• Decentralized Finance(DCF) hacked.

    Victim contract has exchange functionality, but it gets exchange rate using pancakeswap v2 pair. This can be easily manipulated by exchanging huge amount of tokens on pancake swap. Hacker exchanged almost all DCF token in victim contract to BUSD. Then, exchanged huge amount of BUSD to DCF on pancakeswap, exchange rate manipulated. After that, he…

  • CloberDex hacked.

    Clober Liquidity Vault was exploited, root cause is reentrance. “_burn” function calls “burnHook” function of pool.strategy contract, but it has no reentrancy check. Hacker deployed his own token contract and created pool with WETH and that token using “open” function, set pool.strategy to attack contract, now “_burn” function calls “burnHook” function of attack contract. In…

  • GAGAW token exploit.

    GAGAW token hacked becuase of wrong tranfer logic. Check transfer function. 🙂 What was developer thinking while writing this code? Total loss is about $70k.

  • Vestra DAO hacked.

    Vestra DAO staking contract exploited because of wrong unstake logic. In “unStake” function, there’s no code for remove user staking info, this means anyone who staked some amount can unstake several times. Hacker just called “unStake” several times. He prepared this attack for 1 month, because lock period is 1 month. He staked some VSTR…

  • BYC token hacked.

    BYC contract has “autoBurnLiquidity” function that transfers tokens from pancake pair to DEAD address when balance of pancake pair is more than “lpBurnFrequency”. “lpBurnFrequency” is increased when tokens are transferred to pancake pair(when exchanging BYC to USDT). To increase this value, hacker exchanged large amount USDT to BYC and transferred all BYC to pancake pair,…

  • DCF token exploit.

    DCF token hacked because of wrong transfer logic. In “transfer” function, if target address is pancake pair, it exchanges 5% of tokens to USDT and adds liquidity to DCT-USDT pancake pair. This can be used for exploit. Hacker borrowed a huge amount of USDT and exchanged them to DCF and DCT. After that he transferred…

  • BTB token hacked.

    There’s a pool for exchange BTB to USDT and vice versa. Exchange rate is calculated from pancake v2 pair reserve rate. To manipulate this rate, hacker exchanged large amount of USDT to BTB at pancake v2 pair, then exchanged some of BTB to USDT at high price. He gained about $5k.

  • Polter finance hacked.

    Aave fork lending project-Polter finance hacked due to price manipulation. Very very classic oracle issue. As you can see from picture, BOO token price is very high. Why? BOO token price is calculated using Spooky LP token state. This can be easily manipulated using flashloan. At the beginning of the attack, hacker borrowed almost all…

  • vETH token hacked.

    vETH token has “takeLoan” functoin that can be called by only valid factory. Also, in Factory contrat, there’s a function that adds liquidity to Uniswap vETH-BIF pair using “takeLoan” function and user’s BIF tokens. This function changes pair state, increases x*y=k. Hacker leveraged this, gained some vETH for free. Total loss is abot $450k.