SCV-List

This list highlights the accomplishments and disclosed vulnerabilities of the top white hat security experts in DeFi.

This list is part HackerOne leaderboard and part CVE database. Contributions are welcome and it would be amazing if the crypto community could crowdsource a CVE-like database. My arbitrary rules to include a vulnerability in this list (until I am convinced otherwise) is that the vulnerability must be discovered on mainnet (meaning most audit findings are excluded) and it must not have resulted in intentional loss of user funds (meaning most rekt.news hacks are excluded).

So far, the sources of this list include postmortems from:

Additional submissions to fill in gaps are welcome.

What about common code weaknesses?

This list only includes actual vulnerabilities. There are CWE-like lists that exist to capture common weaknesses in code, including these lists:

What about hacks that cause protocols to get rekt?

This list does not include black hat hacks which involved user loss of funds, even if the funds are returned. There are other lists for that, including these lists:

What about Layer 1 blockchain vulns

This list is focused on smart contract vulnerabilities. Some layer 1 vulnerabilities may be included below, but there are separate lists for this topic

Contributions

Contributions are very welcome. This list is guaranteed to be incomplete.

This markdown table format is weird…

Yes, it renders weird on github, but you can view the markdown in your own local markdown editor instead of github. Or you can search for a web-based markdown-to-csv converter and copy the data to a spreadsheet.

