08/10/21 |
Belt Finance |
BSC |
Bypass of internal balance calculation by sending tokens directly to contract |
https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291 |
|
$60,000,000 |
@bobface16 |
$1,050,000 |
|
01/30/21 |
ArmorFi |
ETH |
Math error |
https://medium.com/immunefi/armorfi-bug-bounty-postmortem-cf46eb650b38 |
|
Unclear |
@bobface16 |
$876,000 |
|
05/13/21 |
Fei Protocol |
ETH |
Drain funds using flashloan price manipulation of Uniswap pool |
https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb |
https://medium.com/fei-protocol/fei-bonding-curve-bug-post-mortem-98d2c6f271e9 |
$240,000,000 |
@bobface16 |
$800,000 |
|
11/17/21 |
Enzyme Finance |
ETH |
Drain funds using flashloan to manipulate contract internal calculations |
https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5 |
|
$400,000 |
setuid0 |
$90,000 |
|
10/05/21 |
RocketPool |
ETH |
A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. |
https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 |
https://twitter.com/rocket_pool/status/1446300700661583876?s=21 |
Unclear |
Dmitri Tsumak |
$100,000 |
|
10/05/21 |
Lido Finance |
ETH |
A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. |
https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 |
|
Unclear |
Dmitri Tsumak |
$100,000 |
|
06/16/21 |
Alchemix |
ETH |
Unprotected functions could lead to frontrunning and denial of service |
https://medium.com/immunefi/alchemix-access-control-bug-fix-debrief-a13d39b9f2e0 |
|
$300 |
@ashiqamien |
$7,500 |
|
06/07/21 |
88mph |
ETH |
Unprotected init() function was missing onlyOwner modifier |
https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3 |
|
$6,500,000 |
@ashiqamien |
$42,069 |
|
11/27/21 |
dYdX |
StarkWare L2 |
Low level call() with arbitrary inputs could be performed by untrusted parties. |
https://dydx.exchange/blog/deposit-proxy-post-mortem |
|
$2,000,000 |
Anon |
$500,000 |
|
12/05/21 |
Polygon |
MATIC |
Bad signature check with ecrecover |
https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d |
https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/ |
$18,000,000,000 |
Leon Spacewalker |
$2,200,000 |
|
12/21/21 |
Cronos |
Cronos |
|
https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570 |
https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r |
"Rewards only, not original assets" |
zb3 |
$40,000 |
CVE-2021-43839 |
10/20/21 |
Harvest Finance |
ETH |
Uninitialized proxy |
https://medium.com/immunefi/harvest-finance-uninitialized-proxies-bug-fix-postmortem-ea5c0f7af96b |
|
$6,400,000 |
Dedaub |
$200,000 |
|
10/05/21 |
Polygon |
MATIC |
Double spend bridge vulnerability |
https://medium.com/immunefi/polygon-double-spend-bug-fix-postmortem-2m-bounty-5a1db09db7f1 |
|
$850,000,000 |
Gerhard Wegnar |
$2,000,000 |
|
09/02/21 |
OpenZeppelin |
ETH |
Reentrancy vulnerability in OpenZeppelin TimelockController contract |
https://medium.com/immunefi/openzeppelin-bug-fix-postmortem-66d8c89ed166 |
