DeFi黑客复现 - Foundry

SunWeb3Sec
发布于 2025-04-22 18:56
阅读 15

该文档整理了2023年DeFi领域发生的安全事件，总共包含214起。每一条事件都列出了被攻击的项目名称、攻击日期、攻击类型、损失金额，以及复现漏洞的 Foundry 测试代码，和相关参考链接，可以帮助安全研究人员快速了解DeFi安全态势。

## DeFi 黑客复现 - Foundry

### 2023 - 过去的 DeFi 事件列表

包括 214 起事件。

[20231231 Channels BUSD&USDC](#20231231-channels---price-manipulation)

[20231230 ChannelsFinance](#20231230-channelsfinance---compoundv2-inflation-attack)

[20231228 CCV](#20231225-CCV---precision-loss)

[20231228 DominoTT](#20231228-dominott---precision-loss)

[20231225 Telcoin](#20231225-telcoin---storage-collision)

[20231222 PineProtocol](#20231222-pineprotocol---business-logic-flaw)

[20231220 TransitFinance](#20231220-transitfinance---lack-of-validation-pool)

[20231217 Bob](#20231217-bob---price-manipulation)

[20231217 FloorProtocol](#20231217-floorprotocol---business-logic-flaw)

[20231216 GoodDollar](#20231216-gooddollar---lack-of-input-validation--reentrancy)

[20231216 KEST](#20231216-kest---business-logic-flaw)

[20231216 NFTTrader](#20231216-nfttrader---reentrancy)

[20231214 PHIL](#20231214-PHIL---business-logic-flaw)

[20231213 HYPR](#20231213-hypr---business-logic-flaw)

[20231211 GoodCompound](#20231211-goodcompound---price-manipulation)

[20231209 BCT](#20231209-bct---price-manipulation)

[20231207 HNet](#20231207-HNet---business-logic-flaw)

[20231206 TIME](#20231206-time---arbitrary-address-spoofing-attack)

[20231206 ElephantStatus](#20231206-elephantstatus---price-manipulation)

[20231205 MAMO](#20231205-mamo---price-manipulation)

[20231205 BEARNDAO](#20231205-bearndao---business-logic-flaw)

[20231202 bZxProtocol](#20231202-bzxprotocol---inflation-attack)

[20231201 UnverifiedContr_0x431abb](#20231201-unverifiedcontr_0x431abb---business-logic-flaw)

[20231130 EEE](#20231130-eee---price-manipulation)

[20231130 CAROLProtocol](#20231130-carolprotocol---price-manipulation-via-reentrancy)

[20231129 Burntbubba](#20231129-burntbubba---price-manipulation)

[20231129 AIS](#20231129-ais---access-control)

[20231128 FiberRouter](#20231128-FiberRouter---input-validation)

[20231125 MetaLend](#20231125-metalend---compoundv2-inflation-attack)

[20231125 TheNFTV2](#20231125-thenftv2---logic-flaw)

[20231122 KyberSwap](#20231122-kyberswap---precision-loss)

[20231117 Token8633_9419](#20231117-token8633_9419---price-manipulation)

[20231117 ShibaToken](#20231117-shibatoken---business-logic-flaw)

[20231116 WECO](#20231116-weco---business-logic-flaw)

[20231115 EHX](#20231115-ehx---lack-of-slippage-control)

[20231115 XAI](#20231115-xai---business-logic-flaw)

[20231115 LinkDAO](#20231115-linkdao---bad-k-value-verification)

[20231114 OKC Project](#20231114-OKC-Project---Instant-Rewards-Unlocked)

[20231112 MEV_0x8c2d](#20231112-mevbot_0x8c2d---lack-of-access-control)

[20231112 MEV_0xa247](#20231112-mevbot_0xa247---incorrect-access-control)

[20231111 Mahalend](#20231111-mahalend---donate-inflation-exchangerate--rounding-error)

[20231110 Raft_fi](#20231110-raft_fi---donate-inflation-exchangerate--rounding-error)

[20231110 GrokToken](#20231110-grok---lack-of-slippage-protection)

[20231107 RBalancer](#20231107-rbalancer---business-logic-flaw)

[20231107 MEVbot](#20231107-mevbot---lack-of-access-control)

[20231106 TrustPad](#20231106-trustpad---lack-of-msgsender-address-verification)

[20231106 TheStandard_io](#20231106-thestandard_io---lack-of-slippage-protection)

[20231106 KR](#20231106-KR---precission-loss)

[20231102 BRAND](#20231102-brand---lack-of-access-control)

[20231102 3913Token](#20231102-3913token---deflationary-token-attack)

[20231101 SwampFinance](#20231101-swampfinance---business-logic-flaw)

[20231101 OnyxProtocol](#20231101-onyxprotocol---precission-loss-vulnerability)

[20231031 UniBotRouter](#20231031-UniBotRouter---arbitrary-external-call)

[20231030 LaEeb](#20231030-laeeb---lack-slippage-protection)

[20231028 AstridProtocol](#20231028-AstridProtocol---business-logic-flaw)

[20231024 MaestroRouter2](#20231024-maestrorouter2---arbitrary-external-call)

[20231022 OpenLeverage](#20231022-openleverage---business-logic-flaw)

[20231019 kTAF](#20231019-ktaf---compoundv2-inflation-attack)

[20231018 HopeLend](#20231018-hopelend---div-precision-loss)

[20231018 MicDao](#20231018-micdao---price-manipulation)

[20231013 BelugaDex](#20231013-belugadex---price-manipulation)

[20231013 WiseLending](#20231013-wiselending---donate-inflation-exchangerate--rounding-error)

[20231012 Platypus](#20231012-platypus---business-logic-flaw)

[20231011 BH](#20231011-bh---price-manipulation)

[20231008 ZS](#20231008-zs---business-logic-flaw)

[20231008 pSeudoEth](#20231008-pseudoeth---pool-manipulation)

[20231007 StarsArena](#20231007-starsarena---reentrancy)

[20231005 DePayRouter](#20231005-depayrouter---business-logic-flaw)

[20230930 FireBirdPair](#20230930-FireBirdPair---lack-slippage-protection)

[20230929 DEXRouter](#20230929-dexrouter---arbitrary-external-call)

[20230926 XSDWETHpool](#20230926-XSDWETHpool---reentrancy)

[20230924 KubSplit](#20230924-kubsplit---pool-manipulation)

[20230921 CEXISWAP](#20230921-cexiswap---incorrect-access-control)

[20230916 uniclyNFT](#20230916-uniclynft---reentrancy)

[20230911 0x0DEX](#20230911-0x0dex---parameter-manipulation)

[20230909 BFCToken](#20230909-bfctoken---business-logic-flaw)

[20230908 APIG](#20230908-apig---business-logic-flaw)

[20230907 HCT](#20230907-hct---price-manipulation)

[20230905 QuantumWN](#20230905-quantumwn---rebasing-logic-issue)

[20230905 JumpFarm](#20230905-JumpFarm---rebasing-logic-issue)

[20230905 HeavensGate](#20230905-HeavensGate---rebasing-logic-issue)

[20230905 FloorDAO](#20230905-floordao---rebasing-logic-issue)

[20230902 DAppSocial](#20230902-dappsocial---business-logic-flaw)

[20230829 EAC](#20230829-eac---price-manipulation)

[20230827 Balancer](#20230827-balancer---rounding-error--business-logic-flaw)

[20230826 SVT](#20230826-svt---flawed-price-calculation)

[20230824 GSS](#20230824-gss---skim-token-balance)

[20230821 EHIVE](#20230821-ehive---business-logic-flaw)

[20230819 BTC20](#20230819-btc20---price-manipulation)

[20230818 ExactlyProtocol](#20230818-exactlyprotocol---insufficient-validation)

[20230814 ZunamiProtocol](#20230814-zunamiprotocol---price-manipulation)

[20230809 EarningFram](#20230809-earningfram---reentrancy)

[20230802 CurveBurner](#20230802-curveburner---lack-slippage-protection)

[20230802 Uwerx](#20230802-uwerx---fault-logic)

[20230801 NeutraFinance](#20230801-neutrafinance---price-manipulation)

[20230801 LeetSwap](#20230801-leetswap---access-control)

[20230731 GYMNET](#20230731-gymnet---insufficient-validation)

[20230730 Curve](#20230730-curve---vyper-compiler-bug--reentrancy)

[20230726 Carson](#20230726-carson---price-manipulation)

[20230724 Palmswap](#20230724-palmswap---business-logic-flaw)

[20230723 MintoFinance](#20230723-mintofinance---signature-replay)

[20230722 ConicFinance02](#20230722-conic-finance-02---price-manipulation)

[20230721 ConicFinance](#20230721-conic-finance---read-only-reentrancy--misconfiguration)

[20230721 SUT](#20230721-sut---business-logic-flaw)

[20230720 Utopia](#20230720-utopia---business-logic-flaw)

[20230720 FFIST](#20230720-ffist---business-logic-flaw)

[20230718 APEDAO](#20230718-apedao---business-logic-flaw)

[20230718 BNO](#20230718-bno---invalid-emergency-withdraw-mechanism)

[20230717 NewFi](#20230717-newfi---lack-slippage-protection)

[20230715 USDTStakingContract28](#20230715-usdtstakingcontract28---lack-of-access-control)

[20230712 Platypus](#20230712-platypus---bussiness-logic-flaw)

[20230712 WGPT](#20230712-wgpt---business-logic-flaw)

[20230711 RodeoFinance](#20230711-rodeofinance---twap-oracle-manipulation)

[20230711 Libertify](#20230711-libertify---reentrancy)

[20230710 ArcadiaFi](#20230710-arcadiafi---reentrancy)

[20230708 CIVNFT](#20230708-civnft---lack-of-access-control)

[20230708 Civfund](#20230708-civfund---lack-of-access-control)

[20230707 LUSD](#20230707-LUSD---price-manipulation-attack)

[20230704 BambooIA](#20230704-bambooia---price-manipulation-attack)

[20230704 BaoCommunity](#20230704-baocommunity---donate-inflation-exchangerate--rounding-error)

[20230703 AzukiDAO](#20230703-azukidao---invalid-signature-verification)

[20230630 Biswap](#20230630-biswap---v3migrator-exploit)

[20230630 MyAi](#20230630-MyAi---business-loigc)

[20230628 Themis](#20230628-themis---manipulation-of-prices-using-flashloan)

[20230627 UnverifiedContr_9ad32](#20230627-unverifiedcontr_9ad32---business-loigc-flaw)

[20230627 STRAC](#20230627-STRAC---business-loigc)

[20230623 SHIDO](#20230623-shido---business-loigc)

[20230621 BabyDogeCoin02](#20230621-babydogecoin02---lack-slippage-protection)

[20230621 BUNN](#20230621-bunn---reflection-tokens)

[20230620 MIM](#20230620-mimspell---arbitrary-external-call-vulnerability)

[20230619 Contract_0x7657](#20230620-Contract_0x7657---business-loigc)

[20230618 ARA](#20230618-ara---incorrect-handling-of-permissions)

[20230617 MidasCapitalXYZ](#20230617-midascapitalxyz---precision-loss)

[20230617 Pawnfi](#20230617-pawnfi---business-logic-flaw)

[20230615 CFC](#20230615-cfc---uniswap-skim-token-balance-attack)

[20230615 DEPUSDT_LEVUSDC](#20230615-depusdt_levusdc---incorrect-access-control)

[20230612 Sturdy Finance](#20230612-sturdy-finance---read-only-reentrancy)

[20230611 SellToken04](#20230611-sellToken04---Price-Manipulation)

[20230607 CompounderFinance](#20230607-compounderfinance---manipulation-of-funds-through-fluctuations-in-the-amount-of-exchangeable-assets)

[20230606 VINU](#20230606-vinu---price-manipulation)

[20230606 UN](#20230606-un---price-manipulation)

[20230602 NST SimpleSwap](#20230602-nst-simple-swap---unverified-contract-wrong-approval)

[20230601 DDCoin](#20230601-ddcoin---flashloan-attack-and-smart-contract-vulnerability)

[20230601 Cellframenet](#20230601-cellframenet---calculation-issues-during-liquidity-migration)

[20230531 ERC20TokenBank](#20230531-erc20tokenbank---price-manipulation)

[20230529 Jimbo](#20230529-jimbo---protocol-specific-price-manipulation)

[20230529 BabyDogeCoin](#20230529-babydogecoin---lack-slippage-protection)

[20230529 FAPEN](#20230529-fapen---wrong-balance-check)

[20230529 NOON_NO](#20230529-noon-no---wrong-visibility-in-function)

[20230525 GPT](#20230525-gpt-token---fee-machenism-exploitation)

[20230524 LocalTrade](#20230524-local-trade-lct---improper-access-control-of-close-source-contract)

[20230524 CS](#20230524-cs-token---outdated-global-variable)

[20230523 LFI](#20230523-lfi-token---business-logic-flaw)

[20230514 landNFT](#20230514-landNFT---lack-of-permission-control)

[20230514 SellToken03](#20230514-selltoken03---unchecked-user-input)

[20230513 Bitpaidio](#20230513-bitpaidio---business-logic-flaw)

[20230513 SellToken02](#20230513-selltoken02---price-manipulation)

[20230512 LW](#20230512-lw---flashloan-price-manipulation)

[20230511 SellToken01](#20230511-selltoken01---business-logic-flaw)