Smart Contract Vulnerabilities Table

Date Protocol Name Blockchain Vulnerability Description Writeup Link Additional Links Total Value at Risk Whitehat Bounty Award Vulnerability ID
08/22/23 Balancer ETH   https://twitter.com/Balancer/status/1694014645378724280          
07/28/23 Uniswap ETH Flaw in order settlement logic. If a user has an order on another protocol with the same ask token as in UniswapX, filler can abuse this and not send the entire requested amounts. https://kebabsec.xyz/posts/critical_vulnerability_in_uniswapx     shung $200,000  
06/28/23 DX.app BNB Decompiling an unverified contract with high TVL revealed that unlockToken can be called unlimited times. Calling unlockToken 100 times returns 100x the deposited tokens. https://blog.decurity.io/dx-protocol-vulnerability-disclosure-bddff88aeb1d   $5,200,000.00 decurity $500  
04/28/23 Yield Protocol ETH Pool balanceOf can be inflated with a donation attack. The donation can happen together with burning pool shares to inflate the number of pool shares received during minting https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50   $950,000.00 PaludoX0 $95,000  
04/28/23 DFX Finance MATIC Rounding error could lead to user receiving LP tokens without depositing any tokens. EURS decimals value of 2 make it faster to extract value from this rounding error compared to a token with 6 or 18 decimals. https://medium.com/immunefi/dfx-finance-rounding-error-bugfix-review-17ba5ffb4114   $237,143.00 perseverance $100,000  
04/27/23 Silo ETH A silo without any deposits could be manipulated with a donation attack to reach very high interest rate values. The fast increase in collateral value from interest accumulation can be borrowed against, allowing a user to withdraw large sums from the protocol. https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8 https://twitter.com/kankodu/status/1669833829203476480   kankodu $100,000  
04/04/23 Yearn Finance ETH Strategy loss calculation in prepareReturn is incorrect, but would not directly result in loss of funds https://github.com/yearn/yearn-security/blob/master/disclosures/2023-04-04.md     0xadrii    
03/28/23 Enzyme Finance ETH Missing access check in the GasRelayerPaymasterLib contract https://medium.com/immunefi/enzyme-finance-missing-privilege-check-bugfix-review-ddb5e87b8058 https://twitter.com/enzymefinance/status/1643893025532178432   rootrescue $400,000  
03/18/23 Alchemist ETH Missing access control modifier combined with incorrect logic handling in the case of nonexistent mapping value can be combined to brick the rewards accumulation in the protocol https://dacian.me/28k-bounty-admin-brick-forced-revert     DevDacian $28,000  
02/24/23 Tranchess ETH Malicious node operator could frontrun a deposit transaction with the credentials replaced to steal value that should be withdrawn to users of the liquid staking protocol. Same as Lido and Rocketpool bounty from 2021 https://www.kalos.xyz/blog/tranchess-liquid-staking-deposit-firstrun-vulnerability-analysis https://tranchess.medium.com/recap-deposit-front-run-vulnerability-mitigation-cfc66ef8c50d   Jade Han $75,000  
02/19/23 Tron ETH Tron multisig wallet design allowed a single user in the multisig to provide multiple valid signatures, allowing a single user to override the security of a multisig and submit any transactions without needing other signers. This was because there was no check for duplicate signatures from a single signer. https://0d.dwalletlabs.com/game-of-tron-critical-0-day-in-tron-multi-signature-wallets-2c3e90668dc0     dWallet Labs    
02/13/23 LayerZero   Customized relayed could send cross-chain messages for free https://medium.com/@blockian/blackboxing-layerzero-labs-off-chain-relayer-954aecab0f62     _blockian $25,000  
02/10/23 NEAR     https://hackenproof.com/blog/for-hackers/near-rewards-1-8-million-to-ethical-hackers-at-hackenproof       $1,800,000  
01/22/23 Balancer ETH Duplicate claims could be accepted by the merkle tree logic, which would allow draining of assets https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/NWDf5uW1Ve7-TrcPKwmM86xp8ploMSCRGC58A-NSoFY https://twitter.com/Balancer/status/1620503172702953475, https://medium.com/immunefi/balancer-logic-error-bugfix-review-74f5edca8b1a   0xriptide $75,000.00  
12/29/22 Fluidity ETH A specific sequence of reward function calls would cause a revert, preventing the protocol from sending rewards to users https://www.trust-security.xyz/post/breaking-fluidity-for-glory-and-50k     trust_90 $50,000.00  
12/16/22 Gnosis Safe ETH Returned array of module addresses did not include the next address, resulting in a potential misunderstanding by the user https://docs.gnosis-safe.io/learn/security/bug-bounty-program#the-function-getmoduledpaginated-does-not-return-all-modules     RenanSouza2 $2,000.00  
12/14/22 Thena BSC Rewards claiming reverts in certain cases due to an incorrect logic check related to the expiration of the veNFT token https://zzykxx.com/2023/02/02/the-bug-that-codearena-missed-,-twice/     zzykxx $20,000.00  
11/29/22 Uniswap ETH Reentrancy vulnerability in new UniversalRouter could allow an ERC721 callback to sweep funds sitting in the router from a previous unfinished transaction https://media.dedaub.com/uniswap-bug-bounty-1625d8ff04ae https://www.nomoi.xyz/blog/uniswap-vulnerability-disclosure   Dedaub $40,000.00  
11/15/22 Beanstalk ETH Any EOA that approved the Beanstalk proxy could have the approved assets transferred out of their EOA due to bad transferFrom logic https://medium.com/immunefi/beanstalk-logic-error-bugfix-review-4fea17478716       $181,850.00  