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5#diff-8229f9027848871a1706845a5a84fa3e6591445cfac6e16cfb7d652e91e8d395R307 |
Unknown |
zb3 |
$25,000 |
|
07/31/21 |
Tidal Finance |
MATIC |
"Uninitialized or unset rewardDebt variable defaults to zero, allowing free unearned reward" |
https://medium.com/immunefi/tidal-finance-logic-error-bug-fix-postmortem-3607d8b7ed1f |
https://github.com/TidalFinance/tidal-contracts/commit/924e87f1aead70abb17760c839b53ba40d80bf2c#diff-46a924754f71a2f8be88d0f20295f40653c881426d64b90e8bdd4f4bed303368 |
Unclear |
Csanuragjain |
$25,000 |
|
08/01/21 |
xDai Stake |
xDAI |
Tokens accidentally sent to bridge contract can be stolen |
https://medium.com/immunefi/xdai-stake-arbitrary-call-method-bug-postmortem-f80a90ac56e3 |
|
$4.50 |
0xadee028d |
$5,000 |
|
07/30/21 |
Teller |
ETH |
Uninitialized proxy |
https://medium.com/immunefi/teller-bug-fix-postmorten-and-bug-bounty-launch-b3f67a65c5ac |
|
$1,000,000 |
Bugdefeat |
$50,000 |
|
06/14/21 |
MCDEX |
Arbitrum |
"Contract does not validate user-provided contract address input parameter, allowing a user to craft a malicious contract." |
https://medium.com/immunefi/mcdex-insufficient-validation-bug-fix-postmortem-182fc6cab899 |
|
Unclear |
Lucash-dev |
$50,000 |
|
04/27/21 |
PancakeSwap |
BSC |
Lottery ticket NFT can be redeemed multiple times because first redemption doesn’t invalidate ticket. |
https://medium.com/immunefi/pancakeswap-logic-error-bug-fix-postmortem-f2d02adb6983 |
|
$700,000 |
Juno |
|
|
06/13/21 |
Cream Finance |
ETH |
Old contract allow users to receive liquidity mining rewards without participating in liquidity mining. |
https://medium.com/immunefi/cream-finance-insufficient-validation-bug-fix-postmortem-1ec7248e8865 |
|
$100,000 |
Azeem |
$20,750 |
|
06/08/21 |
Mushrooms Finance |
ETH |
Flashloan function is missing an authorization check that allows any user to call the function. |
https://medium.com/immunefi/mushrooms-finance-logic-error-bug-fix-postmortem-780122821621 |
|
$635,000 |
ckksec |
$60,000 |
|
04/26/21 |
SharedStake |
ETH |
Low level call() with user-provided inputs could extract timelocked funds |
https://medium.com/immunefi/sharedstake-insider-exploit-postmortem-17fa93d5c90e |
|
$40,000,000 |
Lucash-dev |
$5,000 |
|
02/09/21 |
Charged Particles |
ETH |
A user could sell their NFT but still maintain possession of the NFT after the sale using a malicious contract. |
https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b |
https://github.com/Charged-Particles/charged-particles-universe/commit/f4fb60e3f791c1bb3b8907276b27d0319ce46a68#diff-91fca72e3021a185238dd0e82e118ae3ab5993db93dd322d301c665ff74e3eed |
Unclear |
unsafe_call |
$5,000 |
|
06/09/21 |
Zapper |
ETH |
Low level call() with user-provided inputs could steal LP tokens |
https://medium.com/immunefi/zapper-arbitrary-call-data-bug-fix-postmortem-d75a4a076ae9 |
https://medium.com/zapper-protocol/post-mortem-sushiswap-uniswap-v2-zap-out-exploit-84e5d34603f0 |
Unclear |
Lucash-dev |
$25,000 |
|
04/27/21 |
Mushrooms Finance |