[20230510 SNK](#20230510-snk---reward-calculation-error)

[20230509 MCC](#20230509-mcc---reflection-token)

[20230509 HODL](#20230509-hodl---reflection-token)

[20230506 Melo](#20230506-melo---access-control)

[20230505 DEI](#20230505-dei---wrong-implemention)

[20230503 NeverFall](#20230503-NeverFall---price-manipulation)

[20230502 Level](#20230502-level---business-logic-flaw)

[20230428 0vix](#20230428-0vix---flashloan-price-manipulation)

[20230427 SiloFinance](#20230427-Silo-finance---Business-Logic-Flaw)

[20230424 Axioma](#20230424-Axioma---business-logic-flaw)

[20230419 OLIFE](#20230419-OLIFE---Reflection-token)

[20230416 Swapos V2](#20230416-swapos-v2---error-k-value-attack)

[20230415 HundredFinance](#20230415-hundredfinance---donate-inflation-exchangerate--rounding-error)

[20230413 yearnFinance](#20230413-yearnFinance---misconfiguration)

[20230412 MetaPoint](#20230412-metapoint---Unrestricted-Approval)

[20230411 Paribus](#20230411-paribus---reentrancy)

[20230409 SushiSwap](#20230409-SushiSwap---Unchecked-User-Input)

[20230405 Sentiment](#20230405-sentiment---read-only-reentrancy)

[20230402 Allbridge](#20230402-allbridge---flashloan-price-manipulation)

[20230328 SafeMoon Hack](#20230328-safemoon-hack)

[20230328 THENA](#20230328---thena---yield-protocol-flaw)

[20230325 DBW](#20230325---dbw--business-logic-flaw)

[20230322 BIGFI](#20230322---bigfi---reflection-token)

[20230317 ParaSpace NFT](#20230317---paraspace-nft---flashloan--scaledbalanceof-manipulation)

[20230315 Poolz](#20230315---poolz---integer-overflow)

[20230313 EulerFinance](#20230313---eulerfinance---business-logic-flaw)

[20230308 DKP](#20230308---dkp---flashloan-price-manipulation)

[20230307 Phoenix](#20230307---phoenix---access-control--arbitrary-external-call)

[20230227 LaunchZone](#20230227---launchzone---access-control)

[20230227 SwapX](#20230227---swapx---access-control)

[20230224 EFVault](#20230224---efvault---storage-collision)

[20230222 DYNA](#20230222---dyna---business-logic-flaw)

[20230218 RevertFinance](#20230218---revertfinance---arbitrary-external-call-vulnerability)

[20230217 Starlink](#20230217---starlink---business-logic-flaw)

[20230217 Dexible](#20230217---dexible---arbitrary-external-call-vulnerability)

[20230217 Platypusdefi](#20230217---platypusdefi---business-logic-flaw)

[20230210 Sheep Token](#20230210---sheep---reflection-token)

[20230210 dForce](#20230210---dforce---read-only-reentrancy)

[20230207 CowSwap](#20230207---cowswap---arbitrary-external-call-vulnerability)

[20230206 FDP Token](#20230206---fdp---reflection-token)

[20230203 Orion Protocol](#20230203---orion-protocol---reentrancy)

[20230203 Spherax USDs](#20230203---spherax-usds---balance-recalculation-bug)

[20230202 BonqDAO](#20230202---BonqDAO---price-oracle-manipulation)

[20230130 BEVO](#20230130---bevo---reflection-token)

[20230126 TomInu Token](#20230126---tinu---reflection-token)

[20230119 SHOCO Token](#20230119---shoco---reflection-token)

[20230119 ThoreumFinance](#20230119---thoreumfinance-business-logic-flaw)

[20230118 QTN Token](#20230118---qtntoken---business-logic-flaw)

[20230118 UPS Token](#20230118---upstoken---business-logic-flaw)

[20230117 OmniEstate](#20230117---OmniEstate---no-input-parameter-check)

[20230116 MidasCapital](#20230116---midascapital---read-only-reentrancy)

[20230111 UFDao](#20230111---ufdao---incorrect-parameter-setting)

[20230111 ROE](#20230111---roefinance---flashloan-price-manipulation)

[20230110 BRA](#20230110---bra---business-logic-flaw)

[20230103 GDS](#20230103---gds---business-logic-flaw)

#### 20231231 Channels - 价格操纵

#### 损失：约 $4.4K

```sh
forge test --contracts ./src/test/2023-12/Channels_exp.sol -vvv --evm-version shanghai
```
##### 合约

[Channels_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/Channels_exp.sol)

#### 链接参考

https://app.blocksec.com/explorer/tx/bsc/0xcf729a9392b0960cd315d7d49f53640f000ca6b8a0bd91866af5821fdf36afc5

---

#### 20231230 ChannelsFinance - CompoundV2 膨胀攻击

#### 损失：约 320K

```
forge test --contracts src/test/2023-12/ChannelsFinance_exp.sol -vvv
```

##### 合约

[ChannelsFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/ChannelsFinance_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1741353303542501455

---

#### 20231228 CCV - 精度损失

#### 损失：约 3.2K $BUSD

```
forge test --contracts src/test/2023-12/CCV_exp.sol -vvv
```

##### 合约

[CCV_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/CCV_exp.sol)

##### 链接参考

https://app.blocksec.com/explorer/tx/bsc/0x6ba4152db9da45f5751f2c083bf77d4b3385373d5660c51fe2e4382718afd9b4

---

#### 20231228 DominoTT - 精度损失

#### 损失：约 5 $WBNB

```
forge test --contracts src/test/2023-12/DominoTT_exp.sol -vvv
```

##### 合约

[DominoTT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/DominoTT_exp.sol)

##### 链接参考

https://app.blocksec.com/explorer/tx/bsc/0x1ee617cd739b1afcc673a180e60b9a32ad3ba856226a68e8748d58fcccc877a8

---

#### 20231225 Telcoin - 存储冲突

#### 损失：约 1,24M

```
forge test --contracts ./src/test/2023-12/Telcoin_exp.sol -vvv
```

##### 合约

[Telcoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/Telcoin_exp.sol)

##### 链接参考

https://blocksec.com/phalcon/blog/telcoin-security-incident-in-depth-analysis

https://hacked.slowmist.io/?c=&page=2

---

#### 20231222 PineProtocol - 业务逻辑缺陷

#### 损失：约 90k

```
forge test --contracts ./src/test/2023-12/PineProtocol_exp.sol -vvv
```

##### 合约

[PineProtocol_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/PineProtocol_exp.sol)

##### 链接参考##### 链接参考

https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure

---

#### 20231206 ElephantStatus - 价格操纵

#### 损失：~$165k

测试

```
forge test --contracts ./src/test/2023-12/ElephantStatus_exp.sol -vvv
```

##### 合约

[ElephantStatus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/ElephantStatus_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1732354930529435940

---

#### 20231205 MAMO - 价格操纵

#### 损失：~$3.3K

```sh
forge test --contracts ./src/test/2023-12/MAMO_exp.sol -vvv --evm-version shanghai
```
##### 合约
[MAMO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/MAMO_exp.sol)
#### 链接参考

https://bscscan.com/tx/0x189a8dc1e0fea34fd7f5fa78c6e9bdf099a8d575ff5c557fa30d90c6acd0b29f

---

#### 20231205 BEARNDAO - 业务逻辑缺陷

#### 损失：~$769k

测试

```
forge test --contracts ./src/test/2023-12/BEARNDAO_exp.sol -vvv
```

##### 合约

[BEARNDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/BEARNDAO_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1732159377749180646

---

#### 20231202 bZxProtocol - 通货膨胀攻击

#### 损失：~$208k

测试

```
forge test --contracts ./src/test/2023-12/bZx_exp.sol -vvv
```

##### 合约

[bZx_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/bZx_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1730811240942088263

---

#### 20231201 UnverifiedContr_0x431abb - 业务逻辑缺陷

#### 损失：~$500k

测试

```
forge test --contracts ./src/test/2023-12/UnverifiedContr_0x431abb_exp.sol -vvv
```

##### 合约

[UnverifiedContr_0x431abb_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-12/UnverifiedContr_0x431abb_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1730625352953901123

---

#### 20231130 EEE - 价格操纵

#### 损失：~$22.8K

```sh
forge test --contracts ./src/test/2023-11/EEE_exp.sol -vvv --evm-version shanghai
```

##### 合约

[EEE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/EEE_exp.sol)

#### 链接参考

https://bscscan.com/tx/0x7312d9f9c13fc69f00f58e92a112a3e7f036ced7e65f7e0fa67382488d5557dc

---

#### 20231130 CAROLProtocol - 通过重入进行价格操纵

#### 损失：~$53k

测试

```sh
forge test --contracts ./src/test/2023-11/CAROLProtocol_exp.sol -vvv
```

##### 合约

[CAROLProtocol_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/CAROLProtocol_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1730496513359647167

---

#### 20231129 Burntbubba - 价格操纵

#### 损失：~$3K

测试

```sh
forge test --contracts src/test/2023-11/Burntbubba_exp.sol -vvv
```

##### 合约

[Burntbubba_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/Burntbubba_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1730044259087315046

---

#### 20231129 AIS - 验证不足

#### 损失：~$61k

测试

```sh
forge test --contracts ./src/test/2023-11/AIS_exp.sol -vvv
```

##### 合约

[AIS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/AIS_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1729861048004391306

---

#### 20231128 FiberRouter - 输入验证

#### 损失：18 eth

测试

```sh
forge test --contracts ./src/test/2023-11/FiberRouter_exp.sol -vvv
```

##### 合约

[FiberRouter_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/FiberRouter_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1729323254610002277

---

#### 20231125 MetaLend - CompoundV2 通货膨胀攻击

#### 损失：~$4K

测试

```
forge test --contracts src/test/2023-11/MetaLend_exp.sol -vvv
```

##### 合约

[MetaLend_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/MetaLend_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1728424965257691173

---

#### 20231125 TheNFTV2 - 逻辑缺陷

#### 损失：~$19K

测试

```
forge test --contracts ./src/test/2023-11/TheNFTV2_exp.sol -vvv
```

##### 合约

[TheNFTV2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/TheNFTV2_exp.sol)

##### 链接参考

https://x.com/MetaTrustAlert/status/1728616715825848377

---

#### 20231122 KyberSwap - 精度损失

#### 损失：~$48M

攻击分布在 6 个链和 17 个交易中。

每笔交易都以 KyberSwap elastic CLAMM 中的最多 5 个池为目标并耗尽。

#### 测试

所有池的攻击都遵循与第一个相同的方案：

```
forge test --contracts ./src/test/2023-11/KyberSwap_exp.eth.1.sol -vvv
```

##### 合约

[KyberSwap_exp.eth.1.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/KyberSwap_exp.eth.1.sol)

##### 链接参考

[快速分析](https://twitter.com/BlockSecTeam/status/1727560157888942331)。

[深入分析](https://blocksec.com/blog/yet-another-tragedy-of-precision-loss-an-in-depth-analysis-of-the-kyber-swap-incident-1)。

[交易列表](https://phalcon.blocksec.com/explorer/security-incidents?page=1)。

---

#### 20231117 Token8633_9419 - 价格操纵

#### 损失：~$52K

测试

```
forge test --contracts ./src/test/2023-11/Token8633_9419_exp.sol -vvv
```

##### 合约

[Token8633_9419_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/Token8633_9419_exp.sol)

---

#### 20231117 ShibaToken - 业务逻辑缺陷

#### 损失：~$31K

测试

```
forge test --contracts ./src/test/2023-11/ShibaToken_exp.sol -vvv
```

##### 合约

[ShibaToken_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/ShibaToken_exp.sol)

---

#### 20231116 WECO - 业务逻辑缺陷

#### 损失：~$18K

测试

```
forge test --contracts ./src/test/2023-11/WECO_exp.sol -vvv
```

##### 合约

[WECO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/WECO_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1725311048625041887

---

#### 20231115 EHX - 缺乏滑点控制

#### 损失：不明确

测试

```
forge test --contracts ./src/test/2023-11/EHX_exp.sol -vvv
```

##### 合约

[EHX_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/EHX_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1724691996638618086

---

#### 20231115 XAI - 业务逻辑缺陷

#### 损失：不明确

测试

```
forge test --contracts src/test/2023-11/XAI_exp.sol -vvv
```

##### 合约

[XAI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/XAI_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1724683082064855455

---

#### 20231115 LinkDAO - 错误的 `K` 值验证

#### 损失：~$30K

测试

```
forge test --contracts ./src/test/2023-11/LinkDao_exp.sol -vvv
```

##### 合约

[LinkDao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/LinkDao_exp.sol)

##### 链接参考

https://x.com/phalcon_xyz/status/1725058908144746992

---

#### 20231114 OKC 项目 - 即时奖励，已解锁

#### 损失：~$6268

测试

```
forge test --contracts ./src/test/2023-11/OKC_exp.sol -vvv
```

##### 合约

[OKC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/OKC_exp.sol)

##### 链接参考

https://lunaray.medium.com/okc-project-hack-analysis-0907312f519b

---

#### 20231112 MEVBot_0x8c2d - 缺乏访问控制

#### 损失：~$365K

测试

```
forge test --contracts ./src/test/2023-11/MEV_0x8c2d_exp.sol -vvv
```

##### 合约

[MEV_0x8c2d_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/MEV_0x8c2d_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1723897569661657553