11/02/22 Oasis DAO ETH A specific call flow allows for delegatecall to call selfdestruct which would shut down the Oasis Earn platform https://www.trustindistrust.com/post/taking-home-a-20k-bounty-with-oasis-platform-shutdown-vulnerability     trust_90 $20,000.00  
11/01/22 Curve ETH Bribes were allocated based on a user’s locked amount of CRV rather than allocating based on their veCRV balance. VeCRV balance decays over time but locked CRV does not. https://github.com/yearn/yearn-security/blob/master/disclosures/2022-11-01.md     Yearn    
10/21/22 Curve ETH Missing access control allowed anyone to set the fee receiver of pools paired with the base pool https://github.com/curvefi/security-incident-reports/blob/main/disclosures/pool_owner_proxy_bug.md       $60,000.00  
10/18/22 Mai Finance ETH Same get_virtual_price read-only reentrancy vulnerability that ChainSecurity discovered, but this time found in QiDao’s vault integration with Curve. Price manipulation would allow theft of funds and leave the protocol with bad debt https://ambergroup.medium.com/mai-finances-oracle-manipulation-vulnerability-explained-55e4b5cc2b82     Amber Group    
10/14/22 Bunni ETH The first deposit into a new pool can be frontrun by 1. depositing 1 wei into the protocol 2. depositing into the underlying pool in Uniswap and sending LP tokens directly to the protocol. This results in the protocol not providing the second depositer with any shares, and the first depositor can withdraw the first two deposits with the shares they own. https://www.rileyholterhus.com/writing/bunni     rileyholterhus    
09/30/23 Q Blockchain   Double voting with the same tokens is possible. One vote can happen when the tokens are delegated, the other vote happens when the tokens are about to be unlocked https://medium.com/@blockian/striking-gold-at-30-000-feet-uncovering-a-critical-vulnerability-in-q-blockchain-for-50-000-ab335042147b     _blockian $50,000.00  
09/26/22 OpenSea ETH   https://twitter.com/hacker_/status/1574518042737790976     hacker_ $100,050.00  
09/25/22 88mph ETH Deposits could be withdrawn before the maturity date because the deposit process did not update the rewardPerToken variable, allowing theft of yield https://medium.com/immunefi/88mph-theft-of-unclaimed-mph-rewards-bugfix-review-1dec98b9956b     0xSzeth $21,000.00  
09/21/22 Mt Pelerin ETH Function did not check if input array contained duplicate values. This allowed a user to submit an array of duplicate actions and the action would be performed multiple times because there were insufficient checks. https://medium.com/immunefi/mt-pelerin-double-transaction-bugfix-review-503838db3d70       $10,000.00  
09/20/22 Arbitrum Nitro ETH Uninitialized proxy. The proxy was initialized, but the values were wiped and sequencerInbox was never rewritten. Initialize could be called to set key bridge variables and steal bridge funds. https://medium.com/@0xriptide/hackers-in-arbitrums-inbox-ca23272641a2     0xriptide $560,000.00  
09/17/22 Liquity ETH Tellor fallback oracle used in an unsafe way https://www.liquity.org/blog/tellor-issue-and-fix     0xpaco    
09/09/22 Solidly V1 ETH Several vulnerabilities exist in Solidly V1 and Solidex. Denial of service is possible in multiple ways and other attacks that can remove value from the protocol are also described. https://medium.com/@seraph333/security-disclosures-and-recent-attacks-on-solidly-v1-ab7dc47558c5          
09/08/22 Abracadabra AVAX The Native Asset precompile contract on Avalanche C-Chain allows delegatecall-like ability to pass original msg.sender in a call to another contract. This could be used to bypass a blacklist check that prevents calls from certain contracts. https://mirror.xyz/0x5744b051845B62D6f5B6Db095cc428bCbBBAc6F9/zRO5HegkDEHG1NEnM3h-am79Pf5RlERhHNsiI1CiFts https://medium.com/avalancheavax/apricot-phase-6-native-asset-call-deprecation-a7b7a77b850a $3,000,000.00 Statemind    
09/08/22 OpenSea ETH Due to using the quotient of a division operation instead of the remainder, a memory overwrite vulnerability in a loop could overwrite a word at the end of an array https://blocksecteam.medium.com/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d     Blocksec    
09/06/22 Yearn Finance ETH Yearn Vaults on ETH POW forks that use the same chainId and a DOMAIN_SEPARATOR value that is calculated at contract deployment are vulnerable to replay attacks. https://github.com/yearn/yearn-security/blob/master/disclosures/2022-09-06.md          
09/03/22 Notional ETH   https://twitter.com/NotionalFinance/status/1566089211068948480   $1,500,000.00   $150,000.00  
08/24/22 Across   Bridge double spend was possible due to off-chain relayer bug https://iosiro.com/blog/high-risk-bug-disclosure-across-bridge-double-spend     Jason Matthyser $90,000.00  
08/14/22 Moonwell Moonbeam Depegged assets were still valued at $1 by the protocol, which could have caused the protocol to accrue large amounts of bad debt. https://medium.com/risk-dao/the-risk-of-secondary-markets-for-depegged-collateral-tokens-moonwell-bug-disclosure-2021181f50bc     Risk DAO $10,000.00  
08/13/22 Talent Protocol MATIC Public function without access controls set the protocol token address, enabling a rogue ERC20 contract to freeze contract funds https://mirror.xyz/0xCf39521413F8De389771e35bB4C77b4bb827b7B3/HdSq7TVvk-s7DzQgN3u0pV8UFiVkaDft18HgmePTag4   $465,000.00 kebabsec    
08/05/22 Yield Protocol Arbitrum Code was copied from a similar function resulting in an incorrectly implemented function. The fix during the post-audit remediation did not correctly consider the contract inheritance and allowed for contract funds to be drained https://medium.com/yield-protocol/post-mortem-of-incident-on-august-5th-2022-7bb70dbb9ada   $206,000.00      
