$150K — 49.63 WETH + 3.49 ETH (native) + 234,364 BUMP + assorted ERC-20 dust, drained fr…

A fleet of 24 nearly-identical "MEV-bot" contracts all delegate to one shared implementation 0xB4ba49c9…. That implementation exposes a function with selector 0xe7d25975…

OKC Exploit — Permissionless `processLPReward()` Pays Out on a Flash-Minted LP Position

Loss · ~6,268 USDT profit per run, paid out of the MinerPool's 8.36M-OKC reward treasury (≈ $6.3…

OKC ships a "hold LP, earn OKC" yield program in its MinerPool contract. The payout function processLPReward() is permissionless and computes each holder's reward from t…

Onyx Protocol Exploit — Empty-Market Exchange-Rate Inflation (Compound V2 Fork)

Loss · ~$2,000,000 — attacker ends with 1,156.93 WETH of pure profit, drained across 8 Onyx mark…

Onyx is a Compound V2 fork. A Compound V2 cToken values collateral as exchangeRate = (cash + totalBorrows − totalReserves) / totalSupply. When a market is emptied down t…

Raft Finance Exploit — Indexable-Collateral `setIndex` Inflation + `divUp` Rounding Mint

Loss · ~$3.2 M — attacker minted 6,638,934 R (the protocol's stablecoin) backed by ~150 wei of r…

Raft's collateral and debt are tracked with rebasing "indexable" tokens (ERC20Indexable). The real user-facing balance is rawBalance × storedIndex, and storedIndex is re…

SHIBAINU DAO Exploit — Underpriced ICO Sale + Lock-Bypassing `batchTransferLockToken` Pool Drain

Loss · ~$31K — attacker walked off with 101.70 WBNB (≈ $25.8K) plus residual USDT, drained from…

The SHIBAINU DAO presale (ICO.buyByBnb) sold SHIBA at a fixed amountPerStable rate of 100,000 SHIBA per $1 — i.e. $0.00001 per SHIBA. At the fork block the live SHIBA/US…

StakeStone `StoneVault` Exploit — Same-Block Deposit + `instantWithdraw` Skims Strategy-Realization Surplus

Loss · ~17.07 ETH (≈ $30K at the time) skimmed from honest StoneVault LPs

StoneVault is an ETH LST vault. It mints STONE shares on deposit and lets users redeem them with instantWithdraw. Redemptions are priced at a conservative share price (m…

Swamp Finance Exploit — Atomic `earn()` Harvest-Sandwich on `StrategyBelt_Token`

Loss · +0.548 WBNB per reproduced cycle (≈ $110 at the time). The live attack repeated the cycle…

Swamp Finance's StrategyBelt_Token is an auto-compounding yield strategy. It accounts user positions with the classic wantLockedTotal / sharesTotal share model:

TheNFTV2 Exploit — Broken `transferFrom` Access Control Lets Anyone Re-Pull Burned NFTs and Drain Their Wrapped DAO

Loss · ~$19,000 — 1.906 WETH drained from the TheDAO/WETH Uniswap-V2 pool

TheNFTV2 is an NFT that wraps one DAO token per NFT. Burning an NFT (burn()) refunds 1 DAO (here oneDao = 1e16 wei) to the caller and sends the NFT to a constant dead ad…

TheStandard.io Exploit — SmartVault `swap()` with Zero Slippage Protection Through an Attacker-Controlled Pool

Loss · ~$290K — 290,000 EUROs minted against collateral that was simultaneously drained out of t…

SmartVaultV2 lets a vault owner mint EUROs against deposited collateral, and also exposes a convenience swap() that swaps one of the vault's collateral assets for anothe…

TrustPad `LaunchpadLockableStaking` Exploit — Deposit/Withdraw Reward-Accounting Desync

Loss · ~$155K — the staking contract's TPAD reward reserve drained (final pool balance read 29,4…

LaunchpadLockableStaking is the staking/IDO-allocation pool behind the TrustPad launchpad. It exposes an "up-pool" credit path, receiveUpPool(account, amount), which pul…

WECO Staking Exploit — Reward-Debt (`offsetPoints`) Unit Mismatch Lets a Depositor Re-Claim the Whole Reward Pool

Loss · ~$18K in the live incident; in the PoC reproduction 888,001,185 WECOIN (the staking contr…

WECOStaking is a MasterChef-style staking contract. It tracks each user's "already-paid" reward checkpoint in UserInfo.offsetPoints (the classic rewardDebt). A claim pay…

XAI / CoinToken Exploit — Reflection-Token `burn()` Collapses Pool Balance via Un-touched `_rTotal`

Loss · The attacker walked off with 2562.53 WBNB of pool liquidity; net profit on the flash-loan…

CoinToken is an "RFI / reflection" token: a holder's visible balance is not stored directly. It is computed on the fly as balanceOf = _rOwned[acct] / rate, where rate =…

Astrid Protocol Exploit — `withdraw()` Trusts an Attacker-Supplied "Restaked Token"

Loss · ~$228,591 — 127.797 ETH (64.176 stETH + 39.166 rETH + 20.000 cbETH drained)

AstridProtocol lets users deposit liquid-staking tokens (stETH, rETH, cbETH) and receive a "restaked" receipt token, and later withdraw() to queue a redemption that is f…

BelugaDex Exploit — Stableswap Coverage-Ratio Manipulation via Deposit / Cross-Asset-Swap / Withdraw Looping

Loss · ~59.13 ETH extracted (≈ $175K at the time per SlowMist)

BelugaDex is a Platypus/Wombat-style single-sided stableswap. Each asset (USDT, USDC.e) has its own LP/Asset contract that tracks two scalars: cash (tokens physically he…

BH Exploit — Spot-Reserve-Priced Liquidity Manager Drained via Flash-Loan Price Manipulation

Loss · ~$1.27M — attacker walked away with 1,277,481 BUSDT (started with 0) plus 22.08M BH dust

The "Recovery" liquidity manager lets a user deposit BUSDT (selector 0x33688938) and later withdraw (selector 0x4e290832). On deposit it adds BUSDT+BH to the BUSDT/BH Pa…

DePayRouterV1 Exploit — Output-Only Balance Check + Repeated Plugin Execution Drains Router Funds

Loss · ~870.92 USDC (870,917,088 6-dec units) drained from the DePayRouterV1 contract in this tx…

DePayRouterV1.route() is a generic "swap-and-pay" router. It pulls in the input token once, runs a caller-supplied list of plugins, then checks only that the balance of…

HopeLend Exploit — Liquidity-Index Inflation + aToken Rounding-Error Drain

Loss · ~$825,000 — the entire reserves of the HopeLend hToken vaults (WETH, USDT, USDC, HOPE, st…

