BIGO token was hacked, root cause is auto burn functionality. In “transfer” function, “_autoBurn” function that decreases pancake pair balance is called. “burnAmount” can be set by sending a few ETH to BIGO token. Hacker exchanged a huge amount of DOGE to BIGO and set “burnAmount”, then called “transfer”. After that he exchanged all BIGO…

Unilend Pool lost $200k. Root cause is wrong health factor check. In “redeemUnderlying” function, LP tokens are burnt, and then health factor is checked. After that collateral tokens are transferred to user. When checking health factor, user token balance is calculated using current balance of token in pool contract, and as tokens are not transferred…

A contract named “FortuneWheel” was exploited due to public swap functionality. “swapProfitFees” function exchanges tokens using pancakeswap and has no modifier. Hacker exchanged a huge amount of WBNB to LINK, then called this function, exchanged LINK to WBNB again. He gained almost $21k. There should be access check in “swapProfitFees” function.

Mosca on BSC was hacked because of wrong balance calculation. As you can see in picture, withdraw balance is calculated by user.balance + user.balanceUSDT + user.balanceUSDC. But after “withdrawAll()”, only user.balance is set 0, USDT and USDC balance not changed, this means anyone can withdraw tokens several times if USDT or USDC balance is not…

Sorra staking contract was hacked because of wrong reward calculation. When user withdraws his tokens, they get reward. “userRewardsDistributed” value is increased when user gets reward, but this value is not considered when calculating pending reward, this means users can get reward several times. Hacker just called “withdraw(1 wei)” multiple times, gained almost $43k.

LAURA token has “removeLiquidityWhenKIncreases” function that decreases uniswap pair balance is K is increased. Hacker exchanged a huge amount of WETH to LAURA and added some of LAURA and WETH to to uniswap pair to increase K, then called “removeLiquidityWhenKIncreases()” function. After that he exchanged all LAURA to WETH, as x*y=k got much smaller, he…

BIZNESS on base was hacked, root cause is reentrancy. Locker contract has “splitLock” function that splits lock position. In this function, “_feeHandler()” function is used for sending fees to treasury and remaining to user. There’s no reentrancy check in “splitLock” function, and locked amount is decreased after “_feeHandler()” is called. This can be used for…

Nani finance has NLP contract that can be used for uniswap v3 liquidity management. “contribute” function of NLP contract adds uniswap v3 liquidity using some of received eth and some Nani tokens stored in itself, and then exchanges remaining eth to Nani token. Here, Nani tokens used for liquidity belong to NLP contract, not user,…

Compound fork lending project – Moonwell was hacked because of improper input check. There’re several Moonhacker contracts that can be used for smart supply and borrow. In “executeOperation” function, input data is not checked, hacker was able to input his own contract as mToken contract as there’s no check. If he provide his contract as…