07/25/22 Velas chain Velas Similar to pwning.eth Moonbeam and Aurora bugs, combines delegatecall with precompiled contracts on different blockchains that didn’t consider this edge case https://mirror.xyz/orenyomtov.eth/RbV_WYYTPCAObp3VsNlkgx6iQBElwulGQf586lVK7dE     orenyomtov.eth $100,000.00  
07/14/22 Sherlock ETH Cross-protocol reentrancy. 1inch swap callback enables reentrancy to modify exchange rate on Euler which changes the redemption amount from staking with Sherlock. https://mirror.xyz/0xE400820f3D60d77a3EC8018d44366ed0d334f93C/LOZF1YBcH1eBdxlC6HP223cAMeTpNgQ-Kc4EjQuxmGA     GothicShanon89238 $250,000.00  
07/07/22 Yield Protocol ETH Deprecated strategy roll-over process had a security issue but no value at risk https://twitter.com/yield/status/1545119888309567489   $0.00   $10,000.00  
07/01/22 Interlay DOT interBTC bridge had two bugs that could 1. force liquidation of vaults 2. insecure address extraction for P2SH addresses allows for address spoofing https://pwning.mirror.xyz/jlT8OgtwN3mQf3KdYmXdcSXbE4s95JzT3eR3wxiLmpw https://medium.com/interlay/kintsugi-released-urgent-security-patches-aebf969ee087   pwning.eth $200,000.00  
06/28/22 Moonbeam DOT Improper truncation during type conversation leads to different interpretations of a single value https://pwning.mirror.xyz/RFNTSouIIlHVNmTNDThUVb1obIeN5c1LAiQuN9Ve-ok https://moonbeam.network/blog/security-patch-for-integer-truncation-bug/   pwning.eth $1,000,000.00 CVE-2022-31111
06/16/22 Aurora NEAR A serialized payload could be crafted that would deserialize to a valid transaction. This allowed spoofing of Aurora token burns and the withdrawal of funds from the bridge. https://medium.com/immunefi/aurora-withdrawal-logic-error-bugfix-review-c5b4e30a9160   $62,935,870.00 Anon $1,000,000.00  
06/10/22 Aurora NEAR Improper input sanitization allowed arbitrary inputs for the args value, which is fully controlled by user input. This value sets a recipient and fee, which used bad logic to handle these values and can result in draining of funds in a non-zero fee case. https://medium.com/immunefi/aurora-improper-input-sanitization-bugfix-review-a9376dac046f     Anon $1,000,000.00  
05/27/22 Moonbeam DOT A 2-part vulnerability. Precompiled contracts did not differentiate between call and delegatecall. This allowed for a malicious contract to be created to drain funds on incoming callers and the contract address could be provided to specific smart contracts that made calls to a user provided address (lack of user input validation) https://medium.com/immunefi/moonbeam-missing-call-check-bugfix-review-6279d609bdc5 https://pwning.mirror.xyz/okyEG4lahAuR81IMabYL5aUdvAsZ8cRCbYBXh8RHFuE $100,000,000.00 pwning.eth $1,050,000.00  
05/27/22 Reality.eth ETH A honeypot containing 20k was vulnerable because a proposal will pass if it is not vetoed within 24 hours by the multisig https://hackmd.io/g0txop3tTfGxcNKxn4z4Jg     isaacpatka $20,000.00  
05/23/22 Agave ETH Uninitialized proxy, duplicate of Aave V2 uninitialized proxy because of forked code https://medium.com/@hacxyk/forked-protocols-are-not-battle-tested-agave-uninitialized-proxy-vulnerability-6b5d587b3a07     Hacxyk $25,000.00  
05/15/22 Balancer ETH Double entry point tokens (e.g., SNX and sBTC) can cause a DoS condition, caused by the pool thinking it has more tokens than it actually does https://forum.balancer.fi/t/medium-severity-bug-found/3161 https://medium.com/immunefi/balancer-dos-bugfix-review-8a8ba5d971bf   shw9453, gpersoon, k_besic $50,000.00  
05/02/22 Sturdy ETH Weak fallback oracle in lending pool uses pool spot price, which can be manipulated to profit from price manipulation https://medium.com/@nnez/0-0-a-misconfiguration-leading-to-missing-funds-51d4b9e5f96a   $3,000,000.00 nnez $100,000.00  
05/02/22 Synthetix ETH A logic bug where the wrong amount variable was used. An amount variable that did not consider current debt was used, which is a larger value than the actual amount when non-zero debt exists https://medium.com/immunefi/synthetix-logic-error-bugfix-review-40da0ead5f4f     thunderdeep14 $150,000.00  
04/26/22 Aurora NEAR Infinite spend in bridge between ETH and NEAR blockchains https://medium.com/immunefi/aurora-infinite-spend-bugfix-review-6m-payout-e635d24273d https://aurora.dev/blog/aurora-mitigates-its-inflation-vulnerability, https://pwning.mirror.xyz/CB4XUkbJVwPo7CaRwRmCApaP2DMjPQccW-NOcCwQlAs $200,000,000.00 pwning.eth $6,000,000  
04/23/22 Strips Finance Arbitrum Poorly configuration liquidation configuration allowed for manipulating the rate (the equivalent of spot price manipulation for this perpetual) to create an arbitrage opportunity with the protocol’s perpetuals https://medium.com/amber-group/strips-finances-price-manipulation-vulnerability-explained-f912734a8a2   $3,500,000.00 Amber Group $30,000  
04/22/22 Sense Finance ETH Missing access controls. A function that set oracle data values could be called by anyone. https://medium.com/immunefi/sense-finance-access-control-issue-bugfix-review-32e0c806b1a0 https://medium.com/sensefinance/disclosure-fixing-a-critical-bug-in-the-sense-space-oracle-42a0bed65bc2   Violet Vienhage $50,000  
04/14/22 Curve ETH Read-only reentrancy can manipulate the get_virtual_price view function return value. Other protocols were trusting this view function blindly as a price feed even though it could be manipulated by a factor of 2 or greater. https://chainsecurity.com/curve-lp-oracle-manipulation-post-mortem/ https://forum.makerdao.com/t/curve-lp-token-oracle-manipulation-vulnerability-technical-postmortem/18009, https://chainsecurity.com/heartbreaks-curve-lp-oracles/        
04/13/22 Solidly V1 FTM Depositing or withdrawing frequently from a gauge increases the rewards received, so all rewards can be drained with spam deposits and withdrawal actions for small amounts https://github.com/belbix/solidly/issues/1     belbix    
