Author: nick

  • iVest token hacking

    In “transfer” function, if to address is 0x0, balance of sender is reduced 2 times, wrong logic. Hacker transferred some iVest tokens to uniswap pair, called skim(0x0), sync(). Because of wrong transfer, balance of pair was very small after repeating this step 3 times. Then, he could get almost all WBNB using a few iVest…

  • Vowcurrency hacked

    Root cause is bad exchange rate of VOW and vUSD token. Maybe this is due to mistake of team. Before hacking exchange rate was 5. Hacking happened in block 20519309, and exchange rate was set to 100 in block 20519307. https://t.co/HQX1ivaC8u After hacking, in block 20519316, they changed exchange rate to 5 again. https://t.co/um2qfNgJdq Hacker…

  • An unknown router contract hacked

    “transferFee” function has really basic vulnerability. who made this router?

  • An old lending defi hacked

    Root cause is old oracle that hasn’t updated for a long time. In hacking, he transferred some tokens into cToken because of borrow rate.

  • Unverified contract hacked because of callback function

    Victim contract doesn’t check if msg.sender is valid in “uniswapV3Callback” function.

  • MUSKITO token hacked

    Root cause is in “burn()” function. “burn()” function decreases balance of uniswap pair. To bypass first line, he bought 1 wei of token hundreds of time, and then called “burn()” function. Hacker gained $900. 😁

  • HFLH exploit

    Root cause is in price calcualtion. As you can see, price is calculated by amount of tokens in LP, but this can be maniupulated easily. Hacker could manipulate this price by transfering tokens into LP,after that he used “skim” to get tokens.

  • Reentrancy attack!

    There’s no reenctrance check in code.

  • Aave Repay Adapter contract hacked

    There was vulnerability in repay adapter contract. In swapAndRepay function, it approves tokens to Paraswap router. But if swap is not performed using approved token, allowance is not decreased. Using this hacker let victim contract approve tokens to paraswap router, and then moved those tokens to himself. If you want more detail, dm me or…