This list highlights the accomplishments and disclosed vulnerabilities of the top white hat security experts in DeFi.
This list is part HackerOne leaderboard and part CVE database. Contributions are welcome and it would be amazing if the crypto community could crowdsource a CVE-like database. My arbitrary rules to include a vulnerability in this list (until I am convinced otherwise) is that the vulnerability must be discovered on mainnet (meaning most audit findings are excluded) and it must not have resulted in intentional loss of user funds (meaning most rekt.news hacks are excluded).
So far, the sources of this list include postmortems from:
Additional submissions to fill in gaps are welcome.
This list only includes actual vulnerabilities. There are CWE-like lists that exist to capture common weaknesses in code, including these lists:
This list does not include black hat hacks which involved user loss of funds, even if the funds are returned. There are other lists for that, including these lists:
This list is focused on smart contract vulnerabilities. Some layer 1 vulnerabilities may be included below, but there are separate lists for this topic
Contributions are very welcome. This list is guaranteed to be incomplete.
Yes, it renders weird on github, but you can view the markdown in your own local markdown editor instead of github. Or you can search for a web-based markdown-to-csv converter and copy the data to a spreadsheet.
Date | Protocol Name | Blockchain | Vulnerability Description | Writeup Link | Additional Links | Total Value at Risk | Whitehat | Bounty Award | Vulnerability ID |
---|---|---|---|---|---|---|---|---|---|
08/22/23 | Balancer | ETH | https://twitter.com/Balancer/status/1694014645378724280 | ||||||
07/28/23 | Uniswap | ETH | Flaw in order settlement logic. If a user has an order on another protocol with the same ask token as in UniswapX, filler can abuse this and not send the entire requested amounts. | https://kebabsec.xyz/posts/critical_vulnerability_in_uniswapx | shung | $200,000 | |||
06/28/23 | DX.app | BNB | Decompiling an unverified contract with high TVL revealed that unlockToken can be called unlimited times. Calling unlockToken 100 times returns 100x the deposited tokens. | https://blog.decurity.io/dx-protocol-vulnerability-disclosure-bddff88aeb1d | $5,200,000.00 | decurity | $500 | ||
04/28/23 | Yield Protocol | ETH | Pool balanceOf can be inflated with a donation attack. The donation can happen together with burning pool shares to inflate the number of pool shares received during minting | https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50 | $950,000.00 | PaludoX0 | $95,000 | ||
04/28/23 | DFX Finance | MATIC | Rounding error could lead to user receiving LP tokens without depositing any tokens. EURS decimals value of 2 make it faster to extract value from this rounding error compared to a token with 6 or 18 decimals. | https://medium.com/immunefi/dfx-finance-rounding-error-bugfix-review-17ba5ffb4114 | $237,143.00 | perseverance | $100,000 | ||
04/27/23 | Silo | ETH | A silo without any deposits could be manipulated with a donation attack to reach very high interest rate values. The fast increase in collateral value from interest accumulation can be borrowed against, allowing a user to withdraw large sums from the protocol. | https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8 | https://twitter.com/kankodu/status/1669833829203476480 | kankodu | $100,000 | ||
04/04/23 | Yearn Finance | ETH | Strategy loss calculation in prepareReturn is incorrect, but would not directly result in loss of funds | https://github.com/yearn/yearn-security/blob/master/disclosures/2023-04-04.md | 0xadrii | ||||
03/28/23 | Enzyme Finance | ETH | Missing access check in the GasRelayerPaymasterLib contract | https://medium.com/immunefi/enzyme-finance-missing-privilege-check-bugfix-review-ddb5e87b8058 | https://twitter.com/enzymefinance/status/1643893025532178432 | rootrescue | $400,000 | ||
03/18/23 | Alchemist | ETH | Missing access control modifier combined with incorrect logic handling in the case of nonexistent mapping value can be combined to brick the rewards accumulation in the protocol | https://dacian.me/28k-bounty-admin-brick-forced-revert | DevDacian | $28,000 | |||
02/24/23 | Tranchess | ETH | Malicious node operator could frontrun a deposit transaction with the credentials replaced to steal value that should be withdrawn to users of the liquid staking protocol. Same as Lido and Rocketpool bounty from 2021 | https://www.kalos.xyz/blog/tranchess-liquid-staking-deposit-firstrun-vulnerability-analysis | https://tranchess.medium.com/recap-deposit-front-run-vulnerability-mitigation-cfc66ef8c50d | Jade Han | $75,000 | ||
02/19/23 | Tron | ETH | Tron multisig wallet design allowed a single user in the multisig to provide multiple valid signatures, allowing a single user to override the security of a multisig and submit any transactions without needing other signers. This was because there was no check for duplicate signatures from a single signer. | https://0d.dwalletlabs.com/game-of-tron-critical-0-day-in-tron-multi-signature-wallets-2c3e90668dc0 | dWallet Labs | ||||
02/13/23 | LayerZero | Customized relayed could send cross-chain messages for free | https://medium.com/@blockian/blackboxing-layerzero-labs-off-chain-relayer-954aecab0f62 | _blockian | $25,000 | ||||
02/10/23 | NEAR | https://hackenproof.com/blog/for-hackers/near-rewards-1-8-million-to-ethical-hackers-at-hackenproof | $1,800,000 | ||||||