04/07/22 Aave ETH Aave fallback oracle had no access controls on the setPrice function, allowing an arbitrary price to be set if the fallback oracle was ever used. Production fallback oracle contract is identical to the mock PriceOracle code and may have been an accidental deployment. https://medium.com/@hacxyk/aave-v3s-price-oracle-manipulation-vulnerability-168e44e9e374   $2,900,000,000.00 Hacxyk $50,000.00  
04/06/22 Rari Capital ETH Uniswap V3 oracle manipulation was possible because a pool with only $1k liquidity was used https://medium.com/@hacxyk/we-rescued-4m-from-rari-capital-but-was-it-worth-it-39366d4d1812   $4,000,000.00 Hacxyk $10,000.00  
04/06/22 ENS ETH ENS did not properly filter spoofed domains with 1. homograph characters 2. uppercase letters 3. period in them https://medium.com/@hacxyk/how-we-spoofed-ens-domains-52acea2079f6     Hacxyk $15,000.00  
04/06/22 ENS ETH Null characters are silently discarded, so strings with null characters look identical to strings without null characters https://twitter.com/ENS_DAO/status/1516220205168754688?cxt=HHwWgIDUpcmP2YoqAAAA https://twitter.com/lcfr_eth/status/1516255494071062528   lcfr_eth $45,000.00  
03/29/22 Port Finance SOL Logic error made it possible to create undercollateralized positions and steal value from the protocol https://medium.com/immunefi/port-finance-logic-error-bugfix-review-29767aced446   $25,000,000.00 nojob $630,000.00  
03/25/22 Gearbox ETH Data is parsed differently by Uniswap and Gearbox, enabling parser confusion https://medium.com/@nnez/different-parsers-different-results-acecf84dfb0c https://github.com/Gearbox-protocol/security/blob/main/disclosures/2022-03-25%20-%20uniswapV3.md $10,000,000.00 nnez $150,000.00  
03/21/22 ENS ETH Premium price for all ENS domains set to zero https://discuss.ens.domains/t/postmortem-ep9-deployment/11662     nicksdjohnson    
03/21/22 Compound ETH The issue was a combination of TUSD token having two entrypoints controlling the same balances and the sweep function not having any access controls. Sweeping TUSD using the 2nd entrypoint would change the exchange rate which can allow the attacker to profit https://medium.com/chainsecurity/trueusd-compound-vulnerability-bc5b696d29e2 https://blog.openzeppelin.com/compound-tusd-integration-issue-retrospective/ $3,100,000 ChainSecurity    
03/04/22 Convex ETH Expired vote-locked CVX could be relocked to a new address after the original lock expired, allowing excess cxvCRV rewards to be claimed https://convexfinance.medium.com/vote-locked-cvx-contract-migration-8546b3d9a38c     Popcorn    
03/03/22 Rari Capital ETH Cross-asset reentrancy was possible in all fuse pools that did not use upgraded cToken and Comptroller contract implementations. The old code used .call.value to transfer ETH, the new code uses .transfer. https://medium.com/@JackLongarzo/rari-capital-fuse-security-upgrade-report-e5d154c16250     samczsun, hritzdorf, and YSmaragdakis    
02/28/22 dYdX ETH Gasless deposit can be abused to purchase gas tokens that can be sold. A maximum cap of 0.5 ETH limited the speed at which this can be abused. https://medium.com/@hacxyk/stealing-gas-from-dydx-0-5-eth-a-day-712c5fdc43a3     Hacxyk $25,000.00  
02/24/22 Wormhole ETH Uninitialized proxy https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a     satya0x $10,000,000.00  
02/24/22 Solidex FTM When a transaction is finalized past the voting deadline, the votes become reset to their default state. This results in Solidex’s own gauges receiving far too many votes. https://docs.solidexfinance.com/security/disclosures/2022-02-24          
02/18/22 OpenSea ETH abi.encodePacked used with variable length inputs without domain separation could lead to hash collisions that result in theft of WETH from user wallets. 1 in 64 listings were vulnerable. https://nft.mirror.xyz/VdF3BYwuzXgLrJglw5xF6CHcQfAVbqeJVtueCr4BUzs     Gus (anon) $3,000,000  
02/02/22 Optimism ETH Calling selfdestruct creates new tokens out of thin air while destroyed contract retains balance https://optimismpbc.medium.com/disclosure-fixing-a-critical-bug-in-optimisms-geth-fork-a836ebdf7c94 https://www.saurik.com/optimism.html, https://github.com/ethereum-optimism/optimism/blob/master/technical-documents/postmortems/2022-02-02-inflation-vuln.md   saurik $2,000,042  
02/02/22 Solidly FTM veNFT double counting error https://twitter.com/AndreCronjeTech/status/1488883057654386695?cxt=HHwWjsCyuZTQyakpAAAA       $200,000  
01/30/22 Yearn Finance ETH, FTM Flashloan price manipulation of Balancer LP pool could lead to strategy buying stablecoin at inflated price https://github.com/yearn/yearn-security/blob/master/disclosures/2022-01-30.md https://twitter.com/bantg/status/1492225113286135809, https://medium.com/immunefi/nexus-mutual-bug-bounty-matching-program-pays-200-000-to-whitehat-4985d752dc46 $15,500,000 Anon $200,000  
01/26/22 Ondo Finance ETH Uninitialized logic contract (the proxy contracts were initialized properly) allowed any user to initialize the contract and obtaining the access needed to call the destroy function to selfdestruct the contract. https://iosiro.com/blog/high-risk-vulnerability-disclosed-to-ondo-finance   $0 ashiqamien $25,000  
01/24/22 ZORA ETH Infinite approval during NFT purchase can be attacked. A NFT bid could be frontrun by increasing NFT price to steal 100% of token held in bidder’s wallet https://zora.mirror.xyz/JeFZXnWb6jfJPon1rruXW-XJcoUVfgeNhu4XTYO3yFM     0x Protocol team $25,000  
01/15/22 Polygon MATIC Polygon consensus mechanism could be broken, but a large amount of MATIC would have to be held for an extended period to carry out the attack https://medium.com/immunefi/polygon-consensus-bypass-bugfix-review-7076ce5047fe     Niv Yehezkel $75,000  