HopeLend is an Aave-V3 fork. In Aave-style markets, a user's deposit is recorded as a scaled balance = amount.rayDiv(liquidityIndex), and the index only ever grows as in…

Kerberus / kTAF Exploit — Compound-Fork Exchange-Rate Inflation via a Donatable, Tiny-Cash Collateral Token

Loss · ~$8.19K — 8,187.51 DAI (the entire DAI cash of the kDAI market) drained, plus 3,300 TAF r…

kTAF is a textbook Compound v2 CErc20Immutable market whose collateral exchange rate is computed live from how much underlying it currently holds:

LaEeb Exploit — Fee-on-Transfer + Auto-Liquify Pool Drain via `skim()` Recycling

Loss · ~1.81 WBNB (≈ $370 at the time) drained from the LaEeb/WBNB PancakeSwap pair

LaEeb is a "reflection / dividend" meme token whose _transfer() charges a multi-bucket fee (marketing / liquidity / LP / dead / referral) on every AMM-side transfer, acc…

Maestro Router 2 Exploit — Arbitrary `transferFrom` via Unvalidated Router Call

Loss · ~280 ETH across the full campaign; 14.04 WETH in the single reproduced transaction

The Maestro Router exposed a function with selector 0x9239127f that takes a token address and a raw bytes blob of calldata, and then executes that calldata against that…

MicDao Exploit — Fixed-Rate Presale Swap Arbitraged Against a Self-Manipulated AMM Pool

Loss · ~$12.26K — 12,260.25 BUSDT net profit, drained from the MicDao/BUSDT pool's real liquidity

MicDao was being sold through a presale-style helper contract (SwapContract at 0x19345233…) that hands out a fixed 10 MicDao per 1 BUSDT regardless of the live market pr…

OpenLeverage `RewardVaultDelegator` Exploit — Re-initializable Proxy → Admin Takeover → Arbitrary `delegatecall`

Loss · ~$8K — 37.137 BNB swept from the contract + the addresses that had approved it

RewardVaultDelegator is a Compound-style delegator/proxy. Its admin is supposed to be set once, by the constructor, by delegate-calling the implementation's initialize(.…

Platypus Finance (PoolSAvax) Exploit — Withdraw-While-Insolvent Coverage-Ratio Manipulation

Loss · ~$2.0M — attacker netted 23,563.75 WAVAX + 20,873.79 sAVAX ≈ 46,722 AVAX-equivalent from…

Platypus is a single-pool stableswap-style AMM. Each token in a pool is represented by an Asset contract that tracks two numbers: cash (underlying tokens actually held)…

pSeudoEth (pEth) Exploit — `skim()`-Pumped Reflection Token Drains the AMM Pool

Loss · ~1.44 WETH (≈ $2.3K at the time) — the entire WETH side of the pEth/WETH pair

pEth is a "reflection" token: on certain transfers it mints a fixed bonus directly into the recipient's balance. Critically, when tokens are transferred to the AMM pair,…

Stars Arena Exploit — `buyShares` Reentrancy Inflates the Price-Curve Weight

Loss · 266,102.97 AVAX (~$2.9M) drained from the Stars Arena shares contract

Stars Arena is a "friend.tech"-style social app on Avalanche: each user (a subject) has shares priced by an on-chain bonding curve. buyShares collects AVAX, splits a fee…

UniBot Router Exploit — Arbitrary External Call Drains Unlimited Approvals

Loss · 1,482.32 UNIBOT drained from 17 approving users (~$84K at the time; the campaign across m…

UniBot is a Telegram trading bot. To trade on a user's behalf, users approve(router, type(uint256).max) on the tokens they want the bot to manage, then the bot's on-chai…

Wise Lending Exploit — First-Depositor Share Inflation via `pseudoTotalPool` Donation

Loss · ~$260,000 (rescued by a whitehat; same bug, same tx pattern an attacker would have used)…

Wise Lending prices lending shares with the classic shares = amount totalShares / pseudoTotalPool formula (contracts_MainHelper.sol:55-57). The denominator pseudoTotalPo…

ZS Token Exploit — Permissionless `destory_pair_amount()` Pool-Reserve Burn

Loss · ~$14,026 — 14,026.76 BUSD-T drained from the ZS/BUSD-T PancakeSwap pair

ZS is a deflationary token that, on every sell into its PancakeSwap pair, accumulates the sold amount into a public counter Burnamount (contracts_ZS.sol:1500). The funct…

0x0 Privacy DEX (OxODex) Exploit — Forged LSAG Ring Signature + Stale `_lastWithdrawal` Pool Drain

Loss · ~$61K — ~49.85 ETH drained from the OxODex ETH pool

OxODex is a privacy mixer / "privacy DEX." Users deposit() ETH together with a public key into an anonymity ring, then later withdraw() by proving membership with an LSA…

APIG Token Exploit — Self-Transfer Balance-Doubling Bug Drains Two Pools

Loss · 59.5 ETH + ~72,113.58 BSC-USD ≈ $169K drained from two PancakeSwap pools

The APIG token's transfer() is written so that when from == to (a self-transfer), the sender's balance is credited without being debited — every call to APIG.transfer(se…

BankX / XSD Exploit — Router `swapXSDForETH()` Triggers an Un-Compensated Pool Burn

Loss · 56.96 WBNB drained from the XSD/WBNB pool (≈ $12.5K at the time)

The BankX Router.swapXSDForETH(amountOut, amountInMax) is a Uniswap-V2-style "swap exact-XSD for ETH" wrapper, except for a fatal bolt-on at the end: after performing th…

BFCToken Exploit — `lastTx` Deferred Pool-Burn Desyncs PancakeSwap Reserves

Loss · ~$38K — 179.87 WBNB drained out of the attack (≈ 440,287 BUSDT siphoned from the BFC/BUSD…

BFCToken is a "DeFi-flavoured" reflection token with a per-trade tax. On every swap into the pair it carries forward a slice of the previous trade in a state variable ca…

CEXISWAP Exploit — Unprotected `initialize()` + UUPS Arbitrary Upgrade Drain

Loss · 30,000 USDT (~$29,966) drained from the CEXISWAP proxy

CEXISWAP is an upgradeable (UUPS / ERC-1967) AccessControl token proxy that left its initialize() function callable by anyone. The deployed proxy had received 30,000 USD…

DAppSocial Exploit — `withdrawTokensWithAlt` Credits Instead of Debiting the Depositor Ledger

Loss · ~$16K — 10,335.88 USDT + 6,592.36 USDC of other depositors' funds drained from the escrow

DAppSocial is a token escrow. Users depositTokens to credit an internal balance ledger, and can withdrawTokens to pull them back. It also supports a delegated path: acco…

DEXRouter Exploit — Unprotected `functionCallWithValue` Drains the Router's Native BNB