---

#### 20231112 MEVBot_0xa247 - 不正确的访问控制

#### 损失：~$150K

测试

```
forge test --contracts ./src/test/2023-11/MEV_0xa247_exp.sol -vvv
```

##### 合约

[MEV_0xa247_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/MEV_0xa247_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1723591214262632562

---

#### 20231111 MahaLend - 捐赠通货膨胀 ExchangeRate & 舍入误差

#### 损失：~$20 K

测试

```
forge test --contracts ./src/test/2023-11/MahaLend_exp.sol -vvv
```

#### 合约

[MahaLend_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/MahaLend_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1723223766350832071

---

#### 20231110 Raft_fi - 捐赠通货膨胀 ExchangeRate & 舍入误差

#### 损失：~$3.2 M

测试

```
forge test --contracts ./src/test/2023-11/Raft_exp.sol -vvv
```

#### 合约

[Raft_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/Raft_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1723229393529835972

---

#### 20231110 grok - 缺乏滑点保护

#### 损失：~26 ETH

测试

```
forge test --contracts ./src/test/2023-11/grok_exp.sol -vvv
```

##### 合约

[grok_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/grok_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1722841076120130020

---

#### 20231107 RBalancer - 业务逻辑缺陷

#### 损失：~17 ETH

测试

```
forge test --contracts ./src/test/2023-11/RBalancer_exp.sol -vvv --evm-version "shanghai"
```

##### 合约

[RBalancer_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/RBalancer_exp.sol)

##### 链接参考

https://x.com/AnciliaInc/status/1722121056083943909

---

#### 20231107 MEVbot - 缺乏访问控制

#### 损失：~$2M

测试

```
forge test --contracts ./src/test/2023-11/bot_exp.sol -vvv
```

##### 合约

[bot_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/bot_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1722101942061601052

---

#### 20231106 TrustPad - 缺乏 msg.sender 地址验证

#### 损失：~$155K

测试

```
forge test --contracts ./src/test/2023-11/TrustPad_exp.sol  -vvv
```

##### 合约

[TrustPad_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/TrustPad_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1721800306101793188

---

#### 20231106 KR - 精度损失

#### 损失：~$15K

测试

```
forge test --contracts ./src/test/2023-11/KR_exp.sol  -vvv
```

##### 合约

[KR_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/KR_exp.sol)

##### 链接参考

https://app.blocksec.com/explorer/tx/bsc/0x2abf871eb91d03bc8145bf2a415e79132a103ae9f2b5bbf18b8342ea9207ccd7

---

#### 20231106 TheStandard_io - 缺乏滑点保护

#### 损失：~$290K

测试

```
forge test --contracts ./src/test/2023-11/TheStandard_io_exp.sol -vvv
```

##### 合约

[TheStandard_io_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/TheStandard_io_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1721807569222549518

https://twitter.com/CertiKAlert/status/1721839125836321195

---

#### 20231102 BRAND - 缺乏访问控制

#### 损失：~23 WBNB

测试

```
forge test --contracts ./src/test/2023-11/BRAND_exp.sol  -vvv
```

##### 合约

[BRAND_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/BRAND_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1720035913009709473

---

#### 20231102 3913Token - 通货紧缩型代币攻击

#### 损失：~$31354 USD$

测试

```
forge test --contracts ./src/test/2023-11/3913_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[3913_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/3913_exp.sol)

##### 链接参考

https://defimon.xyz/attack/bsc/0x8163738d6610ca32f048ee9d30f4aa1ffdb3ca1eddf95c0eba086c3e936199ed

---

#### 20231101 OnyxProtocol - 精度损失漏洞

#### 损失：~$2M

测试

```
forge test --contracts ./src/test/2023-11/OnyxProtocol_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[OnyxProtocol_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/OnyxProtocol_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1719697319824851051
https://defimon.xyz/attack/mainnet/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635
https://twitter.com/DecurityHQ/status/1719657969925677161

---

#### 20231101 SwampFinance - 业务逻辑缺陷

#### 损失：不明确

测试

```
forge test --contracts ./src/test/2023-11/SwampFinance_exp.sol -vvv
```

##### 合约

[SwampFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-11/SwampFinance_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1720373044517208261

---

#### 20231031 UniBotRouter - 任意外部调用

#### 损失：~$83,944 USD$

测试

```
forge test --contracts ./src/test/2023-10/UniBot_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[UniBot_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/UniBot_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1719251390319796477

---

#### 20231030 LaEeb - 缺乏滑点保护

#### 损失：~1.8 WBNB

测试

```
forge test --contracts ./src/test/2023-10/LaEeb_exp.sol -vvv
```

##### 合约

[LaEeb_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/LaEeb_exp.sol)

##### 链接参考

https://x.com/MetaSec_xyz/status/1718964562165420076

---

#### 20231028 AstridProtocol - 业务逻辑缺陷

#### 损失：~$127ETH

测试

```
forge test --contracts ./src/test/2023-10/Astrid_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[Astrid_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/Astrid_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1718454835966775325

---

#### 20231024 MaestroRouter2 - 任意外部调用

#### 损失：~$280ETH

测试

```
forge test --contracts ./src/test/2023-10/MaestroRouter2_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[MaestroRouter2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/MaestroRouter2_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1717014871836098663

https://twitter.com/BeosinAlert/status/1717013965203804457

---

#### 20231022 OpenLeverage - 业务逻辑缺陷

#### 损失：~$8K

测试

```
forge test --contracts ./src/test/2023-10/OpenLeverage_exp.sol -vvv
```

##### 合约

[OpenLeverage_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/OpenLeverage_exp.sol)

##### 链接参考

https://defimon.xyz/exploit/bsc/0x5366c6ba729d9cf8d472500afc1a2976ac2fe9ff

---

#### 20231019 kTAF - CompoundV2 通货膨胀攻击

#### 损失：~$8K

测试

```
forge test --contracts ./src/test/2023-10/kTAF_exp.sol -vvv
```

##### 合约

[kTAF_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/kTAF_exp.sol)

##### 链接参考

https://defimon.xyz/attack/mainnet/0x325999373f1aae98db2d89662ff1afbe0c842736f7564d16a7b52bf5c777d3a4

---

#### 20231018 Hopelend - Div 精度损失

#### 损失：~$825K

测试

```
forge test --contracts ./src/test/2023-10/Hopelend_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[HopeLend_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/Hopelend_exp.sol)

##### 链接参考

https://twitter.com/immunefi/status/1722810650387517715

https://lunaray.medium.com/deep-dive-into-hopelend-hack-5962e8b55d3f

---

#### 20231018 MicDao - 价格操纵

#### 损失：~$13K

测试

```
forge test --contracts ./src/test/2023-10/MicDao_exp.sol -vvv
```

##### 合约

[MicDao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/MicDao_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1714677875427684544

https://twitter.com/ChainAegis/status/1714837519488205276

---

#### 20231013 BelugaDex - 价格操纵

#### 损失：~$175K

测试

```
forge test --contracts ./src/test/2023-10/BelugaDex_exp.sol -vvv
```

##### 合约

[BelugaDex_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/BelugaDex_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1712676040471105870

https://twitter.com/CertiKAlert/status/1712707006979613097

---

#### 20231013 WiseLending - 捐赠通货膨胀 ExchangeRate && 舍入误差

#### 损失：~$260K

测试

```
forge test --contracts ./src/test/2023-10/WiseLending_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[WiseLending_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/WiseLending_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1712841315522638034

https://twitter.com/BlockSecTeam/status/1712871304993689709

---

#### 20231012 Platypus - 业务逻辑缺陷

#### 损失：~$2M

测试

```
forge test --contracts ./src/test/2023-10/Platypus03_exp.sol -vvv
```

##### 合约

[Platypus03_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/Platypus03_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1712445197538468298

https://twitter.com/peckshield/status/1712354198246035562

---

#### 20231011 BH - 价格操纵

#### 损失：~$1.27M

测试

```
forge test --contracts ./src/test/2023-10/BH_exp.sol -vvv
```

##### 合约

[BH_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-10/BH_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1712139760813375973

https://twitter.com/DecurityHQ/status/1712118881425203350

---

#### 20231008 ZS - 业务逻辑缺陷

#### 损失：~$14K

测试

```
forge test --contracts ./src/test/202```markdown
#### 20230908 APIG - 业务逻辑缺陷

#### 损失：约 16.9 万美元

测试

```
forge test --contracts ./src/test/2023-09/APIG_exp.sol -vvv
```

##### 合约

[APIG_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/APIG_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1700128158647734745

---

#### 20230907 HCT - 价格操纵

#### 损失：约 30.5 BNB

测试

```
forge test --contracts ./src/test/2023-09/HCT_exp.sol -vvv
```

##### 合约

[HCT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HCT_exp.sol)

##### 链接参考

https://twitter.com/leovctech/status/1699775506785198499

---

#### 20230905 QuantumWN - Rebasing 逻辑问题

#### 损失：约 0.5 ETH

测试

```
forge test --contracts ./src/test/2023-09/QuantumWN_exp.sol -vvv
```

##### 合约

[QuantumWN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/QuantumWN_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 JumpFarm - Rebasing 逻辑问题

#### 损失：约 2.4 ETH

测试

```
forge test --contracts ./src/test/2023-09/JumpFarm_exp.sol -vvv
```

##### 合约

[JumpFarm_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/JumpFarm_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 HeavensGate - Rebasing 逻辑问题

#### 损失：约 8 ETH

测试

```
forge test --contracts ./src/test/2023-09/HeavensGate_exp.sol -vvv
```

##### 合约

[HeavensGate_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HeavensGate_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xe28ca1f43036f4768776805fb50906f8172f75eba3bf1d9866bcd64361fda834

---

#### 20230905 FloorDAO - Rebasing 逻辑问题

#### 损失：约 40 ETH

测试

```
forge test --contracts ./src/test/2023-09/FloorDAO_exp.sol -vvv
```

##### 合约

[FloorDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/FloorDAO_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1698962105058361392

https://medium.com/floordao/floor-post-mortem-incident-summary-september-5-2023-e054a2d5afa4

---

#### 20230902 DAppSocial - 业务逻辑缺陷

#### 损失：约 1.6 万美元

测试

```
forge test --contracts ./src/test/2023-09/DAppSocial_exp.sol -vvv
```

##### 合约

[DAppSocial_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/DAppSocial_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1698064511230464310

---

#### 20230829 EAC - 价格操纵

#### 损失：约 29 BNB

测试

```
forge test --contracts ./src/test/2023-08/EAC_exp.sol -vvv
```

##### 合约

[EAC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EAC_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1696520866564350157

---

#### 20230827 Balancer - 舍入误差 && 业务逻辑缺陷

#### 损失：约 200 万美元

测试

```
forge test --contracts ./src/test/2023-08/Balancer_exp.sol -vvv
```

##### 合约

[Balancer_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Balancer_exp.sol)

##### 链接参考

https://medium.com/balancer-protocol/rate-manipulation-in-balancer-boosted-pools-technical-postmortem-53db4b642492

https://blocksecteam.medium.com/yet-another-risk-posed-by-precision-loss-an-in-depth-analysis-of-the-recent-balancer-incident-fad93a3c75d4

---

#### 20230826 SVT - 有缺陷的价格计算

#### 损失：约 40 万美元

测试

```
forge test --contracts ./src/test/2023-08/SVT_exp.sol -vvv
```

##### 合约

[SVT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/SVT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1695285435671392504?s=20

---

#### 20230824 GSS - 提取 token 余额

#### 损失：约 2.5 万美元

测试

```
forge test --contracts ./src/test/2023-08/GSS_exp.sol -vvv
```

##### 合约

[GSS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/GSS_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1694571228185723099

---

#### 20230821 EHIVE - 业务逻辑缺陷

#### 损失：约 1.5 万美元

测试

```
forge test --contracts ./src/test/2023-08/EHIVE_exp.sol -vvv
```

##### 合约

[EHIVE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EHIVE_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1693636187485872583

---

#### 20230819 BTC20 - 价格操纵

#### 损失：约 18 ETH

测试

```
forge test --contracts ./src/test/2023-08/BTC20_exp.sol -vvv
```

##### 合约

[BTC20_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/BTC20_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1692924369662513472

---

#### 20230818 ExactlyProtocol - 验证不足

#### 损失：约 700 万美元

测试

```
forge test --contracts ./src/test/2023-08/Exactly_exp.sol -vvv
```

##### 合约

[Exactly_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Exactly_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1692533280971936059

https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed

---

#### 20230814 ZunamiProtocol - 价格操纵

#### 损失：约 200 万美元

测试

```
forge test --contracts ./src/test/2023-08/Zunami_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[Zunami_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Zunami_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1690877589005778945

https://twitter.com/BlockSecTeam/status/1690931111776358400

---

#### 20230809 EarningFram - 重入

#### 损失：约 28.6 万美元

测试

```
forge test --contracts ./src/test/2023-08/EarningFram_exp.sol -vvv
```

##### 合约

[EarningFram_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EarningFram_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1689182459269644288

---

#### 20230802 CurveBurner - 缺乏滑点保护

#### 损失：约 3.6 万美元

测试