01/11/22 Redacted Cartel ETH Custom ERC20 implementation had an error in transferFrom function that improperly approved funds https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5 https://twitter.com/redactedcartel/status/1482497480541544455 $3,000,000.00 Tommaso Pifferi $560,000  
01/10/22 Multichain Multiple Fallback function in ERC20 tokens allow a phantom permit function to not revert, allowing unauthorized token transfer from accounts that have a non zero approval or allowance https://media.dedaub.com/phantom-functions-and-the-billion-dollar-no-op-c56f062ae49f https://medium.com/multichainorg/action-required-critical-vulnerability-for-six-tokens-6b3cbd22bfc0 $471,000,000 Dedaub $2,000,000  
01/07/22 Notional ETH Internal accounting error https://medium.com/immunefi/notional-double-counting-free-collateral-bugfix-review-28b634903934 https://github.com/notional-finance/contracts-v2/pull/92 $26,200,000 0x60511e57 $1,000,000  
01/05/22 APWine ETH Incorrect check in delegation allows yield theft https://medium.com/immunefi/apwine-incorrect-check-of-delegations-bugfix-review-7e401a49c04f     setuid0 $100,000  
12/21/21 Cronos Cronos Theft of transaction fee for current block by receiving a gas refund when no gas was paid https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570 https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r Rewards only, not original assets zb3 $40,000 CVE-2021-43839
12/14/21 Convex ETH Multisig could rugpull funds with majority 2 of 3 parties collaborating https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved/   $15,000,000,000.00 OpenZeppelin    
12/05/21 Polygon MATIC Bad signature check with ecrecover https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/ $18,000,000,000 Leon Spacewalker $2,200,000  
11/27/21 dYdX StarkWare L2 Low level call() with arbitrary inputs could be performed by untrusted parties. https://dydx.exchange/blog/deposit-proxy-post-mortem   $2,000,000 Anon $500,000  
11/17/21 Enzyme Finance ETH Drain funds using flashloan to manipulate contract internal calculations https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5   $400,000 setuid0 $90,000  
10/28/21 Aztec ETH Improper integer casting, improper value constraints for cryptographic operations https://hackmd.io/@aztec-network/disclosure-of-recent-vulnerabilities     Xin Gao and Onur Kilic $50,000  
10/27/21 Robo Vault ETH Flashloan price manipulation of Uniswap pool https://medium.com/@RoboVault/post-mortem-next-steps-3556820b7470 https://twitter.com/FP_Crypto/status/1453437385405046787   FP_Crypto    
10/20/21 Harvest Finance ETH Uninitialized proxy https://medium.com/immunefi/harvest-finance-uninitialized-proxies-bug-fix-postmortem-ea5c0f7af96b   $6,400,000 Dedaub $200,000  
10/05/21 RocketPool ETH A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 https://twitter.com/rocket_pool/status/1446300700661583876?s=21 Unclear Dmitri Tsumak $100,000  
10/05/21 Lido Finance ETH A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971   Unclear Dmitri Tsumak $100,000  
10/05/21 Polygon MATIC Double spend bridge vulnerability https://medium.com/immunefi/polygon-double-spend-bug-fix-postmortem-2m-bounty-5a1db09db7f1 https://gerhard-wagner.medium.com/double-spending-bug-in-polygons-plasma-bridge-2e0954ccadf1 $850,000,000 Gerhard Wegnar $2,000,000  
09/02/21 OpenZeppelin ETH Reentrancy vulnerability in OpenZeppelin TimelockController contract https://medium.com/immunefi/openzeppelin-bug-fix-postmortem-66d8c89ed166 https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5#diff-8229f9027848871a1706845a5a84fa3e6591445cfac6e16cfb7d652e91e8d395R307 Unknown zb3 $25,000  
08/16/21 SushiSwap ETH Reusing msg.value in a loop allows payment to be reused multiple times https://samczsun.com/two-rights-might-make-a-wrong/ https://hackmd.io/@353yQn6WTImF5o12LQXXfQ/Hy2ZDYFxF, https://blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/, https://twitter.com/josephdelong/status/1431314816698916865 $350,000,000 samczsun $1,000,000  
08/15/21 Dexfolio BSC Reentrancy vulnerability that could be exploited with a custom ERC20 contract to double count staked tokens https://medium.com/amber-group/dexfolios-re-entrancy-loophole-explained-3bd3fecc29e2     Lucash-dev and Amber Group $1000  
08/14/21 Curve Bribe ETH   https://twitter.com/bantg/status/1426629982328180737   $118,000 bantg Unknown  
08/13/21 ENS Name Wrapper ETH ERC-1155 callback function reentrancy https://samczsun.com/the-dangers-of-surprising-code/#ens-name-wrapper     samczsun    
08/10/21 Belt Finance BSC Bypass of internal balance calculation by sending tokens directly to contract https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291   $60,000,000 bobface16 $1,050,000  
08/01/21 xDai Stake xDAI Tokens accidentally sent to bridge contract can be stolen https://medium.com/immunefi/xdai-stake-arbitrary-call-method-bug-postmortem-f80a90ac56e3   $4.50 0xadee028d $5,000  
07/31/21 Tidal Finance MATIC Uninitialized or unset rewardDebt variable defaults to zero, allowing free unearned reward https://medium.com/immunefi/tidal-finance-logic-error-bug-fix-postmortem-3607d8b7ed1f https://github.com/TidalFinance/tidal-contracts/commit/924e87f1aead70abb17760c839b53ba40d80bf2c#diff-46a924754f71a2f8be88d0f20295f40653c881426d64b90e8bdd4f4bed303368 Unclear Csanuragjain $25,000  
07/30/21 Teller ETH Uninitialized proxy https://medium.com/immunefi/teller-bug-fix-postmorten-and-bug-bounty-launch-b3f67a65c5ac   $1,000,000 Bugdefeat $50,000  