Loss · 20 BNB (≈ $4,000 at the Sept-2023 BNB price) — the entire native-coin balance of the rout…

DEXRouter exposes a public function — functionCallWithValue(address target, bytes data, uint256 value) — that performs an arbitrary external call to a caller-chosen targ…

FireBird Finance Exploit — Manipulable Protocol-Fee LP Mint Drains the WMATIC/HOPE Pool

Loss · ~3,197.67 WMATIC profit in this tx (≈ part of ~8,536 MATIC total across the campaign)

FireBird's AMM accrues a protocol fee not as an instantaneous skim, but as a running counter (collectedFee0 / collectedFee1) accumulated inside every swap() (FireBirdPai…

FloorDAO Exploit — Self-Donated Rebase Inflates the Staking `index`, Over-Paying gFLOOR Redemptions

Loss · ~40.15 WETH (~$64K at the time) — drained from the FLOOR/WETH UniswapV3 pool

FloorStaking is an OlympusDAO-V2 fork. Stakers can hold their position either as sFLOOR (a rebasing token, balance grows each epoch) or as gFLOOR (a non-rebasing "wrappe…

HCT (CoinToken) Exploit — Reflection-Token `burn()` Deflates the Pool's Reserve to 1 wei

Loss · ~$8.6K — 31.05 WBNB profit drained from the HCT/WBNB PancakeSwap pair

CoinToken (HCT) is a SafeMoon-style reflection token: every account's balance is stored as a reflected amount _rOwned[account] and the visible balance is computed on the…

Heavens Gate (HATE) Exploit — Rebase-Index Inflation via Permissionless `stake`/`unstake` Looping

Loss · ~7.85 ETH (≈ $13K at the time) — drained from the HATE/WETH Uniswap-V2 pair across two tr…

HATEStaking is a fork of the OlympusDAO staking system. sHATE is a rebasing share token: each account stores an internal gon balance, and the displayed balance is gons /…

JumpFarm Exploit — Single-Transaction Rebase Inflation in OlympusDAO-style Staking

Loss · ~2.406 WETH (≈ $2.4K at the time) drained from the JUMP/WETH Uniswap-V2 pool via free-min…

Staking is an OlympusDAO-style (Olympus/Wonderland v1) staking contract: you deposit JUMP, receive sJUMP (a rebasing receipt token) 1:1, and the receipt's balance grows…

Quantum Wealth Network (QWA) Exploit — Re-entrant `rebase()` Reward Harvest via stake/unstake Looping

Loss · ~0.578 WETH (~$900 at the time) extracted from the QWA staking system in a single transac…

QWAStaking is an Olympus-style staking system. Staking QWA gives you sQWA 1:1; the sQWA token rebases (mints supply to existing holders) every epoch, so when you later u…

Split (Kub) Exploit — Self-Doubling Balance via Manipulable On-Chain "Token Price" Oracle

Loss · ~$22.2K — attacker netted 22,049.48 BUSDT + 126.38 KUB (≈ $22.2K) after repaying all flas…

Split is a "reflection"-style deflationary token. On every token transfer its _beforeTokenTransfer hook calls setSplit() (Split.sol:1231-1237). When an internal price re…

Unicly PointFarm Exploit — ERC1155 Reentrancy Inflates Reward Points to Steal a LootRealms NFT

Loss · 1 NFT — LootRealms #4689 (a "Realm" NFT, redeemed from the Unicly shop without enough poi…

PointFarm is a SushiSwap MasterChef fork (its own header says "Copied from … MasterChef.sol — Modified by 0xLeia") that pays farming rewards as an ERC1155 "points" token…

Balancer Boosted Pools Exploit — Linear-Pool `getRate()` Inflation via BPT Supply Drain + Precision Loss

Loss · ~$2.1M total across all affected Balancer V2 boosted pools (this PoC reproduces the bb-a-…

A Balancer V2 Linear Pool (bb-a-USDC) exposes getRate(), which is the on-chain "share price" of its BPT measured in underlying units. That rate is getRate() = (nominalMa…

BTC20 / 24Pixels Presale Exploit — Spot-AMM Price Oracle Manipulation in `buyWithEthDynamic()`

Loss · ~18 ETH reported on-chain (SlowMist); the isolated single-iteration PoC nets 5.68 WETH in…

The 24Pixels/BTC20 dynamic presale lets anyone buy a fixed remaining token allotment via buyWithEthDynamic(tokenAmount). It computes the ETH price for that allotment by…

Curve `UnderlyingBurner.execute()` — Zero-Slippage Sandwich on the 3pool

Loss · ~$36,700 — 36,700.27 USDT extracted from the Curve 3pool by sandwiching the burner

Curve's UnderlyingBurner is a fee-processing contract: it accumulates DAI/USDC/USDT (the fees the protocol skims), then anyone can call its public execute() function to…

EAC Exploit — Permissionless `_swapUForToken()` Drains the Fund Contract into a Thin Pool

Loss · ≈ 6,377 USDT (~29 BNB) profit to the attacker, sourced from 14,300 USDT force-spent out o…

The EAC project deployed a "fund" contract (reachable through proxy 0xa08a40…) exposing a public, unauthenticated function _swapUForToken(uint256 amountIn) (selector 0xe…

EarningFarm (ENF) Exploit — Withdraw Reentrancy via ETH-Push-Before-Burn in `EFVault`

Loss · ~$286K — the entire ETHLeverage strategy was drained (≈ 320.6 ETH of totalAssets at the f…

EFVault.withdraw() (contracts_core_Vault.sol:122-145) pays the user out by calling IController(controller).withdraw(assets, receiver), which forwards the strategy's rede…

EHIVE Exploit — `stake()` Updates `staked` Before Computing `earned`, Inflating Rewards

Loss · ~$15K — 9.3258 WETH net profit drained from the EHIVE/WETH pool

EHIVE is a token with a built-in 50%-APR staking program. The stake() function has a write-ordering bug (EHIVE.sol:950-956): when an address that is already registered a…

Exactly Protocol Exploit — `DebtManager` Permit-Spoofed `_msgSender` Lets Anyone Act On Behalf Of Any Account

Loss · ~$7.3M total across all Exactly markets (Optimism). This PoC reproduces only the exaUSDC…

DebtManager is a periphery helper that performs leverage / deleverage / roll operations on behalf of an account identified by an internal _msgSender variable. Several en…

GSS Exploit — Fee-on-Transfer / Reflection Token Drained via Cross-Pool `skim()`

Loss · ~$24,883 — 24,883.45 USDT extracted (flash-loaned 30,000 USDT, repaid in full, net profit)

GSS is a "reflection / auto-liquidity / dividend" BEP-20 token. Its _transfer override (GSS.sol:785-810) intercepts every transfer that touches a registered Pancake pair…

