There’s a pool for exchange BTB to USDT and vice versa. Exchange rate is calculated from pancake v2 pair reserve rate. To manipulate this rate, hacker exchanged large amount of USDT to BTB at pancake v2 pair, then exchanged some of BTB to USDT at high price. He gained about $5k.

Aave fork lending project-Polter finance hacked due to price manipulation. Very very classic oracle issue. As you can see from picture, BOO token price is very high. Why? BOO token price is calculated using Spooky LP token state. This can be easily manipulated using flashloan. At the beginning of the attack, hacker borrowed almost all…

vETH token has “takeLoan” functoin that can be called by only valid factory. Also, in Factory contrat, there’s a function that adds liquidity to Uniswap vETH-BIF pair using “takeLoan” function and user’s BIF tokens. This function changes pair state, increases x*y=k. Hacker leveraged this, gained some vETH for free. Total loss is abot $450k.

Leveraged farming project-DeltaPrime was hacked on Arbitrum and Avalanche. It has “swapDebtParaSwap” function for leverage. It is possible to borrow much more assets than collateral using this function. Hacker exchanged all borrowed tokens to collateral tokens in this function. Also it has “claimReward” function for getting reward, but it doesn’t check parameter validity. Hacker was…

BGM token has “withdraw” function that manipulates pancake swap pair reserve. Hacker exchanged large amount of USDT to BGM token, leveraged “withdraw” function to manipulate pair state, then exchanged BGM to USDT again. He gained about $450k.

CowSwap related contract exploited because it approved tokens to vulnerable contracts. It approved WETH to 0xa58ca3013ed560594557f02420ed77e154de0109 which has unprotected uniswapV3Callback function. It also approved DAI to 0xcd07a7695e3372acd2b2077557de93e667b92bd8 which is vulnerable to call injection. Be careful when approving!

A compound fork lending project was hacked due to price oracle manipulation. It has SUI market and price of SUI is calculated using CLPool(Uniswap v3 fork) status. The pool is very small and easy to manipulate. As you can see price is very much higher after manipulation. Hacker drained multiple markets, gained almost $1M.

Ramses Exchange on Arbitrum hacked about $90k due to wrong reward calculation. Reward amount is calculated from “tokenTotalSupplyByPeriod” value and this value isn’t decreased after sending reward. “veWithdrawnTokenAmountByPeriod” value is increased, but if use new “tokenId”, the increased value is ignored. This means anyone can get reward several times using different token Ids. As you…

Radiant lost $50m on arbitrum and bsc. Hacker changed owner of poolConfigurator, and upgraded lending pool contract implementation, then drained all pools by calling “transferUnderlyingTo” function. To change owner, 3 owners of multisig need to sign tx. Is this private key leak or rug pull? Also, hacker is moving tokens of users who approved to…