Radiant lost $50m on arbitrum and bsc. Hacker changed owner of poolConfigurator, and upgraded lending pool contract implementation, then drained all pools by calling “transferUnderlyingTo” function. To change owner, 3 owners of multisig need to sign tx. Is this private key leak or rug pull? Also, hacker is moving tokens of users who approved to…

Price of Sasha at uniswap v2 was much cheaper than v3. Hacker bought tokens at uniswap v2 and sold them at uniswap v3, gained $600k. Very simple exploit. 🙂

There’s a function that can be used for swapping WBNB to EGA token in victim contract. This function has no access control, anyone can call this function with only 1 wei. This is vulnerable to sandwich attack. Hacker swapped large amount of WBNB to EGA, called vulnerable function, and then swapped EGA to WBNB, gained…

Root cause is wrong price calculation. If someone buys a huge amount of tokens with a lot of BNB, then he can sell tokens at high price, he can send few tokens and get much BNB. Hacker bought 8000 BNB worth AIZPT token, and then sold small amount of tokens several times. Total loss $20k.

The lending project has WETH-USDC LP market. As you can see, price calculation for WETH-USDC LP market relies on UniswapV3Pool. Hacker was able to manipulate price, at first, price was 5826926145978180. But after manipulation price was 8131590584988874. He deposited some LP tokens in the pool, then deposited USDC and borrowed LP tokens. When borrowing, the…

Root cause is in “transfer” function. When transfer token to uniswap pair, balance of uniswap pair is automatically decreased and “sync” is called. If someone transfers many Fire tokens to uniswap pair, balance of uniswap pair gets smaller and reserve value also gets smaller. Hacker exchanged 20 eth to Fire, about 200 Fire tokens remaining…

Anyone can mint 1 uniBtc with 1 Eth. It seems that contract developer forgot that BTC is not native coin of Ethereum. 🙁 Interestingly, this vulnerability was available for several days. Total loss:$1.7m

Onyx protocol was hacked because of improper parameter check. Vulnerability is in helper contract for Onyx liquidation – NFTLiquidation. As you can see, there’s “liquidateWithSingleRepay” function. This function is useful when repay amount is larger than borrow amount, it calculates “extraRepayAmount” and use this value to mint new oTokens. This “extraRepayAmount” is also used in…

An unverified contract lost about $140k in several tx. This is a staking contract. There are “stake”, “unstake” functions and also a function for swap tokens. “stake” function stakes usdt token and call “_swap” function. “_swap” function exchanges 10 usdt to other tokens and adds reward according to swap result. But “_swap” can be called…