LeetSwap V2 Exploit — Public `_transferFeesSupportingTaxTokens()` Drains the Pair's Reserves

Loss · ~$630,000 — across all LeetSwap V2 pairs; this PoC drains 120.18 WETH from the WETH/axlUS…

LeetSwapV2Pair (a Solidly/Velodrome-style AMM fork) splits trading fees out of the pool by transferring the fee amount to a separate fees contract. The helper that perfo…

Neutra Finance Exploit — `Convert.getAmountOut()` Prices LP by a Spot-Manipulable Reserve

Loss · ~$48K — attacker net +23.57 WETH intra-transaction (flash-loan funded, zero capital)

Convert is Neutra Finance's LP-migration contract. A user hands it old WETH/NEU LP tokens and it pays back the equivalent number of new NEU1/WETH LP tokens from a treasu…

SVT Exploit — Broken AMM Pricing Round-Trip Drain (flash-loan funded)

Loss · ≈ 397,782 BUSD profit to the attacker, drained from the SVT/BUSD pool's BUSD reserve

The SVT pool at 0x2120… is a custom AMM exposing buy(uint256 busdAmount) and sell(uint256 svtAmount). Its pricing does not preserve a constant product — buying SVT is ch…

Uwerx (WERX) Exploit — Burn-on-Transfer-to-Pool + `skim()` Reserve Collapse

Loss · 174.79 WETH profit (the pool's entire ~174.79 WETH of honest liquidity; ~$320K at the tim…

Uwerx is a standard OpenZeppelin ERC20 with one bolted-on "feature": inside _transfer, whenever the recipient equals uniswapPoolAddress, it taxes the transfer 97% / 2% /…

Zunami UZD Exploit — Spot-Price `totalHoldings()` Inflation via SDT Donation

Loss · ~$2.1M — 1,152.91 WETH + 1,275.24 USDT extracted by the attacker (≈ $2.1M at the time)

UZD is a rebasing stablecoin whose per-share price (lpPrice) is computed from the Zunami protocol's total USD holdings divided by supply. One of the underlying yield str…

ApeDAO (APE2) Exploit — Permissionless `goDead()` Pool-Reserve Burn + `skim()` Tax Pump

Loss · ~7,522.88 BUSDT (~$7.5K) drained from the APEDAO/BUSDT PancakeSwap pair

APEDAO is a fee-on-transfer "dividend" token. Two design flaws compose into a critical bug:

Arcadia Finance Exploit — Reentrant Self-Liquidation Drains the Lending Pools

Loss · ~$334K recovered at this fork block (148.22 WETH + 59,527 USDC); the live incident totall…

Arcadia's Vault is an on-chain margin account. To support leveraged DeFi actions, the LendingPool mints debt to a vault, ships the borrowed funds + the vault's collatera…

AzukiDAO (Bean) Exploit — Signature-Replay Mint via Unenforced `signatureClaimed` Guard

Loss · ~$69,000 — 6,250,000 BEAN minted to the attacker (200 × 31,250 BEAN)

Bean.claim() lets an NFT holder redeem an off-chain-signed allowance of BEAN tokens. The signature is checked with a sound OpenZeppelin ECDSA.recover against the trusted…

Bamboo AI Exploit — `updatePool()` Permissionless Pool-Reserve Siphon + `skim`/`sync` Drain

Loss · ~226 WBNB extracted by the PoC (≈ 226.13 WBNB); the live incident is reported as ~200 BNB

BambooAI is a fee-on-transfer "AI" memecoin. Its _transfer invokes a private helper updatePool(amount) on every non-pair (sell-side) transfer once trading has started (B…

Bao Finance Exploit — CErc20 Exchange-Rate Inflation via Direct Underlying Donation

Loss · ~$46,000 — attacker walked away with 23.52 WETH of net profit after repaying a flashloan

bdbSTBL is a Bao Finance lending market built on a Compound v2 / CErc20 fork. Its share price (exchangeRate) is computed live as

BNO Exploit — `emergencyWithdraw()` Resets Stake but Leaves Reward Accounting Intact, Draining the Pool

Loss · ~$505K — 763,070 BNO extracted from the staking pool (net, after flash-loan repayment)

Pool is a yield farm where users pledge() BNO and (optionally) stakeNft() to receive a reward "weight" boost. Rewards are paid in the same token that is staked — pledgeA…

Carson Token Exploit — Thin-Reserve Price Skew + Fee-on-Transfer Drain via a Custom Pair

Loss · ~$100,677 — 100,677.05 BUSDT of net profit, drained out of the Carson/BUSDT pair

Carson is a fee-on-transfer ("reflection") token: every transfer skims a tax (≈7% on the exploited path) and re-routes it to reward / dead / marketing sinks. It is paire…

Civfund (0xf485) Exploit — Forged Uniswap-V3 `mint` Callback Drains User Approvals

Loss · ~$165K — token approvals drained from 31 victim accounts (USDT, USDC, SHIB, BONE, WOOF, L…

Civfund's router contract is a Uniswap-V3 "minting" wrapper. When it adds liquidity on behalf of a user it calls pool.mint(...); the genuine pool then re-enters the rout…

CIVNFT / CivTrade Exploit — Missing Access Control + Attacker-Controlled Mint Callback Drains Approved Allowances

Loss · ~$180K — attacker drained 89,789.15 CIV (the victim's entire remaining balance) from a si…

CIVNFT is the position-manager/NFT contract behind CivTrade, a limited-range-order product built on Uniswap V3. To open a position it calls into a Uniswap V3 pool: it re…

Conic Finance (crvUSD Omnipool) Exploit — Curve Pool Imbalance Manipulation of LP Valuation

Loss · ~$934K total across Conic Omnipools; this PoC reproduces the crvUSD Omnipool leg, attacke…

ConicPoolV2 is a Curve "Omnipool": users deposit a single underlying (here crvUSD), the pool spreads that liquidity across several underlying Curve pools (crvUSD/USDT, c…

Conic Finance (ETH Omnipool) — Curve LP Oracle Manipulation via Spot-Reserve Pricing

Loss · ~$3.26M — net 1,724.17 ETH extracted by the attacker (≈ $1,886.87/ETH at the fork-block C…

Conic's ETH Omnipool mints/redeems its LP token (cncETH) at an exchange rate derived from the USD value of the Curve LP positions it holds (ConicEthPool._exchangeRate, _…

Conic Finance ETH Omnipool Exploit — Curve Read-Only Reentrancy Oracle Inflation

Loss · ~$3.25M — attacker ends with 1,724.21 WETH of profit (started with 0 capital, all flash-l…

ConicEthPool prices its Curve/Convex LP holdings through CurveLPOracleV2, a balance-based oracle that values a Curve LP token as (sum of pool coin balances × spot prices…