```
forge test --contracts ./src/test/2023-08/CurveBurner_exp.sol -vvv
```

##### 合约

[CurveBurner_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/CurveBurner_exp.sol)

##### 链接参考

https://medium.com/@Hypernative/exotic-culinary-hypernative-systems-caught-a-unique-sandwich-attack-against-curve-finance-6d58c32e436b

---

#### 20230802 Uwerx - 错误逻辑

#### 损失：约 176 ETH

测试

```
forge test --contracts ./src/test/2023-08/Uwerx_exp.sol -vvv
```

##### 合约

[Uwerx_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Uwerx_exp.sol)

##### 链接参考

https://twitter.com/deeberiroz/status/1686683788795846657

https://twitter.com/CertiKAlert/status/1686667720920625152

https://etherscan.io/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8

---

#### 20230801 NeutraFinance - 价格操纵

#### 损失：约 23 ETH

测试

```
forge test --contracts ./src/test/2023-08/NeutraFinance_exp.sol -vvv
```

##### 合约

[NeutraFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/NeutraFinance_exp.sol)

##### 链接参考

https://twitter.com/phalcon_xyz/status/1686654241111429120

---

#### 20230801 LeetSwap - 访问控制

#### 损失：约 63 万美元

测试

```
forge test --contracts ./src/test/2023-08/Leetswap_exp.sol -vvv
```

##### 合约

[Leetswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Leetswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1686217464051539968

https://twitter.com/peckshield/status/1686209024587710464

---

#### 20230731 GYMNET - 验证不足

#### 损失：不明确

测试

```
forge test --contracts ./src/test/2023-07/GYMNET_exp.sol -vvv
```

##### 合约

[GYMNET_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/GYMNET_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1686605510655811584

---

#### 20230730 Curve - Vyper 编译器 Bug && 重入

#### 损失：约 4100 万美元

测试

```
forge test --contracts ./src/test/2023-07/Curve_exp01.sol -vvv
```

##### 合约

[Curve_exp01.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp01.sol) | [Curve_exp02.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp02.sol)

##### 链接参考

https://hackmd.io/@LlamaRisk/BJzSKHNjn

---

#### 20230726 Carson - 价格操纵

#### 损失：约 15 万美元

测试

```
forge test --contracts ./src/test/2023-07/Carson_exp.sol -vvv
```

##### 合约

[Carson_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Carson_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1684393202252402688

https://twitter.com/Phalcon_xyz/status/1684503154023448583

https://twitter.com/hexagate_/status/1684475526663004160

---

#### 20230724 Palmswap - 业务逻辑缺陷

#### 损失：约 90 万美元

测试

```
forge test --contracts ./src/test/2023-07/Palmswap_exp.sol -vvv
```

##### 合约

[Palmswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Palmswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1683680026766737408

---

#### 20230723 MintoFinance - 签名重放

#### 损失：约 9 千美元

测试

```
forge test --contracts ./src/test/2023-07/MintoFinance_exp.sol -vvv
```

##### 合约

[MintoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/MintoFinance_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1683180340548890631

---

#### 20230722 Conic Finance 02 - 价格操纵

#### 损失：约 93.4 万美元

测试

```
forge test --contracts ./src/test/2023-07/Conic02_exp.sol --evm-version 'shanghai' -vvv
```

##### 合约

[Conic02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic02_exp.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/spreekaway/status/1682467603518726144

---

#### 20230721 Conic Finance - 只读重入 && 错误配置

#### 损失：约 325 万美元

测试

```
forge test --contracts ./src/test/2023-07/Conic_exp.sol -vvv
```

##### 合约

[Conic_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp.sol)|[Conic_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp2.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/BlockSecTeam/status/1682356244299010049

---

#### 20230721 SUT - 业务逻辑缺陷

#### 损失：约 8 千美元

测试

```
forge test --contracts ./src/test/2023-07/SUT_exp.sol -vvv
```

##### 合约

[SUT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/SUT_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1682983956080377857

---

#### 20230720 Utopia - 业务逻辑缺陷

#### 损失：约 11.9 万美元

测试

```
forge test --contracts ./src/test/2023-07/Utopia_exp.sol -vvv
```

##### 合约

[Utopia_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Utopia_exp.sol)

##### 链接参考

https://twitter.com/DeDotFiSecurity/status/1681923729645871104

https://twitter.com/bulu4477/status/1682380542564769793

---

#### 20230720 FFIST - 业务逻辑缺陷

#### 损失：约 11 万美元

测试

```
forge test --contracts ./src/test/2023-07/FFIST_exp.sol -vvv
```

##### 合约

[FFIST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/FFIST_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1681869807698984961

https://twitter.com/AnciliaInc/status/1681901107940065280

---

#### 20230718 APEDAO - 业务逻辑缺陷

#### 损失：约 7 千美元

测试

```
forge test --contracts ./src/test/2023-07/ApeDAO_exp.sol -vvv
```

##### 合约

[ApeDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ApeDAO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681316257034035201

---

#### 20230718 BNO - 无效的紧急提款机制

#### 损失：约 50.5 万美元

测试

```
forge test --contracts ./src/test/2023-07/BNO_exp.sol -vvv
```

##### 合约

[BNO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/BNO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681116206663876610

---

#### 20230717 NewFi - 缺乏滑点保护

#### 损失：约 3.1 万美元

测试

```
forge test --contracts ./src/test/2023-07/NewFi_exp.sol -vvv
```

##### 合约

[NewFi_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/NewFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1680961588323557376

---

#### 20230715 USDTStakingContract28 - 缺乏访问控制

#### 损失：约 20999 美元

测试

```
forge test --contracts ./src/test/2023-07/USDTStakingContract28_exp.sol -vvv
```

##### 合约

[USDTStakingContract28_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/USDTStakingContract28_exp.sol)

##### 链接参考

https://x.com/DecurityHQ/status/1680117291013267456

---

#### 20230712 Platypus - 业务逻辑缺陷

#### 损失：约 5.1 万美元

测试

```
forge test --contracts ./src/test/2023-07/Platypus02_exp.sol -vvv
```

##### 合约

[Platypus02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Platypus02_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678800450303164431

---

#### 20230712 WGPT - 业务逻辑缺陷

#### 损失：约 8 万美元

测试

```
forge test --contracts ./src/test/2023-07/WGPT_exp.sol -vvv
```

##### 合约

[WGPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/WGPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1679042549946933248

https://twitter.com/BeosinAlert/status/1679028240982368261

---

#### 20230711 RodeoFinance - TWAP Oracle 操纵

#### 损失：约 88.8 万美元

测试

```
forge test --contracts ./src/test/2023-07/RodeoFinance_exp.sol -vvv
```

##### 合约

[RodeoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/RodeoFinance_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678765773396008967

https://twitter.com/peckshield/status/1678700465587130368

https://medium.com/@Rodeo_Finance/rodeo-post-mortem-overview-f35635c14101

---

#### 20230711 Libertify - 重入

#### 损失：约 45.2 万美元

测试

```
forge test --contracts ./src/test/2023-07/Libertify_exp.sol -vvv
```

##### 合约

[Libertify_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Libertify_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678688731908411393

https://twitter.com/Phalcon_xyz/status/1678694679767031809

---

#### 20230710 ArcadiaFi - 重入

#### 损失：约 40 万美元

测试

```
forge test --contracts ./src/test/2023-07/ArcadiaFi_exp.sol -vvv
```

##### 合约

[ArcadiaFi_exp.so](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ArcadiaFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678250590709899264

https://twitter.com/peckshield/status/1678265212770693121

---

#### 20230708 CIVNFT - 缺乏访问控制

#### 损失：约 18 万美元

测试

```
forge test --contracts ./src/test/2023-07/CIVNFT_exp.sol -vvv
```

##### 合约

[CIVNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/CIVNFT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1677722208893022210

https://news.civfund.org/civtrade-hack-analysis-9a2398a6bc2e

https://blog.solidityscan.com/civnft-hack-analysis-4ee79b8c33d1

---

#### 20230708 Civfund - 缺乏访问控制

#### 损失：约 16.5 万美元

测试

```
forge test --contracts ./src/test/2023-07/Civfund_exp.sol -vvv
```

##### 合约

[Civfund_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Civfund_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1677529544062803969

https://twitter.com/BeosinAlert/status/1677548773269213184

---

#### 20230707 LUSD - 价格操纵攻击

#### 损失：约 9464 USDT

测试

```
forge test --contracts ./src/test/2023-07/LUSD_exp.sol -vvv
```

##### 合约

[LUSD_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2023-07/LUSD_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1677391242878140417

---

#### 20230704 BambooIA - 价格操纵攻击

#### 损失：约 200 BNB

测试

```
forge test --contracts ./src/test/2023-07/Bamboo_exp.sol -vvv
```

##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bamboo_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1676220090142916611

https://twitter.com/eugenioclrc

---

#### 20230704 BaoCommunity - 捐赠通货膨胀汇率 && 舍入误差

#### 损失：约 4.6 万美元

测试

```
forge test --contracts ./src/test/2023-07/bao_exp.sol -vvv
```

##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bao_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1676224397248454657

---

#### 20230703 AzukiDAO - 无效的签名验证

#### 损失：约 6.9 万美元

测试

```
forge test --contracts ./src/test/2023-07/AzukiDAO_exp.sol -vvv
```

##### 合约

[AzukiDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/AzukiDAO_exp.sol)

##### 链接参考

https://twitter.com/sharkteamorg/status/1676892088930271232

---

#### 20230630 Biswap - V3Migrator 利用

#### 损失：约 7.2 万美元

测试

```
forge test --contracts ./src/test/2023-06/Biswap_exp.sol -vvv
```

##### 合约

[Biswap_exp.sol](https://github.com/Sun#### 20230615 CFC - Uniswap Skim() token balance attack （Uniswap Skim() token 余额攻击）

#### 损失：~$1.6万

测试

```
forge test --contracts ./src/test/2023-06/CFC_exp.sol -vvv
```

##### 合约

[CFC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CFC_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1669280632738906113

---

#### 20230615 DEPUSDT_LEVUSDC - 不正确的访问控制

#### 损失：~$10.5万

测试

```
forge test --contracts ./src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol -vvv
```

##### 合约

[DEPUSDT_LEVUSDC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1669278694744150016?cxt=HHwWgMDS9Z2IvKouAAAA

---

#### 20230612 Sturdy Finance - 只读重入 (Read-Only-Reentrancy)

#### 损失：~$80万

测试

```
forge test --contracts ./src/test/2023-06/Sturdy_exp.sol -vvv
```

##### 合约

[Sturdy_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Sturdy_exp.sol)

##### 链接参考

https://sturdyfinance.medium.com/exploit-post-mortem-49261493307a

https://twitter.com/AnciliaInc/status/1668081008615325698

https://twitter.com/BlockSecTeam/status/1668084629654638592

---

#### 20230611 SellToken04 - 价格操纵

#### 损失：~$10.9万

测试

```
forge test --contracts ./src/test/2023-06/SELLC03_exp.sol -vvv
```

##### 合约

[SELLC03_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/SELLC03_exp.sol)

##### 链接参考

https://twitter.com/EoceneSecurity/status/1668468933723328513

---

#### 20230607 CompounderFinance - 通过可交换资产数量的波动来操纵资金

#### 损失：~$27,174

Testing

```
forge test --contracts ./src/test/2023-06/CompounderFinance_exp.sol -vvv
```

##### Contract

[CompounderFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CompounderFinance_exp.sol)

##### Link Reference

https://twitter.com/numencyber/status/1666346419702362112

---

#### 20230606 VINU - 价格操纵

#### 损失：~$6千

测试

```
forge test --contracts ./src/test/2023-06/VINU_exp.sol -vvv
```

##### 合约

[VINU_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/VINU_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1666051854386511873?cxt=HHwWgoC24bPVgJ8uAAAA

---

#### 20230606 UN - 价格操纵

#### 损失：~$2.6万

测试

```
forge test --contracts ./src/test/2023-06/UN_exp.sol -vvv
```

##### 合约

[UN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/UN_exp.sol)

##### 链接参考

https://twitter.com/MetaTrustAlert/status/1667041877428932608

---

#### 20230602 NST Simple Swap - 未验证的合约，错误的授权

#### 损失：$4万

这次攻击在一个单独的交易中执行，导致从 swap 合约中盗取了价值 $40,000 美元的 USDT。

```
forge test --contracts ./src/test/2023-06/NST_exp.sol -vvv
```

##### 合约

[NST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/NST_exp.sol)

##### 链接参考

https://discord.com/channels/1100129537603407972/1100129538056396870/1114142216923926528

---

#### 20230601 DDCoin - 闪电贷攻击和智能合约漏洞

#### 损失：~$30万

测试

```
forge test --contracts ./src/test/2023-06/DDCoin_exp.sol -vvv
```

##### 合约

[DDCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DDCoin_exp.sol)

##### 链接参考

https://twitter.com/ImmuneBytes/status/1664239580210495489
https://twitter.com/ChainAegis/status/1664192344726581255?cxt=HHwWjsDRldmHs5guAAAA

---

#### 20230601 Cellframenet - 流动性迁移期间的计算问题

#### 损失：~$7.6万

测试

```
forge test --contracts ./src/test/2023-06/Cellframe_exp.sol -vvv
```

##### 合约

[Cellframe_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Cellframe_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1664132985883615235?cxt=HHwWhoDTqceImJguAAAA

---

#### 20230531 ERC20TokenBank - 价格操纵

#### 损失：~$11.1万

测试

