Author: nick

Nani finance has NLP contract that can be used for uniswap v3 liquidity management. “contribute” function of NLP contract adds uniswap v3 liquidity using some of received eth and some Nani tokens stored in itself, and then exchanges remaining eth to Nani token. Here, Nani tokens used for liquidity belong to NLP contract, not user,…

Compound fork lending project – Moonwell was hacked because of improper input check. There’re several Moonhacker contracts that can be used for smart supply and borrow. In “executeOperation” function, input data is not checked, hacker was able to input his own contract as mToken contract as there’s no check. If he provide his contract as…

Labubu token was hacked because of wrong transfer logic. If sender and recipient are the same…? Anyone can increase token balance by just sending token to itself. $120k was drained because of this simple vulnerability. 🙁

Root cause of bnbs exploit is reentrance. “removeLiquidity” function has no reentrance check, and bnbs balance is updated after eth sent, this can be used for reentrance attack. As you can see, “removeLiquidity” function is called in fallback function, and in each “removeLiquidity” function, he gets more and more bnbs tokens, as bnbs balance is…

Victim contract has exchange functionality, but it gets exchange rate using pancakeswap v2 pair. This can be easily manipulated by exchanging huge amount of tokens on pancake swap. Hacker exchanged almost all DCF token in victim contract to BUSD. Then, exchanged huge amount of BUSD to DCF on pancakeswap, exchange rate manipulated. After that, he…

Clober Liquidity Vault was exploited, root cause is reentrance. “_burn” function calls “burnHook” function of pool.strategy contract, but it has no reentrancy check. Hacker deployed his own token contract and created pool with WETH and that token using “open” function, set pool.strategy to attack contract, now “_burn” function calls “burnHook” function of attack contract. In…

GAGAW token hacked becuase of wrong tranfer logic. Check transfer function. 🙂 What was developer thinking while writing this code? Total loss is about $70k.

Vestra DAO staking contract exploited because of wrong unstake logic. In “unStake” function, there’s no code for remove user staking info, this means anyone who staked some amount can unstake several times. Hacker just called “unStake” several times. He prepared this attack for 1 month, because lock period is 1 month. He staked some VSTR…

BYC contract has “autoBurnLiquidity” function that transfers tokens from pancake pair to DEAD address when balance of pancake pair is more than “lpBurnFrequency”. “lpBurnFrequency” is increased when tokens are transferred to pancake pair(when exchanging BYC to USDT). To increase this value, hacker exchanged large amount USDT to BYC and transferred all BYC to pancake pair,…