Curve `crv/ETH` Pool Drain — Vyper 0.3.0 Broken `@nonreentrant` Lock (Read-Only/Cross-Function Reentrancy)

Loss · ~7,929.44 WETH extracted in the reproduced single-transaction PoC. The wider July-30-2023…

The Curve crv/ETH pool is a two-coin crypto-swap pool written in Vyper 0.3.0. Every state-changing entry point (exchange, add_liquidity, remove_liquidity, remove_liquidi…

Curve Finance pETH/ETH Pool — Vyper `@nonreentrant` Compiler Bug Read-Only/Cross-Function Reentrancy

Loss · 6,107.41 WETH net profit drained from the pETH/ETH pool (~$11.4M of pool TVL at the time)…

The pETH/ETH pool is a Curve StableSwap written in Vyper 0.2.15. Every state-mutating entry point — add_liquidity, exchange, remove_liquidity, … — carries a @nonreentran…

FFIST (FIRE FIST) Exploit — Attacker-Controlled `_airdrop()` Overwrites the AMM Pool's Token Balance to 1 wei

Loss · ~$110K — 228.30 WBNB drained from the FFIST/USDT PancakeSwap pool (≈$110K at the time)

FFIST is a fee-on-transfer token with a gimmick "airdrop" feature: on every non-whitelisted transfer, _airdrop() derives 4 pseudo-random addresses from a seed and hard-w…

GYM Network Exploit — `GymRouter` Pulls Swap Input From the *Recipient* Instead of the *Caller*

Loss · +117,193.51 GYMNET netted by the attacker (≈ the victims' drained GYMNET, repackaged as t…

The deployed GymRouter's swap…SupportingFeeOnTransferTokens family of functions pulled the input tokens from the to address (the swap recipient) rather than from msg.sen…

Libertify (LibertiVault) Exploit — Deposit Reentrancy via 1inch Swap Callback Inflates Share Mint

Loss · ~$452K — drained from the WETH/USDT LibertiVault (attacker netted 123.84 WETH + 56,234 US…

LibertiVault.deposit() is a vault-share function whose _deposit() internal routine makes an external call to the 1inch V4 aggregation router in the middle of the share-m…

LUSD (LAYER3) Exploit — Spot-Price Oracle Manipulation via `Loan.supply()`

Loss · ~$9.46K this tx — 9,464.72 USDT net (SlowMist totals the campaign at ~$16K across the att…

Loan.supply() decides how much LUSD to mint for a supplied token by asking the PancakeSwap router how much USDT that token is worth, right now, using router.getAmountsOu…

Minto Finance Exploit — Free BTCMT Minting via Unvalidated `paymentToken` in `ReferralCrowdsale.buyTokens()`

Loss · ~$9.68K — 14,724.1 BTCMT drained from the crowdsale, swapped to 9,682.2 BUSD/USDT

ReferralCrowdsale sells BTCMT for stablecoins. The buyer passes a paymentToken address and a usdtAmount. The crowdsale computes how much BTCMT that buys (getPrice), send…

NewFi / StakedV3 Exploit — Flash-Loan Price Manipulation of an Unprotected Internal V3 Swap

Loss · ~$31K — 30,473.19 BUSD net profit to the attacker

StakedV3 is a "single-token deposit, auto-Farm" wrapper around a PancakeSwap V3 concentrated-liquidity position. When a user calls Invest(...), the contract reads the li…

Palmswap Exploit — PLP Share Inflation via Permissionless `buyUSDP()` AUM Manipulation

Loss · ~$901,456 — 901,456.59 BUSDT net profit drained in a single transaction

Palmswap is a GMX fork on BSC. Its PLP liquidity token is priced off the Vault's Assets-Under-Management (AUM), and AUM is dominated by the Vault's poolAmount (PlpManage…

Platypus Finance (2nd hack) — Coverage-Ratio Arbitrage via `withdrawFromOtherAsset`

Loss · ~$51K (one of several attack txs); this PoC profits 4,472.378061 USDC in a single flash-l…

Platypus is a single-sided stableswap. Each token has an Asset LP contract that tracks two numbers: cash (underlying token actually held) and liability (what depositors…

Rodeo Finance Exploit — TWAP Oracle Manipulation of the unshETH LP Price

Loss · ~472 ETH (~$888K) across the attack campaign; this PoC's final transaction nets 144.22 WE…

Rodeo Finance let users borrow USDC against a leveraged unshETH LP strategy. The collateral value (and therefore the position's health factor) was priced by an OracleTWA…

SUT Token Sale Exploit — Fixed-Price Inventory Sold Far Below Market

Loss · ~$8K USD — 32.99 WBNB of risk-free arbitrage profit

SUTTokenSale is a primitive "ICO" contract that sells its SUT inventory at a single, admin-set, hard-coded tokenPrice (SUTTokenSale.sol:130, :145-148). At the time of th…

USDTStakingContract28 Exploit — Permissionless `tokenAllowAll()` Self-Approval Drain

Loss · ~$20,999 — 20,999.916289 USDT drained (the staking contract's entire USDT balance)

USDTStakingContract28 is a USDT staking/yield contract that holds users' deposited USDT. It exposes a public helper, tokenAllowAll(address asset, address allowee) (USDTS…

Utopia Exploit — `_airdrop()` Overwrites the Pool's Token Balance to 1, Collapsing the AMM Reserve

Loss · ~$119K — 492.08 WBNB drained from the Utopia/WBNB PancakeSwap pair (attacker started with…

Utopia is a fee-on-transfer "dividend" token. On every taxed buy/sell it runs a marketing gimmick called _airdrop() (Utopia.sol:327-342) that mints 1 wei of Utopia to a…

WGPT (Wrapped GPT) Exploit — Self-Inflicted `removeLiquidity` on Every Sell Drains the Pool

Loss · ~$80K — attacker walked away with 76,944.26 BUSD-T of profit (from a ~$0 starting balance…

AiWGPTToken is a "deflationary" token whose transferFrom hook runs a self-managed burn every time tokens are sold into a registered pair. Instead of merely destroying to…

Abracadabra / MIM `ZeroXStargateLPSwapper` Exploit — Arbitrary-Calldata Approval Drain

Loss · ~$17K — 17,991.96 MIM stolen from the swapper's residual USDT balance

ZeroXStargateLPSwapper is one of Abracadabra/MIM's "swapper" helper contracts. It liquidates a Stargate-LP collateral position by (1) redeeming the LP for its underlying…

ARA Exploit — Permissionless "Swap-on-Behalf" Helper Drains a Pre-Approved Address via Pool Price Manipulation

Loss · ~$125K — attacker netted 124,914.92 BUSDT (the pre-approved address was whipsawed for ~$4…