```
forge test --contracts ./src/test/2023-05/ERC20TokenBank_exp.sol -vvv
```

##### 合约

[ERC20TokenBank.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/ERC20TokenBank_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1663810037788311561

---

#### 20230529 Jimbo - 协议特定价格操纵

#### 损失：~$800万

测试

```
forge test --contracts ./src/test/2023-05/Jimbo_exp.sol -vvv
```

##### 合约

[Jimbo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Jimbo_exp.sol)

##### 链接参考

https://twitter.com/cryptofishx/status/1662888991446941697

https://twitter.com/yicunhui2/status/1663793958781353985

---

#### 20230529 BabyDogeCoin - 缺乏滑点保护

#### 损失：~$13.5万

测试

```
forge test --contracts ./src/test/2023-05/BabyDogeCoin_exp.sol -vvv
```

##### 合约

[BabyDogeCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/BabyDogeCoin_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1662744426475831298

---

#### 20230529 FAPEN - 错误的余额检查

#### 损失：~$600

测试

```
forge test --contracts ./src/test/2023-05/FAPEN_exp.sol -vvv
```

##### 合约

[FAPEN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/FAPEN_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501550600302601

---

#### 20230529 NOON (NO) - 函数中错误的可见性

#### 损失：~$2千

测试

```
forge test --contracts ./src/test/2023-05/NOON_exp.sol -vvv
```

##### 合约

[NOON_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NOON_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501545105702912

---

#### 20230525 GPT Token - 手续费机制漏洞 (Fee Machenism Exploitation)

#### 损失：~$4.2万

测试

```
forge test --contracts ./src/test/2023-05/GPT_exp.sol -vvv
```

##### 合约

[GPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/GPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1661424685320634368

---

#### 20230524 Local Trade LCT - 闭源合约的不正确访问控制

#### 损失：~384 BNB

测试

```
forge test --contracts ./src/test/2023-05/LocalTrader_exp.sol -vvv
```

##### 合约

[LocalTrader_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader_exp.sol) | [LocalTrader2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader2_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1661213691893944320

---

#### 20230524 CS Token - 过时的全局变量

#### 损失：~71.4万美元

测试

```
forge test --contracts ./src/test/2023-05/CS_exp.sol -vvv
```

##### 合约

[CS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/CS_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1661098394130198528

https://twitter.com/numencyber/status/1661207123102167041

---

#### 20230523 LFI Token - 业务逻辑缺陷

#### 损失：~3.6万美元

测试

```
forge test --contracts ./src/test/2023-05/LFI_exp.sol -vvv
```

##### 合约

[LFI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LFI_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1660767088699666433

---

#### 20230514 landNFT - 缺乏权限控制

#### 损失：149,616 $BUSD

测试

```
forge test --contracts ./src/test/2023-05/landNFT_exp.sol -vvv
```

##### 合约

[landNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/landNFT_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1658000784943124480

---

#### 20230514 SellToken03 - 未经检查的用户输入

#### 损失：不明确

测试

```
forge test --contracts ./src/test/2023-05/SELLC02_exp.sol -vvv
```

##### 合约

[SELLC02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC02_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657715018908180480

---

#### 20230513 Bitpaidio - 业务逻辑缺陷

#### 损失：~$3万

测试

```
forge test --contracts ./src/test/2023-05/Bitpaidio_exp.sol -vvv
```

##### 合约

[Bitpaidio_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Bitpaidio_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657411284076478465

---

#### 20230512 LW - 闪电贷价格操纵

#### 损失：~$5万

测试

```
forge test --contracts ./src/test/2023-05/LW_exp.sol -vvv
```

##### 合约

[LW_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LW_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1656850634312925184

https://twitter.com/hexagate_/status/1657051084131639296

---

#### 20230513 SellToken02 - 价格操纵

#### 损失：~$19.7万

测试

```
forge test --contracts ./src/test/2023-05/SellToken_exp.sol -vvv
```

##### 合约

[SellToken_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SellToken_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657324561577435136

---

#### 20230511 SellToken01 - 业务逻辑缺陷

#### 损失：~$9.5万

测试

```
forge test --contracts ./src/test/2023-05/SELLC_exp.sol -vvv
```

##### 合约

[SELLC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1656337400329834496

https://twitter.com/AnciliaInc/status/1656341587054702598

---

#### 20230510 SNK - 奖励计算错误

#### 损失：~$19.7万

测试

```
forge test --contracts ./src/test/2023-05/SNK_exp.sol -vvv
```

##### 合约

[SNK_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SNK_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1656176776425644032

---

#### 20230509 MCC - 反射 token (Reflection token)

#### 损失：~$10 ETH

测试

```
forge test --contracts ./src/test/2023-05/MultiChainCapital_exp.sol -vvv
```

##### 合约

[MultiChainCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/MultiChainCapital_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1655846558762692608

---

#### 20230509 HODL - 反射 token (Reflection token)

#### 损失：~$2.3 ETH

测试

```
forge test --contracts ./src/test/2023-05/HODLCapital_exp.sol -vvv
```

##### 合约

[HODLCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/HODLCapital_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xedc214a62ff6fd764200ddaa8ceae54f842279eadab80900be5f29d0b75212df

https://x.com/numencyber/status/1655825767392247808

---

#### 20230506 Melo - 访问控制

#### 损失：~$9万

测试

```
forge test --contracts ./src/test/2023-05/Melo_exp.sol -vvv
```

##### 合约

[Melo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Melo_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1654667621139349505

---

#### 20230505 DEI - 错误的实现

##### 损失：~540万美元 USDC

测试

```
forge test --contracts ./src/test/2023-05/DEI_exp.sol -vvv
```

##### 合约

[DEI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/DEI_exp.sol)

##### 链接参考

https://twitter.com/eugenioclrc/status/1654576296507088906

---

#### 20230503 NeverFall - 价格操纵

#### 损失：~7.4万

测试

```
forge test --contracts ./src/test/2023-05/NeverFall_exp.sol -vvv
```

##### 合约

[NeverFall_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NeverFall_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1653619782317662211

---

#### 20230502 Level - 业务逻辑缺陷

#### 损失：~$100万

测试

```
forge test --contracts ./src/test/2023-05/Level_exp.sol -vvv
```

##### 合约

[Level_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Level_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1653149493133729794

https://twitter.com/BlockSecTeam/status/1653267431127920641

---

#### 20230428 0vix - 闪电贷价格操纵

#### 损失：~$200万

测试

```
forge test --contracts ./src/test/2023-04/0vix_exp.sol -vvv
```

##### 合约

[0vix_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/0vix_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1651932529874853888

https://twitter.com/peckshield/status/1651923235603361793

https://twitter.com/Mudit__Gupta/status/1651958883634536448

---

#### 20230427 Silo finance - 业务逻辑缺陷

#### 损失：无

测试

```
forge test --contracts ./src/test/2023-04/silo_finance_exp.sol -vvv
```

##### 合约

[silo_finance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/silo_finance_exp.sol)

##### 链接参考

https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a

---

#### 20230424 Axioma - 业务逻辑缺陷

#### 损失：~21 WBNB

测试

```
forge test --contracts ./src/test/2023-04/Axioma_exp.sol -vvv
```

##### 合约

[Axioma_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Axioma_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1650382589847302145

---

#### 20230419 OLIFE - 反射 token (Reflection token)

#### 损失：~32 WBNB

测试

```
forge test --contracts ./src/test/2023-04/OLIFE_exp.sol -vvv
```

##### 合约

[OLIFE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/OLIFE_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1648520494516420608

---

#### 20230416 Swapos V2 - 错误的 k 值攻击

#### 损失：~$46.8万

测试

```
forge test --contracts ./src/test/2023-04/Swapos_exp.sol -vvv
```

##### 合约

[Swapos_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Swapos_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1647530789947469825

https://twitter.com/BeosinAlert/status/1647552192243728385

---

#### 20230415 HundredFinance - 捐赠通货膨胀汇率 (Donate Inflation ExchangeRate) && 舍入误差 (Rounding Error)

#### 损失：$700万

测试

```
forge test --contracts ./src/test/2023-04/HundredFinance_2_exp.sol -vvv
```

##### 合约

[HundredFinance_2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/HundredFinance_2_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1647307128267476992

https://twitter.com/danielvf/status/1647329491788677121

https://twitter.com/hexagate_/status/1647334970258608131

https://blog.hundred.finance/15-04-23-hundred-finance-hack-post-mortem-d895b618cf33

---

#### 20230413 yearnFinance - 错误配置

#### 损失：$1160万

测试

```
forge test --contracts ./src/test/2023-04/YearnFinance_exp.sol -vvv
```

##### 合约

[YearnFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/YearnFinance_exp.sol)

##### 链接参考

https://twitter.com/cmichelio/status/1646422861219807233

https://twitter.com/BeosinAlert/status/1646481687445114881

---

#### 20230412 MetaPoint - 不受限制的授权

#### 损失：$82万(2500BNB)

测试

```
forge test --contracts ./src/test/2023-04/MetaPoint_exp.sol -vvv
```

##### 合约

[MetaPoint_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/MetaPoint_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1645980197987192833

https://twitter.com/Phalcon_xyz/status/1645963327502204929

---

#### 20230411 Paribus - 重入

#### 损失：$10万

测试

```
forge test --contracts ./src/test/2023-04/Paribus_exp.sol -vvv
```

##### 合约

[Paribus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Paribus_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1645742620897955842

https://twitter.com/BlockSecTeam/status/1645744655357575170

https://twitter.com/peckshield/status/1645742296904929280

---

#### 20230409 SushiSwap - 未经检查的用户输入

#### 损失：>$330万

测试

```
forge test --contracts ./src/test/2023-04/Sushi_Router_exp.sol -vvv
```

##### 合约

[Sushi_Router_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sushi_Router_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1644907207530774530

https://twitter.com/SlowMist_Team/status/1644936375924584449

https://twitter.com/AnciliaInc/status/1644925421006520320

---

#### 20230405 Sentiment - 只读重入 (Read-Only-Reentrancy)

#### 损失：$100万

测试

```
forge test --contracts ./src/test/2023-04/Sentiment_exp.sol -vvv
```

##### 合约

[Sentiment_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sentiment_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1643417467879059456

https://twitter.com/spreekaway/status/1643313471180644360

https://medium.com/coinmonks/theoretical-practical-balancer-and-read-only-reentrancy-part-1-d6a21792066c

---

#### 20230402 Allbridge - 闪电贷价格操纵

#### 损失：$55万

测试

```
forge test --contracts ./src/test/2023-04/Allbridge_exp.sol -vvv
```

##### 合约

[Allbrideg_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp.sol) | [Allbrideg_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp2.sol)

##### 链接参考

https://twitter.com/peckshield/status/1642356701100916736

https://twitter.com/BeosinAlert/status/1642372700726505473

---

#### 20230328 SafeMoon Hack - 访问控制

#### 损失：$890万

测试

```
forge test --contracts ./src/test/2023-03/safeMoon_exp.sol -vvv
```

##### 合约

[safeMoon_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-03/safeMoon_exp.sol)

##### 链接参考

https://twitter.com/zokyo_io/status/164101452[DYNA_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/DYNA_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1628319536117153794

https://twitter.com/BeosinAlert/status/1628301635834486784

---

#### 20230218 - RevertFinance - 任意外部调用漏洞

#### 损失: ~$3万

测试

```
forge test --contracts ./src/test/2023-02/RevertFinance_exp.sol -vvv
```

##### 合约

[RevertFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/RevertFinance_exp.sol)

##### 链接参考

https://mirror.xyz/revertfinance.eth/3sdpQ3v9vEKiOjaHXUi3TdEfhleAXXlAEWeODrRHJtU

---

#### 20230217 - Starlink - 业务逻辑缺陷

#### 损失: ~$1.2万

测试

```
forge test --contracts ./src/test/2023-02/Starlink_exp.sol -vvv
```

##### 合约

[Starlink_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Starlink_exp.sol)

##### 链接参考

https://twitter.com/NumenAlert/status/1626447469361102850

https://twitter.com/bbbb/status/1626392605264351235

---

#### 20230217 - Dexible - 任意外部调用漏洞

#### 损失: ~$150万

测试

```
forge test --contracts src/test/2023-02/Dexible_exp.sol -vvv
```

##### 合约

[Dexible_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Dexible_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626493024879673344

https://twitter.com/MevRefund/status/1626450002254958592

---

#### 20230217 - Platypusdefi - 业务逻辑缺陷

#### 损失: ~$850万

测试

```
forge test --contracts src/test/2023-02/Platypus_exp.sol -vvv
```

##### 合约

[Platypus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Platypus_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626367531480125440

https://twitter.com/spreekaway/status/1626319585040338953

---

#### 20230210 - Sheep - 反射代币

#### 损失: ~$3千

测试

```
forge test --contracts src/test/2023-02/Sheep_exp.sol -vvv
```

##### 合约

[Sheep_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Sheep_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1623999717482045440

https://twitter.com/BlockSecTeam/status/1624077078852210691

---

#### 20230210 - dForce - 只读重入

#### 损失: ~$365万

测试