ETH |
MEV attack can steal yield |
https://medium.com/immunefi/mushrooms-finance-theft-of-yield-bug-fix-postmortem-16bd6961388f |
|
Unclear |
Wen-Ding Li |
$4,000 |
|
03/11/21 |
Sovryn |
RSK |
"User could take out a loan using another party’s collateral, allowing theft of the “borrowed” funds" |
https://medium.com/immunefi/sovryn-loan-vulnerability-postmortem-ffaf4d1d688f |
|
$6,800 |
Whitehat Turbo |
$76,568 |
|
03/16/21 |
Vesper |
ETH |
Drain funds using flashloan price manipulation of Uniswap pool |
https://medium.com/immunefi/vesper-rebase-vulnerability-postmortem-and-bug-bounty-55354a49d184 |
https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72 |
$310,000 |
Dedaub |
Unclear |
|
04/06/21 |
Fei Protocol |
ETH |
A combination of Uniswap function calls and Fei incentive calculations around maintaining peg allow a user to receive free WETH |
https://medium.com/immunefi/fei-protocol-vulnerability-postmortem-483f9a7e6ad1 |
|
$5,640,000 |
0xRevert |
$300,000 |
|
02/22/21 |
PancakeSwap |
BSC |
User can frontrun the winning lottery ticket selection and buy the winning lottery ticket |
https://medium.com/immunefi/pancakeswap-lottery-vulnerability-postmortem-and-bug-4febdb1d2400 |
|
$240,000 |
Thunder |
Unclear |
|
02/21/21 |
Primitive Finance |
|
|
https://primitivefinance.medium.com/postmortem-on-the-primitive-finance-whitehack-of-february-21st-2021-17446c0f3122 |
https://medium.com/immunefi/inside-the-war-room-that-saved-primitive-finance-6509e2188c86 |
|
|
|
|
05/08/21 |
Meebit NFTs |
|
Brute force attack to mint rare Meetbits NFTs |
https://iphelix.medium.com/meebit-nft-exploit-analysis-c9417b804f89 |
|
|
|
|
|
10/28/21 |
Aztec |
|
|
https://hackmd.io/@aztec-network/disclosure-of-recent-vulnerabilities |
|
|
Xin Gao and Onur Kilic |
$50,000 |
|
11/15/21 |
Nerve Bridge |
|
|
https://blocksecteam.medium.com/the-analysis-of-nerve-bridge-security-incident-ead361a21025 |
|
$540,000 |
|
|
|
08/14/21 |
Curve Bribe |
ETH |
|
https://twitter.com/bantg/status/1426629982328180737 |
|
$118,000 |
@bantg |
Unknown |
|
08/16/21 |
SushiSwap |
ETH |
|
https://samczsun.com/two-rights-might-make-a-wrong/ |
https://hackmd.io/@353yQn6WTImF5o12LQXXfQ/Hy2ZDYFxF |
$350,000,000 |
@samczsun |
Unknown |
|
08/13/21 |
ENS Name Wrapper |
ETH |
|
https://samczsun.com/the-dangers-of-surprising-code/ |
|
|
@samczsun |
|
|
02/26/21 |
Tokenlon |
|
|
https://tokenlon.medium.com/tokenlon-4-0-fee-incident-disclosure-9ee8b5fad564 |
|
|
@samczsun |
|
|
04/05/21 |
Ambisafe |
|
|
https://samczsun.com/uncovering-a-four-year-old-bug/ |
|
|
@samczsun |
|
|
03/26/21 |
ElasticDAO |
|
|
https://medium.com/elasticdao/elasticdao-smart-contract-and-security-audits-400f424281b6 |
|
|
@samczsun |
|
|
02/15/21 |
NFTX |
|
|
https://forum.nftx.org/t/retroactive-bug-bounty/161 |
|
|
@samczsun |
$50,000 |
|
02/09/21 |
ForTube |
|
|
https://medium.com/the-force-protocol/fortube-security-vulnerability-fix-c5847359ba7d |
|
|
@samczsun |
|
|
02/21/21 |
Hashmasks |
|
|
https://samczsun.com/the-dangers-of-surprising-code/ |