01/22/23 | Balancer | ETH | Duplicate claims could be accepted by the merkle tree logic, which would allow draining of assets | https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/NWDf5uW1Ve7-TrcPKwmM86xp8ploMSCRGC58A-NSoFY | https://twitter.com/Balancer/status/1620503172702953475, https://medium.com/immunefi/balancer-logic-error-bugfix-review-74f5edca8b1a | 0xriptide | $75,000.00 | ||
12/29/22 | Fluidity | ETH | A specific sequence of reward function calls would cause a revert, preventing the protocol from sending rewards to users | https://www.trust-security.xyz/post/breaking-fluidity-for-glory-and-50k | trust_90 | $50,000.00 | |||
12/16/22 | Gnosis Safe | ETH | Returned array of module addresses did not include the next address, resulting in a potential misunderstanding by the user | https://docs.gnosis-safe.io/learn/security/bug-bounty-program#the-function-getmoduledpaginated-does-not-return-all-modules | RenanSouza2 | $2,000.00 | |||
12/14/22 | Thena | BSC | Rewards claiming reverts in certain cases due to an incorrect logic check related to the expiration of the veNFT token | https://zzykxx.com/2023/02/02/the-bug-that-codearena-missed-,-twice/ | zzykxx | $20,000.00 | |||
11/29/22 | Uniswap | ETH | Reentrancy vulnerability in new UniversalRouter could allow an ERC721 callback to sweep funds sitting in the router from a previous unfinished transaction | https://media.dedaub.com/uniswap-bug-bounty-1625d8ff04ae | https://www.nomoi.xyz/blog/uniswap-vulnerability-disclosure | Dedaub | $40,000.00 | ||
11/15/22 | Beanstalk | ETH | Any EOA that approved the Beanstalk proxy could have the approved assets transferred out of their EOA due to bad transferFrom logic | https://medium.com/immunefi/beanstalk-logic-error-bugfix-review-4fea17478716 | $181,850.00 | ||||
11/02/22 | Oasis DAO | ETH | A specific call flow allows for delegatecall to call selfdestruct which would shut down the Oasis Earn platform | https://www.trustindistrust.com/post/taking-home-a-20k-bounty-with-oasis-platform-shutdown-vulnerability | trust_90 | $20,000.00 | |||
11/01/22 | Curve | ETH | Bribes were allocated based on a user’s locked amount of CRV rather than allocating based on their veCRV balance. VeCRV balance decays over time but locked CRV does not. | https://github.com/yearn/yearn-security/blob/master/disclosures/2022-11-01.md | Yearn | ||||
10/21/22 | Curve | ETH | Missing access control allowed anyone to set the fee receiver of pools paired with the base pool | https://github.com/curvefi/security-incident-reports/blob/main/disclosures/pool_owner_proxy_bug.md | $60,000.00 | ||||
10/18/22 | Mai Finance | ETH | Same get_virtual_price read-only reentrancy vulnerability that ChainSecurity discovered, but this time found in QiDao’s vault integration with Curve. Price manipulation would allow theft of funds and leave the protocol with bad debt | https://ambergroup.medium.com/mai-finances-oracle-manipulation-vulnerability-explained-55e4b5cc2b82 | Amber Group | ||||
10/14/22 | Bunni | ETH | The first deposit into a new pool can be frontrun by 1. depositing 1 wei into the protocol 2. depositing into the underlying pool in Uniswap and sending LP tokens directly to the protocol. This results in the protocol not providing the second depositer with any shares, and the first depositor can withdraw the first two deposits with the shares they own. | https://www.rileyholterhus.com/writing/bunni | rileyholterhus | ||||
09/30/23 | Q Blockchain | Double voting with the same tokens is possible. One vote can happen when the tokens are delegated, the other vote happens when the tokens are about to be unlocked | https://medium.com/@blockian/striking-gold-at-30-000-feet-uncovering-a-critical-vulnerability-in-q-blockchain-for-50-000-ab335042147b | _blockian | $50,000.00 | ||||
09/26/22 | OpenSea | ETH | https://twitter.com/hacker_/status/1574518042737790976 | hacker_ | $100,050.00 | ||||
09/25/22 | 88mph | ETH | Deposits could be withdrawn before the maturity date because the deposit process did not update the rewardPerToken variable, allowing theft of yield | https://medium.com/immunefi/88mph-theft-of-unclaimed-mph-rewards-bugfix-review-1dec98b9956b | 0xSzeth | $21,000.00 | |||
09/21/22 | Mt Pelerin | ETH | Function did not check if input array contained duplicate values. This allowed a user to submit an array of duplicate actions and the action would be performed multiple times because there were insufficient checks. | https://medium.com/immunefi/mt-pelerin-double-transaction-bugfix-review-503838db3d70 | $10,000.00 | ||||
09/20/22 | Arbitrum Nitro | ETH | Uninitialized proxy. The proxy was initialized, but the values were wiped and sequencerInbox was never rewritten. Initialize could be called to set key bridge variables and steal bridge funds. | https://medium.com/@0xriptide/hackers-in-arbitrums-inbox-ca23272641a2 | 0xriptide | $560,000.00 | |||
09/17/22 | Liquity | ETH | Tellor fallback oracle used in an unsafe way | https://www.liquity.org/blog/tellor-issue-and-fix | 0xpaco | ||||
09/09/22 | Solidly V1 | ETH | Several vulnerabilities exist in Solidly V1 and Solidex. Denial of service is possible in multiple ways and other attacks that can remove value from the protocol are also described. | https://medium.com/@seraph333/security-disclosures-and-recent-attacks-on-solidly-v1-ab7dc47558c5 | |||||