```
forge test --contracts ./src/test/2023-02/dForce_exp.sol -vvv
```

##### 合约

[dForce_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/dForce_exp.sol)

##### 链接参考

https://twitter.com/SlowMist_Team/status/1623956763598000129

https://twitter.com/BlockSecTeam/status/1623901011680333824

https://twitter.com/peckshield/status/1623910257033617408

---

#### 20230207 - CowSwap - 任意外部调用漏洞

#### 损失: ~$12万

测试

```
forge test --contracts ./src/test/2023-02/CowSwap_exp.sol -vvv
```

##### 合约

[CowSwap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/CowSwap_exp.sol)

##### 链接参考

https://twitter.com/MevRefund/status/1622793836291407873

https://twitter.com/peckshield/status/1622801412727148544

---

#### 20230206 - FDP - 反射代币

#### 损失: ~16 WBNB

测试

```
forge test --contracts src/test/2023-02/FDP_exp.sol -vv
```

##### 合约

[FDP_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/FDP_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1622806011269771266

---

#### 20230203 - Spherax USDs - 余额重新计算错误

#### 损失: ~30.9万 USDs (稳定币)

测试

```
forge test --contracts ./src/test/2023-02/USDs_exp.sol -vv
```

##### 合约

[USDs_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/USDs_exp.sol)

##### 链接参考

https://twitter.com/danielvf/status/1621965412832350208

https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c

---

#### 20230203 - Orion Protocol - 重入

#### 损失: $300万

测试

```
forge test --contracts ./src/test/2023-02/Orion_exp.sol -vvv
```

##### 合约

[Orion_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Orion_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1621337925228306433

https://twitter.com/BlockSecTeam/status/1621263393054420992

https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/

---

#### 20230202 - BonqDAO - 价格预言机操纵

#### 损失: BEUR 稳定币和 ALBT 代币 (~8800万美元)

测试

```
forge test --contracts ./src/test/2023-02/BonqDAO_exp.sol -vv
```

##### 合约

[BonqDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/BonqDAO_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1621043757390123008

https://twitter.com/SlowMist_Team/status/1621087651158966274

---

#### 20230130 - BEVO - 反射代币

#### 损失: 144 BNB

测试

```sh
forge test --contracts ./src/test/2023-01/BEVO_exp.sol -vvv
```

##### 合约

[BEVO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/BEVO_exp.sol)

##### 链接参考

https://twitter.com/QuillAudits/status/1620377951836708865

---

#### 20230126 - TINU - 反射代币

#### 损失: 22 ETH

测试

```sh
forge test --contracts ./src/test/2023-01/TINU_exp.sol -vv
```

##### 合约

[TINU_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/TINU_exp.sol)

##### 链接参考

https://twitter.com/libevm/status/1618718156343873536

---

#### 20230119 - SHOCO - 反射代币

#### 损失: ~4ETH

测试

```sh
forge test --contracts ./src/test/2023-01/SHOCO_exp.sol -vvvgit
```

##### 合约

[SHOCO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/SHOCO_exp.sol)

##### 链接参考

https://github.com/Autosaida/DeFiHackAnalysis/blob/master/analysis/230119_SHOCO.md

---

#### 20230119 - ThoreumFinance - 业务逻辑缺陷

#### 损失: ~2000 BNB

测试

```sh
forge test --contracts ./src/test/2023-01/ThoreumFinance_exp.sol -vvv
```

##### 合约

[ThoreumFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/ThoreumFinance_exp.sol)

##### 链接参考

https://bscscan.com/tx/0x3fe3a1883f0ae263a260f7d3e9b462468f4f83c2c88bb89d1dee5d7d24262b51
https://twitter.com/AnciliaInc/status/1615944396134043648

---

#### 20230118 - QTNToken - 业务逻辑缺陷

#### 损失: ~2ETH

测试

```sh
forge test --contracts ./src/test/2023-01/QTN_exp.sol -vvv
```

##### 合约

[QTN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/QTN_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1615625901739511809

---

#### 20230118 - UPSToken - 业务逻辑缺陷

#### 损失: ~22 ETH

测试

```sh
forge test --contracts ./src/test/2023-01/Upswing_exp.sol -vvv
```

##### 合约

[Upswing_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/Upswing_exp.sol)

##### 链接参考

https://etherscan.io/tx/0x4b3df6e9c68ae482c71a02832f7f599ff58ff877ec05fed0abd95b31d2d7d912
https://twitter.com/QuillAudits/status/1615634917802807297

---

#### 20230117 - OmniEstate - 无输入参数检查

#### 损失: $7万 (236 BNB)

测试

```sh
forge test --contracts ./src/test/2023-01/OmniEstate_exp.sol -vvv
```

##### 合约

[OmniEstate_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/OmniEstate_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1615232012834705408

---

#### 20230116 - MidasCapital - 只读重入

#### 损失: $65万

测试

```sh
forge test --contracts ./src/test/2023-01/Midas_exp.sol -vvv
```

##### 合约

[Midas_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/Midas_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1614774855999844352

https://twitter.com/BlockSecTeam/status/1614864084956254209

---

#### 20230111 - UFDao - 不正确的参数设置

#### 损失: $9万

测试

```sh
forge test --contracts ./src/test/2023-01/UFDao_exp.sol -vvv
```

##### 合约

[UFDao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/UFDao_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1613507804412940289

---

#### 20230111 - RoeFinance - 闪电贷价格操纵

#### 损失: $8万

测试

```sh
forge test --contracts ./src/test/2023-01/RoeFinance_exp.sol -vvv
```

##### 合约

[RoeFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/RoeFinance_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1613267000913960976

---

#### 20230110 - BRA - 业务逻辑缺陷

#### 损失: 819 BNB (~22.4万美元)

测试

```sh
forge test --contracts ./src/test/2023-01/BRA_exp.sol -vvv
```

##### 合约

[BRA_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/BRA_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1612674916070858753

https://twitter.com/BlockSecTeam/status/1612701106982862849

---

#### 20230103 - GDS - 业务逻辑缺陷

#### 损失: $18万

测试

