Those contracts have functions(like “0xa6efca62”) that can be used for swap tokens on uniswap v3, and there’re no access check in those functions. Hacker created fake uniswap v3 pool with his own token and let victim contract exchange tokens on that pool by calling vulnerable function, then removed liquidity from pool. Contracts on Ethereum, Bsc,…

Peapods reward contract was drained by sandwich attack. “depositFromPairedLpToken” function of reward contract exchanges all pOHM token to PEAS token. It has “_slippageOverride” parameter, hacker was able to do sandwich attack by setting this value to 999. Total loss is $3.5k.

XSD(Uniswap v2 fork project) router has functionality that burns XSD token of XSD/ETH pair. Hacker was able to manipulate pair state using this functionality. Also, he leveraged reentrance to reduce pair balance dramatically. After that, he was able to drain all ETH in XSD/ETH pair. This project was attacked on several chains, total loss is…

Ionic Finance was hacked because they’ve listed fake market. LBTC is currently deployed on Eth,Base, BNB, Corn, Bob and swell, but Ionic team listed LBTC market on Mode chain. LBTC on Mode was fake LBTC token that was deployed 26 days ago. Owner of fake LBTC can mint any amount of LBTC. He was able…

OdosLimitOrderRouter contract was exploited due to insufficient input check. Interestingly, function for validating signature used for call injection. “isValidSigImpl” function parses factory address and calldata and makes an external call using parsed data, this is used for call injection. Hacker provided token contract address and calldata for “transfer” as input of “isValidSigImpl” function, all tokens…

An unverified contract on Base was exploited, root cause is improper input check. It seems that this function is used for token exchange, but as there’s no check about input for external call, this can be used for call injection. Hacker took fund from users who approved to this contract, gained $125k.

AST token on BSC was hacked because of wrong transfer logic. When remove liquidity from pancake pair, AST token decreases pancake pair balance and burn tokens of pancake pair, not increase user’s balance. This means AST token balance of pancake pair decreased 2 times. Hacker exchanged a huge amount of USDT to AST, small amount…

BIGO token was hacked, root cause is auto burn functionality. In “transfer” function, “_autoBurn” function that decreases pancake pair balance is called. “burnAmount” can be set by sending a few ETH to BIGO token. Hacker exchanged a huge amount of DOGE to BIGO and set “burnAmount”, then called “transfer”. After that he exchanged all BIGO…

Unilend Pool lost $200k. Root cause is wrong health factor check. In “redeemUnderlying” function, LP tokens are burnt, and then health factor is checked. After that collateral tokens are transferred to user. When checking health factor, user token balance is calculated using current balance of token in pool contract, and as tokens are not transferred…