09/08/22 | Abracadabra | AVAX | The Native Asset precompile contract on Avalanche C-Chain allows delegatecall-like ability to pass original msg.sender in a call to another contract. This could be used to bypass a blacklist check that prevents calls from certain contracts. | https://mirror.xyz/0x5744b051845B62D6f5B6Db095cc428bCbBBAc6F9/zRO5HegkDEHG1NEnM3h-am79Pf5RlERhHNsiI1CiFts | https://medium.com/avalancheavax/apricot-phase-6-native-asset-call-deprecation-a7b7a77b850a | $3,000,000.00 | Statemind | ||
09/08/22 | OpenSea | ETH | Due to using the quotient of a division operation instead of the remainder, a memory overwrite vulnerability in a loop could overwrite a word at the end of an array | https://blocksecteam.medium.com/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d | Blocksec | ||||
09/06/22 | Yearn Finance | ETH | Yearn Vaults on ETH POW forks that use the same chainId and a DOMAIN_SEPARATOR value that is calculated at contract deployment are vulnerable to replay attacks. | https://github.com/yearn/yearn-security/blob/master/disclosures/2022-09-06.md | |||||
09/03/22 | Notional | ETH | https://twitter.com/NotionalFinance/status/1566089211068948480 | $1,500,000.00 | $150,000.00 | ||||
08/24/22 | Across | Bridge double spend was possible due to off-chain relayer bug | https://iosiro.com/blog/high-risk-bug-disclosure-across-bridge-double-spend | Jason Matthyser | $90,000.00 | ||||
08/14/22 | Moonwell | Moonbeam | Depegged assets were still valued at $1 by the protocol, which could have caused the protocol to accrue large amounts of bad debt. | https://medium.com/risk-dao/the-risk-of-secondary-markets-for-depegged-collateral-tokens-moonwell-bug-disclosure-2021181f50bc | Risk DAO | $10,000.00 | |||
08/13/22 | Talent Protocol | MATIC | Public function without access controls set the protocol token address, enabling a rogue ERC20 contract to freeze contract funds | https://mirror.xyz/0xCf39521413F8De389771e35bB4C77b4bb827b7B3/HdSq7TVvk-s7DzQgN3u0pV8UFiVkaDft18HgmePTag4 | $465,000.00 | kebabsec | |||
08/05/22 | Yield Protocol | Arbitrum | Code was copied from a similar function resulting in an incorrectly implemented function. The fix during the post-audit remediation did not correctly consider the contract inheritance and allowed for contract funds to be drained | https://medium.com/yield-protocol/post-mortem-of-incident-on-august-5th-2022-7bb70dbb9ada | $206,000.00 | ||||
07/25/22 | Velas chain | Velas | Similar to pwning.eth Moonbeam and Aurora bugs, combines delegatecall with precompiled contracts on different blockchains that didn’t consider this edge case | https://mirror.xyz/orenyomtov.eth/RbV_WYYTPCAObp3VsNlkgx6iQBElwulGQf586lVK7dE | orenyomtov.eth | $100,000.00 | |||
07/14/22 | Sherlock | ETH | Cross-protocol reentrancy. 1inch swap callback enables reentrancy to modify exchange rate on Euler which changes the redemption amount from staking with Sherlock. | https://mirror.xyz/0xE400820f3D60d77a3EC8018d44366ed0d334f93C/LOZF1YBcH1eBdxlC6HP223cAMeTpNgQ-Kc4EjQuxmGA | GothicShanon89238 | $250,000.00 | |||
07/07/22 | Yield Protocol | ETH | Deprecated strategy roll-over process had a security issue but no value at risk | https://twitter.com/yield/status/1545119888309567489 | $0.00 | $10,000.00 | |||
07/01/22 | Interlay | DOT | interBTC bridge had two bugs that could 1. force liquidation of vaults 2. insecure address extraction for P2SH addresses allows for address spoofing | https://pwning.mirror.xyz/jlT8OgtwN3mQf3KdYmXdcSXbE4s95JzT3eR3wxiLmpw | https://medium.com/interlay/kintsugi-released-urgent-security-patches-aebf969ee087 | pwning.eth | $200,000.00 | ||
06/28/22 | Moonbeam | DOT | Improper truncation during type conversation leads to different interpretations of a single value | https://pwning.mirror.xyz/RFNTSouIIlHVNmTNDThUVb1obIeN5c1LAiQuN9Ve-ok | https://moonbeam.network/blog/security-patch-for-integer-truncation-bug/ | pwning.eth | $1,000,000.00 | CVE-2022-31111 | |
06/16/22 | Aurora | NEAR | A serialized payload could be crafted that would deserialize to a valid transaction. This allowed spoofing of Aurora token burns and the withdrawal of funds from the bridge. | https://medium.com/immunefi/aurora-withdrawal-logic-error-bugfix-review-c5b4e30a9160 | $62,935,870.00 | Anon | $1,000,000.00 | ||
06/10/22 | Aurora | NEAR | Improper input sanitization allowed arbitrary inputs for the args value, which is fully controlled by user input. This value sets a recipient and fee, which used bad logic to handle these values and can result in draining of funds in a non-zero fee case. | https://medium.com/immunefi/aurora-improper-input-sanitization-bugfix-review-a9376dac046f | Anon | $1,000,000.00 | |||
05/27/22 | Moonbeam | DOT | A 2-part vulnerability. Precompiled contracts did not differentiate between call and delegatecall. This allowed for a malicious contract to be created to drain funds on incoming callers and the contract address could be provided to specific smart contracts that made calls to a user provided address (lack of user input validation) | https://medium.com/immunefi/moonbeam-missing-call-check-bugfix-review-6279d609bdc5 | https://pwning.mirror.xyz/okyEG4lahAuR81IMabYL5aUdvAsZ8cRCbYBXh8RHFuE | $100,000,000.00 | pwning.eth | $1,050,000.00 | |
05/27/22 | Reality.eth | ETH | A honeypot containing 20k was vulnerable because a proposal will pass if it is not vetoed within 24 hours by the multisig | https://hackmd.io/g0txop3tTfGxcNKxn4z4Jg | isaacpatka | $20,000.00 | |||