The ARA project deployed a "swap helper" contract, 0x7BA5dd9Bb357aFa2231446198c75baC17CEfCda9, exposing a function swapExactInputSingle(uint256 amount, uint256 minOut, a…

BabyDogeCoin Exploit — Sandwiching the Token's Slippage-Free `swapAndLiquify`

Loss · ~$100K — net 441.9 WBNB retained by the attacker after repaying all loans

BabyDogeCoin is an old-style "reflection + auto-liquify" token. On large transfers it accumulates a liquidity fee in its own balance, and once that balance reaches numTo…

Biswap V3Migrator Exploit — Arbitrary `recipient` LP Theft via Unauthorized `migrate()`

Loss · ~$72K — the victim's entire BTCB/BSC-USD V2 LP position (≈ 28.149 BTCB + 53,553.74 BSC-US…

Biswap's V3Migrator is a periphery helper meant to let a user move their own Uniswap-V2-style LP into a Biswap V3 concentrated-liquidity position. Its migrate() function…

Bunny Protocol (BUNN) Exploit — Reflection `deliver()` Inflates Pair Balance, Spoofing the AMM K-Check

Loss · 52 WBNB drained from the BUNN/WBNB PancakeSwap pair (≈ $12–13K at the June-2023 BNB price)

BunnyProtocol is a fork of the RFI / SafeMoon "reflection" token design. Holder balances are stored not as raw amounts but as reflection units _rOwned, and the visible b…

Cellframe Network Exploit — Manipulated Reserve Ratio in `LpMigration.migrate()`

Loss · ~$76,000 — attacker WBNB balance went 0.1 → 245.52 WBNB (net +245.42 WBNB)

LpMigration was a one-shot helper that lets a holder of the old CELL/WBNB LP token swap it for the new CELL/WBNB LP token. For each migrated LP position it:

CFC Exploit — Self-Burning `sync()` + `skim()` Reserve Drain

Loss · +6,124.40 BEP20USDT net profit this transaction (PoC). SlowMist reported ~$16K total acro…

CFC is a "tax + dividend" BEP20 whose _transfer runs an internal sync() helper on every sell (any transfer where to == uniswapV2Pair). That helper directly mutates the p…

Compounder Finance Exploit — Inflatable Share Price via Curve `get_virtual_price()` Manipulation

Loss · ~$27.17M (per the @KeyInfo header in the PoC). The extracted PoC reproduces a representat…

Compounder Finance is a yield aggregator. Its cVault_DAI mints/redeems share tokens (cDAI) priced off balance(), which equals the vault's own DAI plus the value reported…

Contract `0x7657…` Exploit — Permissionless `transferFrom`-Drain of Standing Approvals

Loss · 20,000.01 USDT drained from the victim

The contract at 0x7657… holds a public function with selector 0x0a8fe064. The function takes five ABI words — (address recipient, address from, uint256 _, uint256 amount…

DDCoin (DD) Marketplace Exploit — Self-Granted Allowance Lets the Seller Drain the Escrow Twice

Loss · ~$300K reported; this reproduction nets 126,409.24 BUSDT to the attacker in one transacti…

Marketplace.sellItem() pays a seller in two pieces of code that should be mutually exclusive but are not:

Midas Capital Exploit — cToken Exchange-Rate Inflation via Donation Into a Near-Empty Market

Loss · ~$600K — attacker walked off with 590,964 ANKR + 116 ankrBNB plus borrowed HAY/ankrBNB, l…

Midas Capital is a Fuse/Compound-fork isolated-lending market. Several markets used ERC4626-vault-wrapped Thena LP tokens as the cToken underlying.

MyAi (CoinToken) Exploit — `MultiSender` Lets Anyone Spend a Victim's Pre-Approved Allowance Into a Hyper-Thin Pool

Loss · ~10.77 WBNB (≈ 10 BNB) drained from the MyAi/WBNB PancakeSwap pair

MultiSender.batchTokenTransfer() (MultiSender.sol:297-324) is a public, unauthenticated airdrop helper. It takes an arbitrary _from address and does IERC20(token).transf…

NST Swap Exploit — Dangling `approve()` lets the buyer drain the swap contract's USDT reserves

Loss · 29,195.083207 USDT (~$29,195) stolen from the swap contract

Milktech's NST swap contract is a simple fixed-price exchange between USDT (6 decimals) and the company token NST (4 decimals), holding a USDT float to pay out sellers.

Pawnfi `ApeStaking` Exploit — Unrestricted `collectRate` + Vault-Funded Staking Drains the P-BAYC ApeCoin Reserve

Loss · ~$820K — drained the ApeCoin (APE) reserve held by Pawnfi's P-BAYC vault, plus ~102.3 ETH…

Pawnfi's ApeStaking lets a user deposit a "P-BAYC" wrapped NFT, have the protocol stake the underlying BAYC into Yuga's ApeCoinStaking, and later withdraw the staked Ape…

SellToken `miner` Exploit — Spot-Price Reward Oracle Drained via Flash-Loaned Liquidity

Loss · ~123.30 WBNB net profit drained from the miner contract's SELLC stockpile (≈ US$30–35K at…

miner is a yield/"mining" contract that lets a user register a deposit (setBNB) and then, once per day, claim a SELLC reward via sendMiner() (miner.sol:308-329). The rew…

SHIDO Exploit — `ShidoLock` Migration Mint With No Eligibility Check

Loss · ~977.07 WBNB net (≈ $230K at the June-2023 BNB price) drained from the SHIDO-V2/WBNB pool

ShidoLock is the contract that migrates holders of the old SHIDOINU (V1, 9 decimals) token to the new SHIDO (V2, 18 decimals) token. Migration is two steps:

SHIDO Migration Exploit — `claimTokens()` Blind `× 10⁹` Decimal Scaling Drains the Reward Wallet

Loss · ~976.98 WBNB (≈ $283K at the time) extracted from the SHIDO migration reward wallet, mone…

ShidoLock is the migration bridge from SHIDO V1 (SHIDOInu, 9 decimals) to SHIDO V2 (StandardToken, 18 decimals). A user calls lockTokens() to deposit their V1 balance, t…

STRAC Exploit — Permissionless Token-Drainer in a Helper Contract (Spoofable `transferFrom`)

Loss · 12.1629 ETH (Binance-pegged ETH, 0x2170…F8) — ≈ $13 ETH per the PoC header, ~$22K at the…

A helper contract at 0x1F90…E7A513 held a stash of 130.97 STRAC and exposed a public, unauthenticated function (selector 0x4a75084c) whose behaviour, reconstructed verba…

Sturdy Finance Exploit — Balancer Read-Only Reentrancy Inflates LP-Token Collateral Price

