Author: nick
-
iVest token hacking
In “transfer” function, if to address is 0x0, balance of sender is reduced 2 times, wrong logic. Hacker transferred some iVest tokens to uniswap pair, called skim(0x0), sync(). Because of wrong transfer, balance of pair was very small after repeating this step 3 times. Then, he could get almost all WBNB using a few iVest…
-
Vowcurrency hacked
Root cause is bad exchange rate of VOW and vUSD token. Maybe this is due to mistake of team. Before hacking exchange rate was 5. Hacking happened in block 20519309, and exchange rate was set to 100 in block 20519307. https://t.co/HQX1ivaC8u After hacking, in block 20519316, they changed exchange rate to 5 again. https://t.co/um2qfNgJdq Hacker…
-
An unknown router contract hacked
“transferFee” function has really basic vulnerability. who made this router?
-
An old lending defi hacked
Root cause is old oracle that hasn’t updated for a long time. In hacking, he transferred some tokens into cToken because of borrow rate.
-
Unverified contract hacked because of callback function
Victim contract doesn’t check if msg.sender is valid in “uniswapV3Callback” function.
-
MUSKITO token hacked
Root cause is in “burn()” function. “burn()” function decreases balance of uniswap pair. To bypass first line, he bought 1 wei of token hundreds of time, and then called “burn()” function. Hacker gained $900. 😁
-
HFLH exploit
Root cause is in price calcualtion. As you can see, price is calculated by amount of tokens in LP, but this can be maniupulated easily. Hacker could manipulate this price by transfering tokens into LP,after that he used “skim” to get tokens.
-
Reentrancy attack!
There’s no reenctrance check in code.
-
Aave Repay Adapter contract hacked
There was vulnerability in repay adapter contract. In swapAndRepay function, it approves tokens to Paraswap router. But if swap is not performed using approved token, allowance is not decreased. Using this hacker let victim contract approve tokens to paraswap router, and then moved those tokens to himself. If you want more detail, dm me or…