05/23/22 | Agave | ETH | Uninitialized proxy, duplicate of Aave V2 uninitialized proxy because of forked code | https://medium.com/@hacxyk/forked-protocols-are-not-battle-tested-agave-uninitialized-proxy-vulnerability-6b5d587b3a07 | Hacxyk | $25,000.00 | |||
05/15/22 | Balancer | ETH | Double entry point tokens (e.g., SNX and sBTC) can cause a DoS condition, caused by the pool thinking it has more tokens than it actually does | https://forum.balancer.fi/t/medium-severity-bug-found/3161 | https://medium.com/immunefi/balancer-dos-bugfix-review-8a8ba5d971bf | shw9453, gpersoon, k_besic | $50,000.00 | ||
05/02/22 | Sturdy | ETH | Weak fallback oracle in lending pool uses pool spot price, which can be manipulated to profit from price manipulation | https://medium.com/@nnez/0-0-a-misconfiguration-leading-to-missing-funds-51d4b9e5f96a | $3,000,000.00 | nnez | $100,000.00 | ||
05/02/22 | Synthetix | ETH | A logic bug where the wrong amount variable was used. An amount variable that did not consider current debt was used, which is a larger value than the actual amount when non-zero debt exists | https://medium.com/immunefi/synthetix-logic-error-bugfix-review-40da0ead5f4f | thunderdeep14 | $150,000.00 | |||
04/26/22 | Aurora | NEAR | Infinite spend in bridge between ETH and NEAR blockchains | https://medium.com/immunefi/aurora-infinite-spend-bugfix-review-6m-payout-e635d24273d | https://aurora.dev/blog/aurora-mitigates-its-inflation-vulnerability, https://pwning.mirror.xyz/CB4XUkbJVwPo7CaRwRmCApaP2DMjPQccW-NOcCwQlAs | $200,000,000.00 | pwning.eth | $6,000,000 | |
04/23/22 | Strips Finance | Arbitrum | Poorly configuration liquidation configuration allowed for manipulating the rate (the equivalent of spot price manipulation for this perpetual) to create an arbitrage opportunity with the protocol’s perpetuals | https://medium.com/amber-group/strips-finances-price-manipulation-vulnerability-explained-f912734a8a2 | $3,500,000.00 | Amber Group | $30,000 | ||
04/22/22 | Sense Finance | ETH | Missing access controls. A function that set oracle data values could be called by anyone. | https://medium.com/immunefi/sense-finance-access-control-issue-bugfix-review-32e0c806b1a0 | https://medium.com/sensefinance/disclosure-fixing-a-critical-bug-in-the-sense-space-oracle-42a0bed65bc2 | Violet Vienhage | $50,000 | ||
04/14/22 | Curve | ETH | Read-only reentrancy can manipulate the get_virtual_price view function return value. Other protocols were trusting this view function blindly as a price feed even though it could be manipulated by a factor of 2 or greater. | https://chainsecurity.com/curve-lp-oracle-manipulation-post-mortem/ | https://forum.makerdao.com/t/curve-lp-token-oracle-manipulation-vulnerability-technical-postmortem/18009, https://chainsecurity.com/heartbreaks-curve-lp-oracles/ | ||||
04/13/22 | Solidly V1 | FTM | Depositing or withdrawing frequently from a gauge increases the rewards received, so all rewards can be drained with spam deposits and withdrawal actions for small amounts | https://github.com/belbix/solidly/issues/1 | belbix | ||||
04/07/22 | Aave | ETH | Aave fallback oracle had no access controls on the setPrice function, allowing an arbitrary price to be set if the fallback oracle was ever used. Production fallback oracle contract is identical to the mock PriceOracle code and may have been an accidental deployment. | https://medium.com/@hacxyk/aave-v3s-price-oracle-manipulation-vulnerability-168e44e9e374 | $2,900,000,000.00 | Hacxyk | $50,000.00 | ||
04/06/22 | Rari Capital | ETH | Uniswap V3 oracle manipulation was possible because a pool with only $1k liquidity was used | https://medium.com/@hacxyk/we-rescued-4m-from-rari-capital-but-was-it-worth-it-39366d4d1812 | $4,000,000.00 | Hacxyk | $10,000.00 | ||
04/06/22 | ENS | ETH | ENS did not properly filter spoofed domains with 1. homograph characters 2. uppercase letters 3. period in them | https://medium.com/@hacxyk/how-we-spoofed-ens-domains-52acea2079f6 | Hacxyk | $15,000.00 | |||
04/06/22 | ENS | ETH | Null characters are silently discarded, so strings with null characters look identical to strings without null characters | https://twitter.com/ENS_DAO/status/1516220205168754688?cxt=HHwWgIDUpcmP2YoqAAAA | https://twitter.com/lcfr_eth/status/1516255494071062528 | lcfr_eth | $45,000.00 | ||
03/29/22 | Port Finance | SOL | Logic error made it possible to create undercollateralized positions and steal value from the protocol | https://medium.com/immunefi/port-finance-logic-error-bugfix-review-29767aced446 | $25,000,000.00 | nojob | $630,000.00 | ||
03/25/22 | Gearbox | ETH | Data is parsed differently by Uniswap and Gearbox, enabling parser confusion | https://medium.com/@nnez/different-parsers-different-results-acecf84dfb0c | https://github.com/Gearbox-protocol/security/blob/main/disclosures/2022-03-25%20-%20uniswapV3.md | $10,000,000.00 | nnez | $150,000.00 | |
03/21/22 | ENS | ETH | Premium price for all ENS domains set to zero | https://discuss.ens.domains/t/postmortem-ep9-deployment/11662 | nicksdjohnson | ||||
03/21/22 | Compound | ETH | The issue was a combination of TUSD token having two entrypoints controlling the same balances and the sweep function not having any access controls. Sweeping TUSD using the 2nd entrypoint would change the exchange rate which can allow the attacker to profit | https://medium.com/chainsecurity/trueusd-compound-vulnerability-bc5b696d29e2 | https://blog.openzeppelin.com/compound-tusd-integration-issue-retrospective/ | $3,100,000 | ChainSecurity | ||