Loss · ~$800K (≈442 ETH across the live multi-iteration attack). This single-pass PoC nets 217.7…

Sturdy is an Aave-v2 fork that accepts Balancer/Curve LP tokens as collateral. It prices the B-stETH-STABLE BPT through a custom Chainlink-shaped source (0x232a8829…) wh…

Themis Protocol Exploit — Manipulable Balancer-LP (BPT) Price Oracle Enables Over-Borrowing

Loss · ~$370,000 (≈ 94.32 WETH + 130,471.92 USDC + 58,824.33 USDT walked off-chain)

Themis is an Aave V3 fork on Arbitrum that accepted the Balancer wstETH/WETH gauge LP token as collateral. To value that LP token it called an oracle at 0x17df2B52f5…, w…

UN Token Exploit — Fee-on-`swap`-out + `skim()` Reserve Drain

Loss · ~$13,412 — 13,412.36 BUSD profit drained from the UN/BUSD PancakeSwap pair

UN is a fee-on-transfer token whose _transfer override applies its tax to the wrong account on the buy side. When someone buys UN out of the registered swapPair, the fro…

Unverified Staking Contract — `claim()` Double-Spend of Deposited BUSD

Loss · ~$5,955 — 5,955.466788 BUSD drained from the staking contract

A small BUSD staking/farm contract at 0xAC899… lets a user deposit(pid, amount) and later claim(pid, amount). The trace shows that claim() returns the staked principal t…

Viral Inu (VINU) Exploit — Permissionless `addLiquidityETH()` Drains Pool's Own Token Reserve

Loss · ~$6,000 — 3.2565 WETH drained from the VINU/WETH Uniswap V2 pair (against ~0.1 ETH outlay)

VINU is a fake "Viral Inu" memecoin engineered as a honeypot/backdoor. Two design choices combine into a public, free pool-drain:

Vortex DEPUSDT / LEVUSDC Exploit — Public `approveToken()` → Arbitrary Reserve Drain

Loss · ~$106K — 69,961.509697 USDT (from the DEPUSDT market) + 36,142.023929 USDC (from the LEVU…

The Vortex lending markets (DepErc20 for USDT, LevErc20 for USDC) inherit a Curve-swap helper CurveSwap that exposes:

BabyDoge FarmZAP Exploit — Untrusted `farm` Callback Lets Anyone Drain Swapped Tokens

Loss · ~$7.5M total across repeated runs (per DeFiHackLabs header). This single reproduced trans…

FarmZAP.buyTokensAndDepositOnBehalf(IFarm farm, …) (contracts_FarmZap.sol:184-223) is meant to: take your input token, swap it to a farm's stake token through the BabyDo…

Bitpaidio (BTP) Staking Exploit — Stale-Lock Reinvest Bug Enables Instant Flash-Loaned Staking ROI

Loss · ~$30K (PoC nets 10,417.70 BTP of free ROI per round; the live drain repeated to empty the…

Bitpaidio's Staking contract offers fixed-term staking (6 / 9 / 12-month plans) that pays a flat ROI (5% / 10% / 20%) when the lock expires. To support topping up an exi…

CS Token Exploit — Stale Global `sellAmount` Drives an Attacker-Triggerable Pool Burn

Loss · ~684,175 BSC-USD (≈ $684K) extracted in a single transaction

CS is a fee-on-transfer token with a "deflation" feature that burns CS directly out of its own liquidity pool. The amount it burns is read from a global state variable s…

DEI Stablecoin Exploit — `burnFrom()` Grants the Caller Infinite Allowance, Draining the DEI/USDC Pair

Loss · 5,047,470.472572 USDC (~$5.05M) drained from the DEI/USDC Solidly stable pair (one of sev…

DEI's burnFrom(account, amount) was supposed to consume the caller's existing allowance over account. Instead, the implementation wrote a fresh, near-infinite allowance…

ERC20TokenBank / ExchangeBetweenPools Exploit — Zero-Slippage Curve Swap Sandwich

Loss · ~$111,500 — 111,500.39 USDC extracted in a single transaction

ExchangeBetweenPools.doExchange() (ExchangeBetweenPools.sol:230-244) takes USDC out of a partner ERC20TokenBank, immediately market-sells all of it into the Curve yPool…

FAPEN (Father Pepe Inu) Exploit — `unstake()` Mints Free Tokens via Backwards Balance Check

Loss · ~$600 — 2.042256597375684021 WBNB drained from the FAPEN/WBNB PancakeSwap pair

FatherPepeInu collects a 1% fee on every transfer into its own contract balance (balances[address(this)]). It exposes a public function unstake(uint256 amount) that is s…

Goldseed `landNFT` Exploit — Unprotected Minter Forwarder Lets Anyone Free-Mint 200 Land NFTs

Loss · 200 land NFTs minted for free → swapped for 28,601 $XQJ → ≈ 149,616 $BUSD (~$149.6K)

landNFT correctly gates its own mint() behind an onlyMiner modifier (landNFT.sol:1592). The problem is what it whitelisted as a miner: a separate helper contract, Miner…

GPT Token Exploit — Deflationary `transfer`-Hook + `skim()` Pool Drain

Loss · ~19,989.31 BUSD extracted by the attacker (≈ the BUSD liquidity / value that was in the G…

GPT is a "reflection + auto-liquidity + buy-back-and-burn" token. Its transfer logic (triggered whenever GPT moves to/from the pair, i.e. on a swap) does three AMM-touch…

HODL Capital Exploit — Reflection-Rate Manipulation via `deliver()` Drains the Uniswap Pair

Loss · ~2.34 ETH (≈ $4.3K at the May 2023 ETH price) — drained from the HODL/WETH Uniswap-V2 pair

HODLCapital is a "reflect" (RFI-style) token. Every holder's balance is derived from a hidden double-entry ledger: a large "reflection" space (_rOwned, _rTotal) mapped d…

Jimbo Protocol Exploit — TraderJoe LB Rebalance Manipulation & Floor-Price Decoupling

Loss · ~359.16 WETH (flash-loan-funded; ≈ $639K at the May 2023 ETH price)

Jimbo is a rebasing token protocol that manages all JIMBO/WETH liquidity itself on a TraderJoe v2.1 Liquidity Book pair. Its JimboController.shift() routine is permissio…

Level Finance Exploit — Duplicate-Epoch `claimMultiple()` Reward Multiplication

Loss · 205,105.54 LVL drained from the referral controller's reward balance (≈ $1M at the May-20…

LevelReferralControllerV2.claimMultiple(uint256[] _epoches, address _to) (src_referral_LevelReferralControllerV2.sol:161-176) iterates over a caller-supplied array of ep…

LFI / VLFI Exploit — `claimRewards()` Reward-Debt Reset via Botched `cleanUserMapping` Migration