```sh
forge test --contracts ./src/test/2023-01/GDS_exp.sol -vvv
```

##### 合约

[GDS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-01/GDS_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1610095490368180224

https://twitter.com/BlockSecTeam/status/1610167174978760704

>- 原文链接： [github.com/SunWeb3Sec/De...](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/2023/README.md)
>- 登链社区 AI 助手，为大家转译优秀英文文章，如有翻译不通的地方，还请包涵～

DeFi 黑客复现 - Foundry

2023 - 过去的 DeFi 事件列表

包括 214 起事件。

20231231 Channels BUSD&USDC

20231230 ChannelsFinance

20231228 CCV

20231228 DominoTT

20231225 Telcoin

20231222 PineProtocol

20231220 TransitFinance

20231217 Bob

20231217 FloorProtocol

20231211 GoodCompound

20231209 BCT

20231207 HNet

20231206 TIME

20231206 ElephantStatus

20231205 MAMO

20231205 BEARNDAO

20231202 bZxProtocol

20231201 UnverifiedContr_0x431abb

20231130 EEE

20231130 CAROLProtocol

20231117 Token8633_9419

20231106 TheStandard_io

20231106 KR

20231102 BRAND

20231102 3913Token

20231101 SwampFinance

20231101 OnyxProtocol

20231031 UniBotRouter

20231030 LaEeb

20231028 AstridProtocol

20231024 MaestroRouter2

20231022 OpenLeverage

20230930 FireBirdPair

20230818 ExactlyProtocol

20230814 ZunamiProtocol

20230809 EarningFram

20230802 CurveBurner

20230802 Uwerx

20230801 NeutraFinance

20230723 MintoFinance

20230722 ConicFinance02

20230721 ConicFinance

20230715 USDTStakingContract28

20230712 Platypus

20230712 WGPT

20230711 RodeoFinance

20230704 BaoCommunity

20230627 UnverifiedContr_9ad32

20230627 STRAC

20230623 SHIDO

20230621 BabyDogeCoin02

20230621 BUNN

20230620 MIM

20230619 Contract_0x7657

20230618 ARA

20230617 MidasCapitalXYZ

20230617 Pawnfi

20230615 CFC

20230615 DEPUSDT_LEVUSDC

20230612 Sturdy Finance

20230611 SellToken04

20230607 CompounderFinance

20230606 VINU

20230606 UN

20230602 NST SimpleSwap

20230601 DDCoin

20230601 Cellframenet

20230531 ERC20TokenBank

20230529 Jimbo

20230529 BabyDogeCoin

20230415 HundredFinance

20230413 yearnFinance

20230328 SafeMoon Hack

20230328 THENA

20230325 DBW

20230322 BIGFI

20230317 ParaSpace NFT

20230315 Poolz

20230313 EulerFinance

20230218 RevertFinance

20230217 Starlink

20230217 Dexible

20230217 Platypusdefi

20230203 Orion Protocol

20230203 Spherax USDs

20230202 BonqDAO

20230130 BEVO

20230126 TomInu Token

20230119 SHOCO Token

20230119 ThoreumFinance

20230118 QTN Token

20230118 UPS Token

20230117 OmniEstate

20230116 MidasCapital

20231231 Channels - 价格操纵

损失：约 $4.4K

forge test --contracts ./src/test/2023-12/Channels_exp.sol -vvv --evm-version shanghai

合约

Channels_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0xcf729a9392b0960cd315d7d49f53640f000ca6b8a0bd91866af5821fdf36afc5

20231230 ChannelsFinance - CompoundV2 膨胀攻击

损失：约 320K

forge test --contracts src/test/2023-12/ChannelsFinance_exp.sol -vvv

合约

ChannelsFinance_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1741353303542501455

20231228 CCV - 精度损失

损失：约 3.2K $BUSD

forge test --contracts src/test/2023-12/CCV_exp.sol -vvv

合约

CCV_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x6ba4152db9da45f5751f2c083bf77d4b3385373d5660c51fe2e4382718afd9b4

20231228 DominoTT - 精度损失

损失：约 5 $WBNB

forge test --contracts src/test/2023-12/DominoTT_exp.sol -vvv

合约

DominoTT_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x1ee617cd739b1afcc673a180e60b9a32ad3ba856226a68e8748d58fcccc877a8

20231225 Telcoin - 存储冲突

损失：约 1,24M

forge test --contracts ./src/test/2023-12/Telcoin_exp.sol -vvv

合约

Telcoin_exp.sol

链接参考

https://blocksec.com/phalcon/blog/telcoin-security-incident-in-depth-analysis

https://hacked.slowmist.io/?c=&page=2

20231222 PineProtocol - 业务逻辑缺陷

损失：约 90k

forge test --contracts ./src/test/2023-12/PineProtocol_exp.sol -vvv

合约

PineProtocol_exp.sol

链接参考##### 链接参考

https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure

20231206 ElephantStatus - 价格操纵

损失：~$165k

测试

forge test --contracts ./src/test/2023-12/ElephantStatus_exp.sol -vvv

合约

ElephantStatus_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1732354930529435940

20231205 MAMO - 价格操纵

损失：~$3.3K

forge test --contracts ./src/test/2023-12/MAMO_exp.sol -vvv --evm-version shanghai

合约

MAMO_exp.sol

链接参考

https://bscscan.com/tx/0x189a8dc1e0fea34fd7f5fa78c6e9bdf099a8d575ff5c557fa30d90c6acd0b29f

20231205 BEARNDAO - 业务逻辑缺陷

损失：~$769k

测试

forge test --contracts ./src/test/2023-12/BEARNDAO_exp.sol -vvv

合约

BEARNDAO_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1732159377749180646

20231202 bZxProtocol - 通货膨胀攻击

损失：~$208k

测试

forge test --contracts ./src/test/2023-12/bZx_exp.sol -vvv

合约

bZx_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730811240942088263

20231201 UnverifiedContr_0x431abb - 业务逻辑缺陷

损失：~$500k

测试

forge test --contracts ./src/test/2023-12/UnverifiedContr_0x431abb_exp.sol -vvv

合约

UnverifiedContr_0x431abb_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1730625352953901123

20231130 EEE - 价格操纵

损失：~$22.8K

forge test --contracts ./src/test/2023-11/EEE_exp.sol -vvv --evm-version shanghai

合约

EEE_exp.sol

链接参考

https://bscscan.com/tx/0x7312d9f9c13fc69f00f58e92a112a3e7f036ced7e65f7e0fa67382488d5557dc

20231130 CAROLProtocol - 通过重入进行价格操纵

损失：~$53k

测试

forge test --contracts ./src/test/2023-11/CAROLProtocol_exp.sol -vvv

合约

CAROLProtocol_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730496513359647167

20231129 Burntbubba - 价格操纵

损失：~$3K

测试

forge test --contracts src/test/2023-11/Burntbubba_exp.sol -vvv

合约

Burntbubba_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730044259087315046

20231129 AIS - 验证不足

损失：~$61k

测试

forge test --contracts ./src/test/2023-11/AIS_exp.sol -vvv

合约

AIS_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1729861048004391306

20231128 FiberRouter - 输入验证

损失：18 eth

测试

forge test --contracts ./src/test/2023-11/FiberRouter_exp.sol -vvv

合约

FiberRouter_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1729323254610002277

20231125 MetaLend - CompoundV2 通货膨胀攻击

损失：~$4K

测试

forge test --contracts src/test/2023-11/MetaLend_exp.sol -vvv

合约

MetaLend_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1728424965257691173

20231125 TheNFTV2 - 逻辑缺陷

损失：~$19K

测试

forge test --contracts ./src/test/2023-11/TheNFTV2_exp.sol -vvv

合约

TheNFTV2_exp.sol

链接参考

https://x.com/MetaTrustAlert/status/1728616715825848377

20231122 KyberSwap - 精度损失

损失：~$48M

攻击分布在 6 个链和 17 个交易中。

每笔交易都以 KyberSwap elastic CLAMM 中的最多 5 个池为目标并耗尽。

测试

所有池的攻击都遵循与第一个相同的方案：

forge test --contracts ./src/test/2023-11/KyberSwap_exp.eth.1.sol -vvv

合约

KyberSwap_exp.eth.1.sol

链接参考

快速分析。

深入分析。

交易列表。

20231117 Token8633_9419 - 价格操纵

损失：~$52K

测试

forge test --contracts ./src/test/2023-11/Token8633_9419_exp.sol -vvv

合约

Token8633_9419_exp.sol

20231117 ShibaToken - 业务逻辑缺陷

损失：~$31K

测试

forge test --contracts ./src/test/2023-11/ShibaToken_exp.sol -vvv

合约

ShibaToken_exp.sol

20231116 WECO - 业务逻辑缺陷

损失：~$18K

测试

forge test --contracts ./src/test/2023-11/WECO_exp.sol -vvv

合约

WECO_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1725311048625041887

20231115 EHX - 缺乏滑点控制

损失：不明确

测试

forge test --contracts ./src/test/2023-11/EHX_exp.sol -vvv

合约

EHX_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1724691996638618086

20231115 XAI - 业务逻辑缺陷

损失：不明确

测试

forge test --contracts src/test/2023-11/XAI_exp.sol -vvv

合约

XAI_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1724683082064855455

20231115 LinkDAO - 错误的 `K` 值验证

损失：~$30K

测试

forge test --contracts ./src/test/2023-11/LinkDao_exp.sol -vvv

合约

LinkDao_exp.sol

链接参考

https://x.com/phalcon_xyz/status/1725058908144746992

20231114 OKC 项目 - 即时奖励，已解锁

损失：~$6268

测试

forge test --contracts ./src/test/2023-11/OKC_exp.sol -vvv

合约

OKC_exp.sol

链接参考

https://lunaray.medium.com/okc-project-hack-analysis-0907312f519b

20231112 MEVBot_0x8c2d - 缺乏访问控制

损失：~$365K

测试

forge test --contracts ./src/test/2023-11/MEV_0x8c2d_exp.sol -vvv

合约

MEV_0x8c2d_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723897569661657553

20231112 MEVBot_0xa247 - 不正确的访问控制

损失：~$150K

测试

forge test --contracts ./src/test/2023-11/MEV_0xa247_exp.sol -vvv

合约

MEV_0xa247_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723591214262632562

20231111 MahaLend - 捐赠通货膨胀 ExchangeRate & 舍入误差

损失：~$20 K

测试

forge test --contracts ./src/test/2023-11/MahaLend_exp.sol -vvv

合约

MahaLend_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723223766350832071

20231110 Raft_fi - 捐赠通货膨胀 ExchangeRate & 舍入误差

损失：~$3.2 M

测试

forge test --contracts ./src/test/2023-11/Raft_exp.sol -vvv

合约

Raft_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1723229393529835972

20231110 grok - 缺乏滑点保护

损失：~26 ETH

测试

forge test --contracts ./src/test/2023-11/grok_exp.sol -vvv

合约

grok_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1722841076120130020

20231107 RBalancer - 业务逻辑缺陷

损失：~17 ETH

测试

forge test --contracts ./src/test/2023-11/RBalancer_exp.sol -vvv --evm-version "shanghai"

合约

RBalancer_exp.sol

链接参考

https://x.com/AnciliaInc/status/1722121056083943909

20231107 MEVbot - 缺乏访问控制

损失：~$2M

测试

forge test --contracts ./src/test/2023-11/bot_exp.sol -vvv

合约

bot_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1722101942061601052

20231106 TrustPad - 缺乏 msg.sender 地址验证

损失：~$155K

测试

forge test --contracts ./src/test/2023-11/TrustPad_exp.sol  -vvv

合约

TrustPad_exp.sol

链接参考

https://twitter.com/BeosinAlert/status/1721800306101793188

20231106 KR - 精度损失

损失：~$15K

测试

forge test --contracts ./src/test/2023-11/KR_exp.sol  -vvv

合约

KR_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x2abf871eb91d03bc8145bf2a415e79132a103ae9f2b5bbf18b8342ea9207ccd7

20231106 TheStandard_io - 缺乏滑点保护

损失：~$290K

测试

forge test --contracts ./src/test/2023-11/TheStandard_io_exp.sol -vvv

合约

TheStandard_io_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1721807569222549518

https://twitter.com/CertiKAlert/status/1721839125836321195

20231102 BRAND - 缺乏访问控制

损失：~23 WBNB

测试

forge test --contracts ./src/test/2023-11/BRAND_exp.sol  -vvv

合约

BRAND_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1720035913009709473

20231102 3913Token - 通货紧缩型代币攻击

损失：~$31354 USD$

测试

forge test --contracts ./src/test/2023-11/3913_exp.sol --evm-version 'shanghai' -vvv

合约

3913_exp.sol

链接参考

https://defimon.xyz/attack/bsc/0x8163738d6610ca32f048ee9d30f4aa1ffdb3ca1eddf95c0eba086c3e936199ed

20231101 OnyxProtocol - 精度损失漏洞

损失：~$2M

测试

forge test --contracts ./src/test/2023-11/OnyxProtocol_exp.sol --evm-version 'shanghai' -vvv

合约

OnyxProtocol_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1719697319824851051 https://defimon.xyz/attack/mainnet/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635 https://twitter.com/DecurityHQ/status/1719657969925677161

20231101 SwampFinance - 业务逻辑缺陷

损失：不明确

测试

forge test --contracts ./src/test/2023-11/SwampFinance_exp.sol -vvv

合约

SwampFinance_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1720373044517208261

20231031 UniBotRouter - 任意外部调用

损失：~$83,944 USD$

测试

forge test --contracts ./src/test/2023-10/UniBot_exp.sol --evm-version 'shanghai' -vvv

合约

UniBot_exp.sol

链接参考

https://twitter.com/PeckShieldAlert/status/1719251390319796477

20231030 LaEeb - 缺乏滑点保护

损失：~1.8 WBNB

测试

forge test --contracts ./src/test/2023-10/LaEeb_exp.sol -vvv

合约

LaEeb_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1718964562165420076

20231028 AstridProtocol - 业务逻辑缺陷

损失：~$127ETH

测试

forge test --contracts ./src/test/2023-10/Astrid_exp.sol --evm-version 'shanghai' -vvv

合约

Astrid_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1718454835966775325

20231024 MaestroRouter2 - 任意外部调用

损失：~$280ETH

测试

forge test --contracts ./src/test/2023-10/MaestroRouter2_exp.sol --evm-version 'shanghai' -vvv

合约

MaestroRouter2_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1717014871836098663

https://twitter.com/BeosinAlert/status/1717013965203804457

20231022 OpenLeverage - 业务逻辑缺陷

损失：~$8K

测试

forge test --contracts ./src/test/2023-10/OpenLeverage_exp.sol -vvv

合约

OpenLeverage_exp.sol

链接参考

https://defimon.xyz/exploit/bsc/0x5366c6ba729d9cf8d472500afc1a2976ac2fe9ff

20231019 kTAF - CompoundV2 通货膨胀攻击

损失：~$8K

测试

forge test --contracts ./src/test/2023-10/kTAF_exp.sol -vvv

合约

kTAF_exp.sol

链接参考

https://defimon.xyz/attack/mainnet/0x325999373f1aae98db2d89662ff1afbe0c842736f7564d16a7b52bf5c777d3a4

20231018 Hopelend - Div 精度损失

损失：~$825K

测试

forge test --contracts ./src/test/2023-10/Hopelend_exp.sol --evm-version 'shanghai' -vvv

合约

HopeLend_exp.sol

链接参考

https://twitter.com/immunefi/status/1722810650387517715

https://lunaray.medium.com/deep-dive-into-hopelend-hack-5962e8b55d3f

20231018 MicDao - 价格操纵

损失：~$13K

测试

forge test --contracts ./src/test/2023-10/MicDao_exp.sol -vvv

合约

MicDao_exp.sol

链接参考

https://twitter.com/CertiKAlert/status/1714677875427684544

https://twitter.com/ChainAegis/status/1714837519488205276

20231013 BelugaDex - 价格操纵

损失：~$175K

测试

forge test --contracts ./src/test/2023-10/BelugaDex_exp.sol -vvv

合约

BelugaDex_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1712676040471105870

https://twitter.com/CertiKAlert/status/1712707006979613097

20231013 WiseLending - 捐赠通货膨胀 ExchangeRate && 舍入误差

损失：~$260K

测试

forge test --contracts ./src/test/2023-10/WiseLending_exp.sol --evm-version 'shanghai' -vvv

合约

WiseLending_exp.sol

链接参考

https://twitter.com/bbbb/status/1712841315522638034

https://twitter.com/BlockSecTeam/status/1712871304993689709

20231012 Platypus - 业务逻辑缺陷

损失：~$2M

测试

forge test --contracts ./src/test/2023-10/Platypus03_exp.sol -vvv

合约

Platypus03_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1712445197538468298

https://twitter.com/peckshield/status/1712354198246035562

20231011 BH - 价格操纵

损失：~$1.27M

测试

forge test --contracts ./src/test/2023-10/BH_exp.sol -vvv

合约

BH_exp.sol

链接参考

https://twitter.com/BeosinAlert/status/1712139760813375973

https://twitter.com/DecurityHQ/status/1712118881425203350

20231008 ZS - 业务逻辑缺陷

损失：~$14K

测试

forge test --contracts ./src/test/202```markdown
#### 20230908 APIG - 业务逻辑缺陷

#### 损失：约 16.9 万美元

测试

forge test --contracts ./src/test/2023-09/APIG_exp.sol -vvv


##### 合约

[APIG_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/APIG_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1700128158647734745

---

#### 20230907 HCT - 价格操纵

#### 损失：约 30.5 BNB

测试

forge test --contracts ./src/test/2023-09/HCT_exp.sol -vvv


##### 合约

[HCT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HCT_exp.sol)

##### 链接参考

https://twitter.com/leovctech/status/1699775506785198499

---

#### 20230905 QuantumWN - Rebasing 逻辑问题

#### 损失：约 0.5 ETH

测试

forge test --contracts ./src/test/2023-09/QuantumWN_exp.sol -vvv


##### 合约

[QuantumWN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/QuantumWN_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 JumpFarm - Rebasing 逻辑问题

#### 损失：约 2.4 ETH

测试

forge test --contracts ./src/test/2023-09/JumpFarm_exp.sol -vvv


##### 合约

[JumpFarm_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/JumpFarm_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 HeavensGate - Rebasing 逻辑问题

#### 损失：约 8 ETH

测试

forge test --contracts ./src/test/2023-09/HeavensGate_exp.sol -vvv


##### 合约

[HeavensGate_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HeavensGate_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xe28ca1f43036f4768776805fb50906f8172f75eba3bf1d9866bcd64361fda834