03/04/22 | Convex | ETH | Expired vote-locked CVX could be relocked to a new address after the original lock expired, allowing excess cxvCRV rewards to be claimed | https://convexfinance.medium.com/vote-locked-cvx-contract-migration-8546b3d9a38c | Popcorn | ||||
03/03/22 | Rari Capital | ETH | Cross-asset reentrancy was possible in all fuse pools that did not use upgraded cToken and Comptroller contract implementations. The old code used .call.value to transfer ETH, the new code uses .transfer. | https://medium.com/@JackLongarzo/rari-capital-fuse-security-upgrade-report-e5d154c16250 | samczsun, hritzdorf, and YSmaragdakis | ||||
02/28/22 | dYdX | ETH | Gasless deposit can be abused to purchase gas tokens that can be sold. A maximum cap of 0.5 ETH limited the speed at which this can be abused. | https://medium.com/@hacxyk/stealing-gas-from-dydx-0-5-eth-a-day-712c5fdc43a3 | Hacxyk | $25,000.00 | |||
02/24/22 | Wormhole | ETH | Uninitialized proxy | https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a | satya0x | $10,000,000.00 | |||
02/24/22 | Solidex | FTM | When a transaction is finalized past the voting deadline, the votes become reset to their default state. This results in Solidex’s own gauges receiving far too many votes. | https://docs.solidexfinance.com/security/disclosures/2022-02-24 | |||||
02/18/22 | OpenSea | ETH | abi.encodePacked used with variable length inputs without domain separation could lead to hash collisions that result in theft of WETH from user wallets. 1 in 64 listings were vulnerable. | https://nft.mirror.xyz/VdF3BYwuzXgLrJglw5xF6CHcQfAVbqeJVtueCr4BUzs | Gus (anon) | $3,000,000 | |||
02/02/22 | Optimism | ETH | Calling selfdestruct creates new tokens out of thin air while destroyed contract retains balance | https://optimismpbc.medium.com/disclosure-fixing-a-critical-bug-in-optimisms-geth-fork-a836ebdf7c94 | https://www.saurik.com/optimism.html, https://github.com/ethereum-optimism/optimism/blob/master/technical-documents/postmortems/2022-02-02-inflation-vuln.md | saurik | $2,000,042 | ||
02/02/22 | Solidly | FTM | veNFT double counting error | https://twitter.com/AndreCronjeTech/status/1488883057654386695?cxt=HHwWjsCyuZTQyakpAAAA | $200,000 | ||||
01/30/22 | Yearn Finance | ETH, FTM | Flashloan price manipulation of Balancer LP pool could lead to strategy buying stablecoin at inflated price | https://github.com/yearn/yearn-security/blob/master/disclosures/2022-01-30.md | https://twitter.com/bantg/status/1492225113286135809, https://medium.com/immunefi/nexus-mutual-bug-bounty-matching-program-pays-200-000-to-whitehat-4985d752dc46 | $15,500,000 | Anon | $200,000 | |
01/26/22 | Ondo Finance | ETH | Uninitialized logic contract (the proxy contracts were initialized properly) allowed any user to initialize the contract and obtaining the access needed to call the destroy function to selfdestruct the contract. | https://iosiro.com/blog/high-risk-vulnerability-disclosed-to-ondo-finance | $0 | ashiqamien | $25,000 | ||
01/24/22 | ZORA | ETH | Infinite approval during NFT purchase can be attacked. A NFT bid could be frontrun by increasing NFT price to steal 100% of token held in bidder’s wallet | https://zora.mirror.xyz/JeFZXnWb6jfJPon1rruXW-XJcoUVfgeNhu4XTYO3yFM | 0x Protocol team | $25,000 | |||
01/15/22 | Polygon | MATIC | Polygon consensus mechanism could be broken, but a large amount of MATIC would have to be held for an extended period to carry out the attack | https://medium.com/immunefi/polygon-consensus-bypass-bugfix-review-7076ce5047fe | Niv Yehezkel | $75,000 | |||
01/11/22 | Redacted Cartel | ETH | Custom ERC20 implementation had an error in transferFrom function that improperly approved funds | https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5 | https://twitter.com/redactedcartel/status/1482497480541544455 | $3,000,000.00 | Tommaso Pifferi | $560,000 | |
01/10/22 | Multichain | Multiple | Fallback function in ERC20 tokens allow a phantom permit function to not revert, allowing unauthorized token transfer from accounts that have a non zero approval or allowance | https://media.dedaub.com/phantom-functions-and-the-billion-dollar-no-op-c56f062ae49f | https://medium.com/multichainorg/action-required-critical-vulnerability-for-six-tokens-6b3cbd22bfc0 | $471,000,000 | Dedaub | $2,000,000 | |
01/07/22 | Notional | ETH | Internal accounting error | https://medium.com/immunefi/notional-double-counting-free-collateral-bugfix-review-28b634903934 | https://github.com/notional-finance/contracts-v2/pull/92 | $26,200,000 | 0x60511e57 | $1,000,000 | |
01/05/22 | APWine | ETH | Incorrect check in delegation allows yield theft | https://medium.com/immunefi/apwine-incorrect-check-of-delegations-bugfix-review-7e401a49c04f | setuid0 | $100,000 | |||
12/21/21 | Cronos | Cronos | Theft of transaction fee for current block by receiving a gas refund when no gas was paid | https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570 | https://github.com/crypto-org-chain/cronos/security/advisories/GHSA-f854-hpxv-cw9r | Rewards only, not original assets | zb3 | $40,000 | CVE-2021-43839 |
12/14/21 | Convex | ETH | Multisig could rugpull funds with majority 2 of 3 parties collaborating | https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved/ | $15,000,000,000.00 | OpenZeppelin | |||
12/05/21 | Polygon | MATIC | Bad signature check with ecrecover | https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d | https://blog.polygon.technology/all-you-need-to-know-about-the-recent-network-upgrade/ | $18,000,000,000 | Leon Spacewalker | $2,200,000 | |