Loss · ~$36,000 (per PoC @KeyInfo) — drained as LFI (the staked/reward token) from the VLFI stak…

VLFI_8 is a MasterChef-style staking pool: stakers receive VLFI LP tokens and accrue LFI rewards proportional to balanceOf(user) × accRewardsPerShare, offset by a per-us…

LocalTrader2 (LCT) Exploit — Unprotected Proxy Implementation Lets Anyone Set the Token Price to 1 wei

Loss · 383.24 WBNB (~$110K at the time) drained from the LCT/WBNB PancakeSwap pool

The LCT vendor contract LCTExchange.buyTokens() prices its token sales by reading an external "live price" oracle: tokenAmount = (msg.value / getLivePriceFromInheritance…

LocalTraders (LCT) Exploit — Unprotected Price-Oracle Initializer Drains the LCT/WBNB Pool

Loss · ~383.24 WBNB drained from the LCT/WBNB PancakeSwap pair (≈ $120K at the May-2023 BNB pric…

LCTExchange.buyTokens() mints (well, sells) LCT at a price taken live from an external oracle: tokenAmount = (msg.value / price) * 1e18 (LCTExchange.sol:312-313). The pr…

LW Token Exploit — Spot-Price Oracle Manipulation Drains Protocol "Buyback" Treasury into the LP, Then Drains the LP

Loss · ~$50K live (two txs); the single-tx PoC nets 83,476.06 USDT (≈ $83.5K) profit

LW (deployed as contract GGGTOKEN) is a fee-on-transfer token with a homemade "price-defense" mechanism. It reads the instantaneous PancakeSwap pool ratio as its price v…

Melo (MEL) Exploit — Unprotected `mint()` → Infinite-Supply Pool Drain

Loss · ~$90,488 — 90,488.68 USDT drained from the MEL/USDT PancakeSwap pair

The MEL token (cERC20) exposes a public mint(address, uint256, string) function with no owner / role / minter check whatsoever (cERC20.sol:313-321). Anybody can mint an…

Multi-Chain Capital ($MCC) Exploit — Reflection-Rate Inflation via `deliver()` + `skim()`

Loss · ~10.2 WETH net profit (≈ 10 ETH, ~$19K at the time) — drained from the MCC/WETH Uniswap V…

MultiChainCapital is a SafeMoon/RFI-style "reflection" token: holder balances are stored as a reflection share _rOwned[account], and the displayed balance is computed on…

NeverFall (NF) Exploit — `sell()` Over-Redeems LP Against a Pre-Crashed Pool Reserve

Loss · ~74,250.89 USDT profit to the attacker (≈ $74.3K), drained from the NF/USDT pool's LP val…

NeverFallToken is a "DeFi-ish" deflationary token where the token contract itself manages the PancakeSwap NF/USDT liquidity on behalf of users. buy() pulls USDT from the…

NOON (NO) Exploit — Public `_transfer()` Lets Anyone Drain the AMM Pool For Free

Loss · 1.13645 WETH (~$2K) drained from the NO/WETH Uniswap-V2 pair

The NO token exposes its internal balance-moving primitive as a public function with the raw ERC-20-internal signature _transfer(address sender, address recipient, uint2…

SELLC / QIQI StakingRewards Exploit — Attacker-Chosen Reward-Valuation Token Drains the Reward Pool

Loss · ~1,983.33 QIQI drained from the StakingRewards reward pool in one transaction (PoC log At…

StakingRewards.claim(address token, address token1) (StakingRewards.sol:623-641) computes the reward payout by asking a PancakeSwap router for the spot price of the stak…

SELLC / StakingRewards Exploit — Permissionless `sell()` Drains Staked LP Tokens via a Self-Created Price Oracle

Loss · ~$95K — attacker turned 3 WBNB into 332.58 WBNB (≈ +329.58 WBNB net) by draining the prot…

StakingRewards is a yield/referral contract that holds SELLC/QIQI LP tokens (SellQILP) on behalf of its stakers. It exposes two functions with no meaningful access contr…

SellToken Exploit — Spot-Price Oracle Manipulation of a Leveraged "Short" Exchange

Loss · ~3.11 WBNB profit per cycle (≈ $1,000 at the time); attacker repeated this across the Sel…

SellToken is a self-described "decentralized short-trading exchange." A user opens a short on a token through ShortStart(), and later closes it through withdraw(). The s…

SNK Miner Exploit — Inflated Referral Reward via Just-In-Time Child Staking

Loss · The attacker minted 17,845.81 SNK of reward across 10 sock-puppet accounts in a single tr…

SNKMiner is a Synthetix-style staking farm with a multi-level referral ("community") bonus. A parent earns a dynamic reward equal to:

0VIX Protocol Exploit — vGHST Oracle Manipulation via Balance Donation

Loss · ~$2.0M — drained as ~1,453,546 USDC + ~584,445 USDT + ~9,566 GHST (flash-loaned principal…

0VIX is a Compound-V2 fork on Polygon. It accepts vGHST (Aavegotchi's auto-compounding wrapper of GHST) as collateral in the ovGHST market. The price of ovGHST's underly…

Allbridge Core Exploit — StableSwap `withdraw()` Symmetric-Burn Drain via Flash-Loan-Induced Imbalance

Loss · ~$549,890 in this single PoC run (attacker walks away with 549,889.57 BUSD of profit); th…

Allbridge Core uses a Curve-style StableSwap pool that tracks two internal reserves: tokenBalance (real stablecoin, in 3-decimal "system precision") and vUsdBalance (a v…

Allbridge Exploit — StableSwap LP Mispricing via Self-Imbalanced Pools

Loss · ~$549,874 — 549,874.39 BUSD net profit, fully recovered intra-transaction

Allbridge's stable pools track two internal balances per pool — a real-token balance tokenBalance and a virtual-USD balance vUsdBalance (Pool.sol:2445-2446). LP shares a…

Axioma (AXT) Exploit — Mispriced Presale Sells Tokens Far Below the AMM Market Price

Loss · 20.83 WBNB profit on a single 32.5 WBNB flash-loaned buy (≈ $6.4K @ ~$310/BNB). The vecto…

AxiomaPresale.buyToken() sells AXT at a fixed, owner-set price of rate / 1e9 tokens per wei of BNB (AxiomaPresale.sol:402-418). At the time of the attack that price was…

Hundred Finance #2 Exploit — Empty-Market Exchange-Rate Inflation Drains Every Pool

Loss · ~$7.4M across all Hundred Finance Optimism markets (ETH, SNX, USDC, DAI, USDT, sUSD, FRAX…

Hundred Finance is a Compound-v2 fork. Each CToken market prices its share token (hToken) with exchangeRate = (cash + borrows − reserves) / totalSupply (CToken.sol:357-3…