Labubu token was hacked because of wrong transfer logic. If sender and recipient are the same…? Anyone can increase token balance by just sending token to itself. $120k was drained because of this simple vulnerability. 🙁

Root cause of bnbs exploit is reentrance. “removeLiquidity” function has no reentrance check, and bnbs balance is updated after eth sent, this can be used for reentrance attack. As you can see, “removeLiquidity” function is called in fallback function, and in each “removeLiquidity” function, he gets more and more bnbs tokens, as bnbs balance is…

Victim contract has exchange functionality, but it gets exchange rate using pancakeswap v2 pair. This can be easily manipulated by exchanging huge amount of tokens on pancake swap. Hacker exchanged almost all DCF token in victim contract to BUSD. Then, exchanged huge amount of BUSD to DCF on pancakeswap, exchange rate manipulated. After that, he…

Clober Liquidity Vault was exploited, root cause is reentrance. “_burn” function calls “burnHook” function of pool.strategy contract, but it has no reentrancy check. Hacker deployed his own token contract and created pool with WETH and that token using “open” function, set pool.strategy to attack contract, now “_burn” function calls “burnHook” function of attack contract. In…

GAGAW token hacked becuase of wrong tranfer logic. Check transfer function. 🙂 What was developer thinking while writing this code? Total loss is about $70k.

Vestra DAO staking contract exploited because of wrong unstake logic. In “unStake” function, there’s no code for remove user staking info, this means anyone who staked some amount can unstake several times. Hacker just called “unStake” several times. He prepared this attack for 1 month, because lock period is 1 month. He staked some VSTR…

BYC contract has “autoBurnLiquidity” function that transfers tokens from pancake pair to DEAD address when balance of pancake pair is more than “lpBurnFrequency”. “lpBurnFrequency” is increased when tokens are transferred to pancake pair(when exchanging BYC to USDT). To increase this value, hacker exchanged large amount USDT to BYC and transferred all BYC to pancake pair,…

DCF token hacked because of wrong transfer logic. In “transfer” function, if target address is pancake pair, it exchanges 5% of tokens to USDT and adds liquidity to DCT-USDT pancake pair. This can be used for exploit. Hacker borrowed a huge amount of USDT and exchanged them to DCF and DCT. After that he transferred…

There’s a pool for exchange BTB to USDT and vice versa. Exchange rate is calculated from pancake v2 pair reserve rate. To manipulate this rate, hacker exchanged large amount of USDT to BTB at pancake v2 pair, then exchanged some of BTB to USDT at high price. He gained about $5k.