11/27/21 | dYdX | StarkWare L2 | Low level call() with arbitrary inputs could be performed by untrusted parties. | https://dydx.exchange/blog/deposit-proxy-post-mortem | $2,000,000 | Anon | $500,000 | ||
11/17/21 | Enzyme Finance | ETH | Drain funds using flashloan to manipulate contract internal calculations | https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5 | $400,000 | setuid0 | $90,000 | ||
10/28/21 | Aztec | ETH | Improper integer casting, improper value constraints for cryptographic operations | https://hackmd.io/@aztec-network/disclosure-of-recent-vulnerabilities | Xin Gao and Onur Kilic | $50,000 | |||
10/27/21 | Robo Vault | ETH | Flashloan price manipulation of Uniswap pool | https://medium.com/@RoboVault/post-mortem-next-steps-3556820b7470 | https://twitter.com/FP_Crypto/status/1453437385405046787 | FP_Crypto | |||
10/20/21 | Harvest Finance | ETH | Uninitialized proxy | https://medium.com/immunefi/harvest-finance-uninitialized-proxies-bug-fix-postmortem-ea5c0f7af96b | $6,400,000 | Dedaub | $200,000 | ||
10/05/21 | RocketPool | ETH | A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. | https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 | https://twitter.com/rocket_pool/status/1446300700661583876?s=21 | Unclear | Dmitri Tsumak | $100,000 | |
10/05/21 | Lido Finance | ETH | A malicious node can frontrun an ETH deposit to take ETH from the protocol’s ETH deposit. | https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 | Unclear | Dmitri Tsumak | $100,000 | ||
10/05/21 | Polygon | MATIC | Double spend bridge vulnerability | https://medium.com/immunefi/polygon-double-spend-bug-fix-postmortem-2m-bounty-5a1db09db7f1 | https://gerhard-wagner.medium.com/double-spending-bug-in-polygons-plasma-bridge-2e0954ccadf1 | $850,000,000 | Gerhard Wegnar | $2,000,000 | |
09/02/21 | OpenZeppelin | ETH | Reentrancy vulnerability in OpenZeppelin TimelockController contract | https://medium.com/immunefi/openzeppelin-bug-fix-postmortem-66d8c89ed166 | https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5#diff-8229f9027848871a1706845a5a84fa3e6591445cfac6e16cfb7d652e91e8d395R307 | Unknown | zb3 | $25,000 | |
08/16/21 | SushiSwap | ETH | Reusing msg.value in a loop allows payment to be reused multiple times | https://samczsun.com/two-rights-might-make-a-wrong/ | https://hackmd.io/@353yQn6WTImF5o12LQXXfQ/Hy2ZDYFxF, https://blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/, https://twitter.com/josephdelong/status/1431314816698916865 | $350,000,000 | samczsun | $1,000,000 | |
08/15/21 | Dexfolio | BSC | Reentrancy vulnerability that could be exploited with a custom ERC20 contract to double count staked tokens | https://medium.com/amber-group/dexfolios-re-entrancy-loophole-explained-3bd3fecc29e2 | Lucash-dev and Amber Group | $1000 | |||
08/14/21 | Curve Bribe | ETH | https://twitter.com/bantg/status/1426629982328180737 | $118,000 | bantg | Unknown | |||
08/13/21 | ENS Name Wrapper | ETH | ERC-1155 callback function reentrancy | https://samczsun.com/the-dangers-of-surprising-code/#ens-name-wrapper | samczsun | ||||
08/10/21 | Belt Finance | BSC | Bypass of internal balance calculation by sending tokens directly to contract | https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291 | $60,000,000 | bobface16 | $1,050,000 | ||
08/01/21 | xDai Stake | xDAI | Tokens accidentally sent to bridge contract can be stolen | https://medium.com/immunefi/xdai-stake-arbitrary-call-method-bug-postmortem-f80a90ac56e3 | $4.50 | 0xadee028d | $5,000 | ||
07/31/21 | Tidal Finance | MATIC | Uninitialized or unset rewardDebt variable defaults to zero, allowing free unearned reward | https://medium.com/immunefi/tidal-finance-logic-error-bug-fix-postmortem-3607d8b7ed1f | https://github.com/TidalFinance/tidal-contracts/commit/924e87f1aead70abb17760c839b53ba40d80bf2c#diff-46a924754f71a2f8be88d0f20295f40653c881426d64b90e8bdd4f4bed303368 | Unclear | Csanuragjain | $25,000 | |
07/30/21 | Teller | ETH | Uninitialized proxy | https://medium.com/immunefi/teller-bug-fix-postmorten-and-bug-bounty-launch-b3f67a65c5ac | $1,000,000 | Bugdefeat | $50,000 | ||
06/29/21 | Yearn Finance | ETH | Flashloan of zero value bypassed safety checks and could result in liquidation of strategy’s debt position | https://github.com/yearn/yearn-security/blob/master/disclosures/2021-06-29.md | xyzaudits | $200,000 | |||
06/16/21 | Alchemix | ETH | Unprotected functions could lead to frontrunning and denial of service | https://medium.com/immunefi/alchemix-access-control-bug-fix-debrief-a13d39b9f2e0 | $300 | ashiqamien | $7,500 | ||
06/14/21 | MCDEX | Arbitrum | Contract does not validate user-provided contract address input parameter, allowing a user to craft a malicious contract. | https://medium.com/immunefi/mcdex-insufficient-validation-bug-fix-postmortem-182fc6cab899 | Unclear | Lucash-dev | $50,000 | ||
06/13/21 | Cream Finance | ETH | Old contract allow users to receive liquidity mining rewards without participating in liquidity mining. | https://medium.com/immunefi/cream-finance-insufficient-validation-bug-fix-postmortem-1ec7248e8865 | $100,000 | Azeem | $20,750 | ||
06/09/21 | Zapper | ETH | Low level call() with user-provided inputs could steal LP tokens | https://medium.com/immunefi/zapper-arbitrary-call-data-bug-fix-postmortem-d75a4a076ae9 | https://medium.com/zapper-protocol/post-mortem-sushiswap-uniswap-v2-zap-out-exploit-84e5d34603f0 | Unclear | Lucash-dev | $25,000 | |