06/29/21 Yearn Finance ETH Flashloan of zero value bypassed safety checks and could result in liquidation of strategy’s debt position https://github.com/yearn/yearn-security/blob/master/disclosures/2021-06-29.md     xyzaudits $200,000  
06/16/21 Alchemix ETH Unprotected functions could lead to frontrunning and denial of service https://medium.com/immunefi/alchemix-access-control-bug-fix-debrief-a13d39b9f2e0   $300 ashiqamien $7,500  
06/14/21 MCDEX Arbitrum Contract does not validate user-provided contract address input parameter, allowing a user to craft a malicious contract. https://medium.com/immunefi/mcdex-insufficient-validation-bug-fix-postmortem-182fc6cab899   Unclear Lucash-dev $50,000  
06/13/21 Cream Finance ETH Old contract allow users to receive liquidity mining rewards without participating in liquidity mining. https://medium.com/immunefi/cream-finance-insufficient-validation-bug-fix-postmortem-1ec7248e8865   $100,000 Azeem $20,750  
06/09/21 Zapper ETH Low level call() with user-provided inputs could steal LP tokens https://medium.com/immunefi/zapper-arbitrary-call-data-bug-fix-postmortem-d75a4a076ae9 https://medium.com/zapper-protocol/post-mortem-sushiswap-uniswap-v2-zap-out-exploit-84e5d34603f0 Unclear Lucash-dev $25,000  
06/08/21 Mushrooms Finance ETH Flashloan function is missing an authorization check that allows any user to call the function. https://medium.com/immunefi/mushrooms-finance-logic-error-bug-fix-postmortem-780122821621   $635,000 ckksec $60,000  
06/07/21 88mph ETH Unprotected init() function was missing onlyOwner modifier https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3   $6,500,000 ashiqamien $42,069  
05/13/21 Fei Protocol ETH Flashloan price manipulation of Uniswap pool https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb https://medium.com/fei-protocol/fei-bonding-curve-bug-post-mortem-98d2c6f271e9 $240,000,000 bobface16 $800,000  
05/08/21 Meebit NFTs   Brute force attack to mint rare Meetbits NFTs https://iphelix.medium.com/meebit-nft-exploit-analysis-c9417b804f89          
04/27/21 PancakeSwap BSC Lottery ticket NFT can be redeemed multiple times because first redemption doesn’t invalidate ticket. https://medium.com/immunefi/pancakeswap-logic-error-bug-fix-postmortem-f2d02adb6983   $700,000 Juno    
04/27/21 Mushrooms Finance ETH MEV attack can steal yield https://medium.com/immunefi/mushrooms-finance-theft-of-yield-bug-fix-postmortem-16bd6961388f   Unclear Wen-Ding Li $4,000  
04/26/21 SharedStake ETH Low level call() with user-provided inputs could extract timelocked funds https://medium.com/immunefi/sharedstake-insider-exploit-postmortem-17fa93d5c90e   $40,000,000 Lucash-dev $5,000  
04/06/21 Fei Protocol ETH A combination of Uniswap function calls and Fei incentive calculations around maintaining peg allow a user to receive free WETH https://medium.com/immunefi/fei-protocol-vulnerability-postmortem-483f9a7e6ad1   $5,640,000 0xRevert $300,000  
04/05/21 Ambisafe ETH Transferring ownership grants ownership to sender and receiver at the same time, allowing receiver to steal tokens https://samczsun.com/uncovering-a-four-year-old-bug/     samczsun    
03/26/21 ElasticDAO ETH Missing authorization allowed excess token minting https://medium.com/elasticdao/elasticdao-smart-contract-and-security-audits-400f424281b6   $5,000,000 samczsun    
03/16/21 Vesper ETH Drain funds using flashloan price manipulation of Uniswap pool https://medium.com/immunefi/vesper-rebase-vulnerability-postmortem-and-bug-bounty-55354a49d184 https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72 $310,000 Dedaub Unclear  
03/11/21 Sovryn RSK User could take out a loan using another party’s collateral, allowing theft of the “borrowed” funds https://medium.com/immunefi/sovryn-loan-vulnerability-postmortem-ffaf4d1d688f   $6,800 Whitehat Turbo $76,568  
02/26/21 Tokenlon ETH Signature verification does not properly handle zero address https://tokenlon.medium.com/tokenlon-4-0-fee-incident-disclosure-9ee8b5fad564   $750,000 samczsun $50,000  
02/22/21 PancakeSwap BSC User can frontrun the winning lottery ticket selection and buy the winning lottery ticket https://medium.com/immunefi/pancakeswap-lottery-vulnerability-postmortem-and-bug-4febdb1d2400   $240,000 Thunder Unclear  
02/21/21 Primitive Finance ETH Flashloan with a Uniswap pool containing an attacker-controlled token and abuse infinite allowance to steal funds https://primitivefinance.medium.com/postmortem-on-the-primitive-finance-whitehack-of-february-21st-2021-17446c0f3122 https://medium.com/immunefi/inside-the-war-room-that-saved-primitive-finance-6509e2188c86 $1,300,000 Dedaub $188,000  
02/21/21 Hashmasks ETH ERC721 _safeMint callback reentrancy allows more NFTs to be minted than expected https://samczsun.com/the-dangers-of-surprising-code/#hashmasks https://thehashmasks.medium.com/hashmask-art-sale-bug-report-13ccd66b55d7 19 hashmasks samczsun $12,500  
02/15/21 NFTX ETH Internal accounting error allows multiple NFTs to be associated with the same custom ERC20 https://forum.nftx.org/t/retroactive-bug-bounty/161     samczsun $50,000  
02/09/21 Charged Particles ETH A user could sell their NFT but still maintain possession of the NFT after the sale using a malicious contract. https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b https://github.com/Charged-Particles/charged-particles-universe/commit/f4fb60e3f791c1bb3b8907276b27d0319ce46a68#diff-91fca72e3021a185238dd0e82e118ae3ab5993db93dd322d301c665ff74e3eed Unclear unsafe_call $5,000  
02/09/21 ForTube ETH Authorization bypass by creating fake ERC20 Ftoken https://medium.com/the-force-protocol/fortube-security-vulnerability-fix-c5847359ba7d     samczsun    
01/30/21 ArmorFi ETH Internal accounting error caused by extra 10**18 multiplier https://medium.com/immunefi/armorfi-bug-bounty-postmortem-cf46eb650b38   Unclear bobface16 $876,000  