https://thehashmasks.medium.com/hashmask-art-sale-bug-report-13ccd66b55d7 |
|
@samczsun |
$12,500 |
|
01/09/21 |
Optimism |
|
|
ethereum-optimism/contracts#172 |
ethereum-optimism/contracts#179, ethereum-optimism/contracts#181, ethereum-optimism/contracts#364, ethereum-optimism/contracts#360 |
|
@samczsun |
|
|
12/03/20 |
Frax Finance |
|
|
FraxFinance/frax-solidity#12 |
FraxFinance/frax-solidity#7 |
|
@samczsun |
|
|
10/12/20 |
Yield Protocol |
|
|
yieldprotocol/fyDai#360 |
|
|
@samczsun |
|
|
10/15/20 |
Alpha Homora |
|
|
https://blog.alphafinance.io/alpha-homora-adjustments/ |
|
|
@samczsun |
|
|
10/03/20 |
Aavegotchi Staking |
|
|
aavegotchi/ghst-staking#2 |
|
|
@samczsun |
|
|
09/25/20 |
Incognito Chain |
|
|
https://we.incognito.org/t/how-a-smart-contract-vulnerability-was-discovered-and-fixed/6416 |
|
|
@samczsun |
|
|
09/15/20 |
Lien Finance |
|
|
https://samczsun.com/escaping-the-dark-forest/ |
|
|
@samczsun |
|
|
08/21/20 |
xTokens |
|
|
https://medium.com/xtoken/xsnxa-false-start-post-mortem-f26a7a735383 |
|
|
@samczsun |
|
|
07/25/20 |
yVault |
|
|
https://blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/ |
|
$400,000 |
@samczsun |
|
|
|
Atomic Loans |
|
|
|
|
|
@samczsun |
|
|
|
Aragon Court |
|
|
https://blog.aragon.one/aragon-court-v1-upgrades/ |
|
|
@samczsun |
|
|
|
Synthetix |
|
|
https://blog.synthetix.io/bug-disclosure |
|
|
@samczsun |
|
|
|
Hegic |
|
|
https://twitter.com/0mllwntrmt3/status/1242645476136103936 |
|
|
@samczsun |
|
|
02/18/20 |
Nexus Mutual |
|
|
https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa |
|
|
Mudhit Gupta |
$2,000 |
|
02/20/20 |
Nexus Mutual |
|
|
https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa |
|
|
@samczsun |
$5,000 |
|
02/17/20 |
Authereum |
|
|
https://medium.com/authereum/account-vulnerability-disclosure-ec9e288c6a24 |
|
|
@samczsun |
|
|
09/13/19 |
Kyber Network |
|
|
https://blog.kyber.network/anatomy-of-a-bridge-reserve-smart-contract-vulnerability-and-how-we-fixed-it-fc5c50d13238 |
|
|
@samczsun |
|
|
11/08/19 |
ENS |
|
|
https://medium.com/the-ethereum-name-service/lets-talk-ens-migration-a92d5c21df28 |
|
|
@samczsun |
|
CVE-2020–5232 |
01/25/20 |
Curve Finance |
|
|
https://blog.curve.fi/vulnerability-disclosure/ |
|
|
@samczsun |
|
|
10/17/19 |
Cheese Wizards |
|
|
https://medium.com/dapperlabs/disclosure-forking-cheeze-wizards-smart-contracts-all-funds-and-wizards-are-secure-3c53af5bc531 |
|
|
@samczsun |
|
|
09/18/19 |
Hydro Protocol |
|
|
https://medium.com/ddex/fixed-potential-vulnerability-in-contract-used-during-private-beta-217c0ed6f694 |
|
|
@samczsun |
|
|
09/03/19 |
bZx Protocol |
|
|
https://medium.com/@b0xNet/your-funds-are-safe-d35826fe9a87 |
|
|
@samczsun |
|
|
07/29/19 |
Livepeer |
|
|
https://forum.livepeer.org/t/protocol-paused-for-bug-fix-upgrade-7-29-19-4-21pm-edt-update-protocol-resumed-as-of-8-40pm-edt/841 |
|
|
@samczsun |
|
|
07/12/19 |
0x Exchange |
|
|
https://samczsun.com/the-0x-vulnerability-explained/ |
|
|
@samczsun |
|
|