06/08/21 | Mushrooms Finance | ETH | Flashloan function is missing an authorization check that allows any user to call the function. | https://medium.com/immunefi/mushrooms-finance-logic-error-bug-fix-postmortem-780122821621 | $635,000 | ckksec | $60,000 | ||
06/07/21 | 88mph | ETH | Unprotected init() function was missing onlyOwner modifier | https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3 | $6,500,000 | ashiqamien | $42,069 | ||
05/13/21 | Fei Protocol | ETH | Flashloan price manipulation of Uniswap pool | https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb | https://medium.com/fei-protocol/fei-bonding-curve-bug-post-mortem-98d2c6f271e9 | $240,000,000 | bobface16 | $800,000 | |
05/08/21 | Meebit NFTs | Brute force attack to mint rare Meetbits NFTs | https://iphelix.medium.com/meebit-nft-exploit-analysis-c9417b804f89 | ||||||
04/27/21 | PancakeSwap | BSC | Lottery ticket NFT can be redeemed multiple times because first redemption doesn’t invalidate ticket. | https://medium.com/immunefi/pancakeswap-logic-error-bug-fix-postmortem-f2d02adb6983 | $700,000 | Juno | |||
04/27/21 | Mushrooms Finance | ETH | MEV attack can steal yield | https://medium.com/immunefi/mushrooms-finance-theft-of-yield-bug-fix-postmortem-16bd6961388f | Unclear | Wen-Ding Li | $4,000 | ||
04/26/21 | SharedStake | ETH | Low level call() with user-provided inputs could extract timelocked funds | https://medium.com/immunefi/sharedstake-insider-exploit-postmortem-17fa93d5c90e | $40,000,000 | Lucash-dev | $5,000 | ||
04/06/21 | Fei Protocol | ETH | A combination of Uniswap function calls and Fei incentive calculations around maintaining peg allow a user to receive free WETH | https://medium.com/immunefi/fei-protocol-vulnerability-postmortem-483f9a7e6ad1 | $5,640,000 | 0xRevert | $300,000 | ||
04/05/21 | Ambisafe | ETH | Transferring ownership grants ownership to sender and receiver at the same time, allowing receiver to steal tokens | https://samczsun.com/uncovering-a-four-year-old-bug/ | samczsun | ||||
03/26/21 | ElasticDAO | ETH | Missing authorization allowed excess token minting | https://medium.com/elasticdao/elasticdao-smart-contract-and-security-audits-400f424281b6 | $5,000,000 | samczsun | |||
03/16/21 | Vesper | ETH | Drain funds using flashloan price manipulation of Uniswap pool | https://medium.com/immunefi/vesper-rebase-vulnerability-postmortem-and-bug-bounty-55354a49d184 | https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72 | $310,000 | Dedaub | Unclear | |
03/11/21 | Sovryn | RSK | User could take out a loan using another party’s collateral, allowing theft of the “borrowed” funds | https://medium.com/immunefi/sovryn-loan-vulnerability-postmortem-ffaf4d1d688f | $6,800 | Whitehat Turbo | $76,568 | ||
02/26/21 | Tokenlon | ETH | Signature verification does not properly handle zero address | https://tokenlon.medium.com/tokenlon-4-0-fee-incident-disclosure-9ee8b5fad564 | $750,000 | samczsun | $50,000 | ||
02/22/21 | PancakeSwap | BSC | User can frontrun the winning lottery ticket selection and buy the winning lottery ticket | https://medium.com/immunefi/pancakeswap-lottery-vulnerability-postmortem-and-bug-4febdb1d2400 | $240,000 | Thunder | Unclear | ||
02/21/21 | Primitive Finance | ETH | Flashloan with a Uniswap pool containing an attacker-controlled token and abuse infinite allowance to steal funds | https://primitivefinance.medium.com/postmortem-on-the-primitive-finance-whitehack-of-february-21st-2021-17446c0f3122 | https://medium.com/immunefi/inside-the-war-room-that-saved-primitive-finance-6509e2188c86 | $1,300,000 | Dedaub | $188,000 | |
02/21/21 | Hashmasks | ETH | ERC721 _safeMint callback reentrancy allows more NFTs to be minted than expected | https://samczsun.com/the-dangers-of-surprising-code/#hashmasks | https://thehashmasks.medium.com/hashmask-art-sale-bug-report-13ccd66b55d7 | 19 hashmasks | samczsun | $12,500 | |
02/15/21 | NFTX | ETH | Internal accounting error allows multiple NFTs to be associated with the same custom ERC20 | https://forum.nftx.org/t/retroactive-bug-bounty/161 | samczsun | $50,000 | |||
02/09/21 | Charged Particles | ETH | A user could sell their NFT but still maintain possession of the NFT after the sale using a malicious contract. | https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b | https://github.com/Charged-Particles/charged-particles-universe/commit/f4fb60e3f791c1bb3b8907276b27d0319ce46a68#diff-91fca72e3021a185238dd0e82e118ae3ab5993db93dd322d301c665ff74e3eed | Unclear | unsafe_call | $5,000 | |
02/09/21 | ForTube | ETH | Authorization bypass by creating fake ERC20 Ftoken | https://medium.com/the-force-protocol/fortube-security-vulnerability-fix-c5847359ba7d | samczsun | ||||
01/30/21 | ArmorFi | ETH | Internal accounting error caused by extra 10**18 multiplier | https://medium.com/immunefi/armorfi-bug-bounty-postmortem-cf46eb650b38 | Unclear | bobface16 | $876,000 | ||
01/16/21 | Yearn Finance | ETH | Internal accounting error resulted in incorrect share price calculation | https://github.com/yearn/yearn-security/blob/master/disclosures/2021-01-17.md | |||||
01/15/21 | Gnosis Safe | ETH | https://docs.gnosis-safe.io/learn/security/bug-bounty-program#duplicate-owners-during-setup-could-render-safe-unusable | davidnich11 | $2,500 | ||||