01/16/21 Yearn Finance ETH Internal accounting error resulted in incorrect share price calculation https://github.com/yearn/yearn-security/blob/master/disclosures/2021-01-17.md          
01/15/21 Gnosis Safe ETH   https://docs.gnosis-safe.io/learn/security/bug-bounty-program#duplicate-owners-during-setup-could-render-safe-unusable     davidnich11 $2,500  
01/09/21 Optimism     https://github.com/ethereum-optimism/contracts-v2/pull/172 https://github.com/ethereum-optimism/contracts-v2/pull/179, https://github.com/ethereum-optimism/contracts-v2/pull/181, https://github.com/ethereum-optimism/contracts/pull/364, https://github.com/ethereum-optimism/contracts/pull/360   samczsun    
12/04/20 Aave ETH Uninitialized proxy for Aave V2 LendingPool proxy https://medium.com/aave/aave-security-newsletter-546bf964689d https://blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/ None Josselin Feist $25,000  
12/03/20 Frax Finance     https://github.com/FraxFinance/frax-solidity/issues/12 https://github.com/FraxFinance/frax-solidity/issues/7   samczsun    
10/30/20 Yearn Finance ETH Flashloan price manipulation from missing slippage protection when earn() function is called https://github.com/yearn/yearn-security/blob/master/disclosures/2020-10-30.md   $650,000 Wen-Ding Li    
10/22/20 PoolTogether   Deposit action could be frontrun, causing the amount deposited later to be taken by the frontrunner https://docs.pooltogether.com/security/bug-bounties#permitanddepositdai-contract-unrestricted-sender     Kevin Foesenek $20,000.00  
10/12/20 Yield Protocol     https://github.com/yieldprotocol/fyDai/pull/360     samczsun    
10/10/20 Alpha Homora ETH Opening a position when LP price is skewed and lowering the price after the position is opened can allow the position to be liquidated by a user, who would profit 5% of position value https://blog.alphafinance.io/alpha-homora-adjustments/     samczsun    
10/10/20 Yearn Finance ETH The address input parameter for the deposit function is not validated, so a fake gauge contract can be provided https://github.com/yearn/yearn-security/blob/master/disclosures/2020-10-10.md   $20,000 Emiliano Bonassi    
10/03/20 Aavegotchi Staking     https://github.com/aavegotchi/ghst-staking/issues/2     samczsun    
09/25/20 Incognito Chain ETH No validation check around token duplicating, allowing for double spend https://we.incognito.org/t/how-a-smart-contract-vulnerability-was-discovered-and-fixed/6416   $2,690,000 samczsun    
09/25/20 Yearn Finance ETH Earn function can run out of gas before completing fully, which alters the share price and can lead to buying the dip with a flashloan https://github.com/yearn/yearn-security/blob/master/disclosures/2020-09-25.md     Andre Cronje    
09/15/20 Lien Finance     https://samczsun.com/escaping-the-dark-forest/     samczsun    
09/11/20 Gnosis Safe ETH   https://docs.gnosis-safe.io/learn/security/bug-bounty-program#setting-a-safe-as-an-owner-of-itself-essentially-reduces-threshold-by-1     keviinfoes $5,000  
08/21/20 xTokens ETH Flashloan price manipulation of Uniswap pool https://medium.com/xtoken/xsnxa-false-start-post-mortem-f26a7a735383     samczsun    
07/25/20 yVault     https://blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/   $400,000 samczsun    
06/21/20 Atomic Loans     https://web.archive.org/web/20200926093030/https://atomic.loans/blog/vulnerability-disclosure-and-pause-new-loan-requests/     samczsun    
06/18/20 Bancor ETH safeTransferFrom does not validate message sender is authorized to spend “from” address funds, so funds can be stolen from addresses with non-zero allowance https://zengo.com/bancor-smart-contracts-vulnerability-its-not-over/   $460,000      
03/26/20 Synthetix     https://blog.synthetix.io/bug-disclosure     samczsun    
02/20/20 Nexus Mutual     https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa     samczsun $5,000  
02/18/20 Nexus Mutual     https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa     Mudhit Gupta $2,000  
02/17/20 Authereum     https://medium.com/authereum/account-vulnerability-disclosure-ec9e288c6a24     samczsun    
02/09/20 Aragon Court     https://web.archive.org/web/20210306232055/https://blog.aragon.one/aragon-court-v1-upgrades/     samczsun    
01/25/20 Curve Finance     https://web.archive.org/web/20220525040546/https://blog.curve.fi/vulnerability-disclosure/     samczsun    
12/09/19 Gnosis Safe ETH   https://docs.gnosis-safe.io/learn/security/bug-bounty-program#potential-suicide-of-multisend-library     micahzoltu $1,000.00  
11/22/19 Gnosis Safe ETH   https://docs.gnosis-safe.io/learn/security/bug-bounty-program#transaction-failure-when-receiving-funds-via-transfer-or-send          
11/08/19 ENS     https://medium.com/the-ethereum-name-service/lets-talk-ens-migration-a92d5c21df28     samczsun   CVE-2020–5232
10/17/19 Cheese Wizards     https://medium.com/dapperlabs/disclosure-forking-cheeze-wizards-smart-contracts-all-funds-and-wizards-are-secure-3c53af5bc531     samczsun    
09/18/19 Hydro Protocol     https://medium.com/ddex/fixed-potential-vulnerability-in-contract-used-during-private-beta-217c0ed6f694     samczsun    
09/13/19 Kyber Network     https://blog.kyber.network/anatomy-of-a-bridge-reserve-smart-contract-vulnerability-and-how-we-fixed-it-fc5c50d13238     samczsun    
09/03/19 bZx Protocol     https://medium.com/@b0xNet/your-funds-are-safe-d35826fe9a87     samczsun    
07/29/19 Livepeer     https://forum.livepeer.org/t/protocol-paused-for-bug-fix-upgrade-7-29-19-4-21pm-edt-update-protocol-resumed-as-of-8-40pm-edt/841     samczsun    
07/12/19 0x Exchange     https://samczsun.com/the-0x-vulnerability-explained/     samczsun