01/09/21 | Optimism | https://github.com/ethereum-optimism/contracts-v2/pull/172 | https://github.com/ethereum-optimism/contracts-v2/pull/179, https://github.com/ethereum-optimism/contracts-v2/pull/181, https://github.com/ethereum-optimism/contracts/pull/364, https://github.com/ethereum-optimism/contracts/pull/360 | samczsun | |||||
12/04/20 | Aave | ETH | Uninitialized proxy for Aave V2 LendingPool proxy | https://medium.com/aave/aave-security-newsletter-546bf964689d | https://blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/ | None | Josselin Feist | $25,000 | |
12/03/20 | Frax Finance | https://github.com/FraxFinance/frax-solidity/issues/12 | https://github.com/FraxFinance/frax-solidity/issues/7 | samczsun | |||||
10/30/20 | Yearn Finance | ETH | Flashloan price manipulation from missing slippage protection when earn() function is called | https://github.com/yearn/yearn-security/blob/master/disclosures/2020-10-30.md | $650,000 | Wen-Ding Li | |||
10/22/20 | PoolTogether | Deposit action could be frontrun, causing the amount deposited later to be taken by the frontrunner | https://docs.pooltogether.com/security/bug-bounties#permitanddepositdai-contract-unrestricted-sender | Kevin Foesenek | $20,000.00 | ||||
10/12/20 | Yield Protocol | https://github.com/yieldprotocol/fyDai/pull/360 | samczsun | ||||||
10/10/20 | Alpha Homora | ETH | Opening a position when LP price is skewed and lowering the price after the position is opened can allow the position to be liquidated by a user, who would profit 5% of position value | https://blog.alphafinance.io/alpha-homora-adjustments/ | samczsun | ||||
10/10/20 | Yearn Finance | ETH | The address input parameter for the deposit function is not validated, so a fake gauge contract can be provided | https://github.com/yearn/yearn-security/blob/master/disclosures/2020-10-10.md | $20,000 | Emiliano Bonassi | |||
10/03/20 | Aavegotchi Staking | https://github.com/aavegotchi/ghst-staking/issues/2 | samczsun | ||||||
09/25/20 | Incognito Chain | ETH | No validation check around token duplicating, allowing for double spend | https://we.incognito.org/t/how-a-smart-contract-vulnerability-was-discovered-and-fixed/6416 | $2,690,000 | samczsun | |||
09/25/20 | Yearn Finance | ETH | Earn function can run out of gas before completing fully, which alters the share price and can lead to buying the dip with a flashloan | https://github.com/yearn/yearn-security/blob/master/disclosures/2020-09-25.md | Andre Cronje | ||||
09/15/20 | Lien Finance | https://samczsun.com/escaping-the-dark-forest/ | samczsun | ||||||
09/11/20 | Gnosis Safe | ETH | https://docs.gnosis-safe.io/learn/security/bug-bounty-program#setting-a-safe-as-an-owner-of-itself-essentially-reduces-threshold-by-1 | keviinfoes | $5,000 | ||||
08/21/20 | xTokens | ETH | Flashloan price manipulation of Uniswap pool | https://medium.com/xtoken/xsnxa-false-start-post-mortem-f26a7a735383 | samczsun | ||||
07/25/20 | yVault | https://blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/ | $400,000 | samczsun | |||||
06/21/20 | Atomic Loans | https://web.archive.org/web/20200926093030/https://atomic.loans/blog/vulnerability-disclosure-and-pause-new-loan-requests/ | samczsun | ||||||
06/18/20 | Bancor | ETH | safeTransferFrom does not validate message sender is authorized to spend “from” address funds, so funds can be stolen from addresses with non-zero allowance | https://zengo.com/bancor-smart-contracts-vulnerability-its-not-over/ | $460,000 | ||||
03/26/20 | Synthetix | https://blog.synthetix.io/bug-disclosure | samczsun | ||||||
02/20/20 | Nexus Mutual | https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa | samczsun | $5,000 | |||||
02/18/20 | Nexus Mutual | https://medium.com/nexus-mutual/responsible-vulnerability-disclosure-ece3fe3bcefa | Mudhit Gupta | $2,000 | |||||
02/17/20 | Authereum | https://medium.com/authereum/account-vulnerability-disclosure-ec9e288c6a24 | samczsun | ||||||
02/09/20 | Aragon Court | https://web.archive.org/web/20210306232055/https://blog.aragon.one/aragon-court-v1-upgrades/ | samczsun | ||||||
01/25/20 | Curve Finance | https://web.archive.org/web/20220525040546/https://blog.curve.fi/vulnerability-disclosure/ | samczsun | ||||||
12/09/19 | Gnosis Safe | ETH | https://docs.gnosis-safe.io/learn/security/bug-bounty-program#potential-suicide-of-multisend-library | micahzoltu | $1,000.00 | ||||
11/22/19 | Gnosis Safe | ETH | https://docs.gnosis-safe.io/learn/security/bug-bounty-program#transaction-failure-when-receiving-funds-via-transfer-or-send | ||||||
11/08/19 | ENS | https://medium.com/the-ethereum-name-service/lets-talk-ens-migration-a92d5c21df28 | samczsun | CVE-2020–5232 | |||||
10/17/19 | Cheese Wizards | https://medium.com/dapperlabs/disclosure-forking-cheeze-wizards-smart-contracts-all-funds-and-wizards-are-secure-3c53af5bc531 | samczsun | ||||||
09/18/19 | Hydro Protocol | https://medium.com/ddex/fixed-potential-vulnerability-in-contract-used-during-private-beta-217c0ed6f694 | samczsun | ||||||
09/13/19 | Kyber Network | https://blog.kyber.network/anatomy-of-a-bridge-reserve-smart-contract-vulnerability-and-how-we-fixed-it-fc5c50d13238 | samczsun | ||||||
09/03/19 | bZx Protocol | https://medium.com/@b0xNet/your-funds-are-safe-d35826fe9a87 | samczsun | ||||||
07/29/19 | Livepeer | https://forum.livepeer.org/t/protocol-paused-for-bug-fix-upgrade-7-29-19-4-21pm-edt-update-protocol-resumed-as-of-8-40pm-edt/841 | samczsun | ||||||
07/12/19 | 0x Exchange | https://samczsun.com/the-0x-vulnerability-explained/ | samczsun |