---

#### 20230905 FloorDAO - Rebasing 逻辑问题

#### 损失：约 40 ETH

测试

forge test --contracts ./src/test/2023-09/FloorDAO_exp.sol -vvv


##### 合约

[FloorDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/FloorDAO_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1698962105058361392

https://medium.com/floordao/floor-post-mortem-incident-summary-september-5-2023-e054a2d5afa4

---

#### 20230902 DAppSocial - 业务逻辑缺陷

#### 损失：约 1.6 万美元

测试

forge test --contracts ./src/test/2023-09/DAppSocial_exp.sol -vvv


##### 合约

[DAppSocial_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/DAppSocial_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1698064511230464310

---

#### 20230829 EAC - 价格操纵

#### 损失：约 29 BNB

测试

forge test --contracts ./src/test/2023-08/EAC_exp.sol -vvv


##### 合约

[EAC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EAC_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1696520866564350157

---

#### 20230827 Balancer - 舍入误差 && 业务逻辑缺陷

#### 损失：约 200 万美元

测试

forge test --contracts ./src/test/2023-08/Balancer_exp.sol -vvv


##### 合约

[Balancer_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Balancer_exp.sol)

##### 链接参考

https://medium.com/balancer-protocol/rate-manipulation-in-balancer-boosted-pools-technical-postmortem-53db4b642492

https://blocksecteam.medium.com/yet-another-risk-posed-by-precision-loss-an-in-depth-analysis-of-the-recent-balancer-incident-fad93a3c75d4

---

#### 20230826 SVT - 有缺陷的价格计算

#### 损失：约 40 万美元

测试

forge test --contracts ./src/test/2023-08/SVT_exp.sol -vvv


##### 合约

[SVT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/SVT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1695285435671392504?s=20

---

#### 20230824 GSS - 提取 token 余额

#### 损失：约 2.5 万美元

测试

forge test --contracts ./src/test/2023-08/GSS_exp.sol -vvv


##### 合约

[GSS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/GSS_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1694571228185723099

---

#### 20230821 EHIVE - 业务逻辑缺陷

#### 损失：约 1.5 万美元

测试

forge test --contracts ./src/test/2023-08/EHIVE_exp.sol -vvv


##### 合约

[EHIVE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EHIVE_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1693636187485872583

---

#### 20230819 BTC20 - 价格操纵

#### 损失：约 18 ETH

测试

forge test --contracts ./src/test/2023-08/BTC20_exp.sol -vvv


##### 合约

[BTC20_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/BTC20_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1692924369662513472

---

#### 20230818 ExactlyProtocol - 验证不足

#### 损失：约 700 万美元

测试

forge test --contracts ./src/test/2023-08/Exactly_exp.sol -vvv


##### 合约

[Exactly_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Exactly_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1692533280971936059

https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed

---

#### 20230814 ZunamiProtocol - 价格操纵

#### 损失：约 200 万美元

测试

forge test --contracts ./src/test/2023-08/Zunami_exp.sol --evm-version 'shanghai' -vvv


##### 合约

[Zunami_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Zunami_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1690877589005778945

https://twitter.com/BlockSecTeam/status/1690931111776358400

---

#### 20230809 EarningFram - 重入

#### 损失：约 28.6 万美元

测试

forge test --contracts ./src/test/2023-08/EarningFram_exp.sol -vvv


##### 合约

[EarningFram_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EarningFram_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1689182459269644288

---

#### 20230802 CurveBurner - 缺乏滑点保护

#### 损失：约 3.6 万美元

测试

forge test --contracts ./src/test/2023-08/CurveBurner_exp.sol -vvv


##### 合约

[CurveBurner_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/CurveBurner_exp.sol)

##### 链接参考

https://medium.com/@Hypernative/exotic-culinary-hypernative-systems-caught-a-unique-sandwich-attack-against-curve-finance-6d58c32e436b

---

#### 20230802 Uwerx - 错误逻辑

#### 损失：约 176 ETH

测试

forge test --contracts ./src/test/2023-08/Uwerx_exp.sol -vvv


##### 合约

[Uwerx_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Uwerx_exp.sol)

##### 链接参考

https://twitter.com/deeberiroz/status/1686683788795846657

https://twitter.com/CertiKAlert/status/1686667720920625152

https://etherscan.io/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8

---

#### 20230801 NeutraFinance - 价格操纵

#### 损失：约 23 ETH

测试

forge test --contracts ./src/test/2023-08/NeutraFinance_exp.sol -vvv


##### 合约

[NeutraFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/NeutraFinance_exp.sol)

##### 链接参考

https://twitter.com/phalcon_xyz/status/1686654241111429120

---

#### 20230801 LeetSwap - 访问控制

#### 损失：约 63 万美元

测试

forge test --contracts ./src/test/2023-08/Leetswap_exp.sol -vvv


##### 合约

[Leetswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Leetswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1686217464051539968

https://twitter.com/peckshield/status/1686209024587710464

---

#### 20230731 GYMNET - 验证不足

#### 损失：不明确

测试

forge test --contracts ./src/test/2023-07/GYMNET_exp.sol -vvv


##### 合约

[GYMNET_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/GYMNET_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1686605510655811584

---

#### 20230730 Curve - Vyper 编译器 Bug && 重入

#### 损失：约 4100 万美元

测试

forge test --contracts ./src/test/2023-07/Curve_exp01.sol -vvv


##### 合约

[Curve_exp01.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp01.sol) | [Curve_exp02.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp02.sol)

##### 链接参考

https://hackmd.io/@LlamaRisk/BJzSKHNjn

---

#### 20230726 Carson - 价格操纵

#### 损失：约 15 万美元

测试

forge test --contracts ./src/test/2023-07/Carson_exp.sol -vvv


##### 合约

[Carson_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Carson_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1684393202252402688

https://twitter.com/Phalcon_xyz/status/1684503154023448583

https://twitter.com/hexagate_/status/1684475526663004160

---

#### 20230724 Palmswap - 业务逻辑缺陷

#### 损失：约 90 万美元

测试

forge test --contracts ./src/test/2023-07/Palmswap_exp.sol -vvv


##### 合约

[Palmswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Palmswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1683680026766737408

---

#### 20230723 MintoFinance - 签名重放

#### 损失：约 9 千美元

测试

forge test --contracts ./src/test/2023-07/MintoFinance_exp.sol -vvv


##### 合约

[MintoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/MintoFinance_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1683180340548890631

---

#### 20230722 Conic Finance 02 - 价格操纵

#### 损失：约 93.4 万美元

测试

forge test --contracts ./src/test/2023-07/Conic02_exp.sol --evm-version 'shanghai' -vvv


##### 合约

[Conic02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic02_exp.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/spreekaway/status/1682467603518726144

---

#### 20230721 Conic Finance - 只读重入 && 错误配置

#### 损失：约 325 万美元

测试

forge test --contracts ./src/test/2023-07/Conic_exp.sol -vvv


##### 合约

[Conic_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp.sol)|[Conic_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp2.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/BlockSecTeam/status/1682356244299010049

---

#### 20230721 SUT - 业务逻辑缺陷

#### 损失：约 8 千美元

测试

forge test --contracts ./src/test/2023-07/SUT_exp.sol -vvv


##### 合约

[SUT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/SUT_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1682983956080377857

---

#### 20230720 Utopia - 业务逻辑缺陷

#### 损失：约 11.9 万美元

测试

forge test --contracts ./src/test/2023-07/Utopia_exp.sol -vvv


##### 合约

[Utopia_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Utopia_exp.sol)

##### 链接参考

https://twitter.com/DeDotFiSecurity/status/1681923729645871104

https://twitter.com/bulu4477/status/1682380542564769793

---

#### 20230720 FFIST - 业务逻辑缺陷

#### 损失：约 11 万美元

测试

forge test --contracts ./src/test/2023-07/FFIST_exp.sol -vvv


##### 合约

[FFIST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/FFIST_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1681869807698984961

https://twitter.com/AnciliaInc/status/1681901107940065280

---

#### 20230718 APEDAO - 业务逻辑缺陷

#### 损失：约 7 千美元

测试

forge test --contracts ./src/test/2023-07/ApeDAO_exp.sol -vvv


##### 合约

[ApeDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ApeDAO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681316257034035201

---

#### 20230718 BNO - 无效的紧急提款机制

#### 损失：约 50.5 万美元

测试

forge test --contracts ./src/test/2023-07/BNO_exp.sol -vvv


##### 合约

[BNO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/BNO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681116206663876610

---

#### 20230717 NewFi - 缺乏滑点保护

#### 损失：约 3.1 万美元

测试

forge test --contracts ./src/test/2023-07/NewFi_exp.sol -vvv


##### 合约

[NewFi_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/NewFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1680961588323557376

---

#### 20230715 USDTStakingContract28 - 缺乏访问控制

#### 损失：约 20999 美元

测试

forge test --contracts ./src/test/2023-07/USDTStakingContract28_exp.sol -vvv


##### 合约

[USDTStakingContract28_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/USDTStakingContract28_exp.sol)

##### 链接参考

https://x.com/DecurityHQ/status/1680117291013267456

---

#### 20230712 Platypus - 业务逻辑缺陷

#### 损失：约 5.1 万美元

测试

forge test --contracts ./src/test/2023-07/Platypus02_exp.sol -vvv


##### 合约

[Platypus02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Platypus02_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678800450303164431

---

#### 20230712 WGPT - 业务逻辑缺陷

#### 损失：约 8 万美元

测试

forge test --contracts ./src/test/2023-07/WGPT_exp.sol -vvv


##### 合约

[WGPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/WGPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1679042549946933248

https://twitter.com/BeosinAlert/status/1679028240982368261

---

#### 20230711 RodeoFinance - TWAP Oracle 操纵

#### 损失：约 88.8 万美元

测试

forge test --contracts ./src/test/2023-07/RodeoFinance_exp.sol -vvv


##### 合约

[RodeoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/RodeoFinance_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678765773396008967

https://twitter.com/peckshield/status/1678700465587130368

https://medium.com/@Rodeo_Finance/rodeo-post-mortem-overview-f35635c14101

---

#### 20230711 Libertify - 重入

#### 损失：约 45.2 万美元

测试

forge test --contracts ./src/test/2023-07/Libertify_exp.sol -vvv


##### 合约

[Libertify_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Libertify_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678688731908411393

https://twitter.com/Phalcon_xyz/status/1678694679767031809

---

#### 20230710 ArcadiaFi - 重入

#### 损失：约 40 万美元

测试

forge test --contracts ./src/test/2023-07/ArcadiaFi_exp.sol -vvv


##### 合约

[ArcadiaFi_exp.so](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ArcadiaFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678250590709899264

https://twitter.com/peckshield/status/1678265212770693121

---

#### 20230708 CIVNFT - 缺乏访问控制

#### 损失：约 18 万美元

测试

forge test --contracts ./src/test/2023-07/CIVNFT_exp.sol -vvv


##### 合约

[CIVNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/CIVNFT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1677722208893022210

https://news.civfund.org/civtrade-hack-analysis-9a2398a6bc2e

https://blog.solidityscan.com/civnft-hack-analysis-4ee79b8c33d1

---

#### 20230708 Civfund - 缺乏访问控制

#### 损失：约 16.5 万美元

测试

forge test --contracts ./src/test/2023-07/Civfund_exp.sol -vvv


##### 合约

[Civfund_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Civfund_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1677529544062803969

https://twitter.com/BeosinAlert/status/1677548773269213184

---

#### 20230707 LUSD - 价格操纵攻击

#### 损失：约 9464 USDT

测试

forge test --contracts ./src/test/2023-07/LUSD_exp.sol -vvv


##### 合约

[LUSD_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2023-07/LUSD_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1677391242878140417

---

#### 20230704 BambooIA - 价格操纵攻击

#### 损失：约 200 BNB

测试

forge test --contracts ./src/test/2023-07/Bamboo_exp.sol -vvv


##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bamboo_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1676220090142916611

https://twitter.com/eugenioclrc

---

#### 20230704 BaoCommunity - 捐赠通货膨胀汇率 && 舍入误差

#### 损失：约 4.6 万美元

测试

forge test --contracts ./src/test/2023-07/bao_exp.sol -vvv


##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bao_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1676224397248454657

---

#### 20230703 AzukiDAO - 无效的签名验证

#### 损失：约 6.9 万美元

测试

forge test --contracts ./src/test/2023-07/AzukiDAO_exp.sol -vvv


##### 合约

[AzukiDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/AzukiDAO_exp.sol)

##### 链接参考

https://twitter.com/sharkteamorg/status/1676892088930271232

---

#### 20230630 Biswap - V3Migrator 利用

#### 损失：约 7.2 万美元

测试

forge test --contracts ./src/test/2023-06/Biswap_exp.sol -vvv


##### 合约

[Biswap_exp.sol](https://github.com/Sun#### 20230615 CFC - Uniswap Skim() token balance attack （Uniswap Skim() token 余额攻击）

#### 损失：~$1.6万

测试

forge test --contracts ./src/test/2023-06/CFC_exp.sol -vvv


##### 合约

[CFC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CFC_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1669280632738906113

---

#### 20230615 DEPUSDT_LEVUSDC - 不正确的访问控制

#### 损失：~$10.5万

测试

forge test --contracts ./src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol -vvv


##### 合约

[DEPUSDT_LEVUSDC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1669278694744150016?cxt=HHwWgMDS9Z2IvKouAAAA

---

#### 20230612 Sturdy Finance - 只读重入 (Read-Only-Reentrancy)

#### 损失：~$80万

测试

forge test --contracts ./src/test/2023-06/Sturdy_exp.sol -vvv


##### 合约

[Sturdy_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Sturdy_exp.sol)

##### 链接参考

https://sturdyfinance.medium.com/exploit-post-mortem-49261493307a

https://twitter.com/AnciliaInc/status/1668081008615325698

https://twitter.com/BlockSecTeam/status/1668084629654638592

---

#### 20230611 SellToken04 - 价格操纵

#### 损失：~$10.9万

测试

forge test --contracts ./src/test/2023-06/SELLC03_exp.sol -vvv


##### 合约

[SELLC03_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/SELLC03_exp.sol)

##### 链接参考

https://twitter.com/EoceneSecurity/status/1668468933723328513

---

#### 20230607 CompounderFinance - 通过可交换资产数量的波动来操纵资金

#### 损失：~$27,174

Testing

forge test --contracts ./src/test/2023-06/CompounderFinance_exp.sol -vvv


##### Contract

[CompounderFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CompounderFinance_exp.sol)

##### Link Reference

https://twitter.com/numencyber/status/1666346419702362112

---

#### 20230606 VINU - 价格操纵

#### 损失：~$6千

测试

forge test --contracts ./src/test/2023-06/VINU_exp.sol -vvv


##### 合约

[VINU_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/VINU_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1666051854386511873?cxt=HHwWgoC24bPVgJ8uAAAA

---

#### 20230606 UN - 价格操纵

#### 损失：~$2.6万

测试

forge test --contracts ./src/test/2023-06/UN_exp.sol -vvv


##### 合约

[UN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/UN_exp.sol)

##### 链接参考

https://twitter.com/MetaTrustAlert/status/1667041877428932608

---

#### 20230602 NST Simple Swap - 未验证的合约，错误的授权

#### 损失：$4万

这次攻击在一个单独的交易中执行，导致从 swap 合约中盗取了价值 $40,000 美元的 USDT。

forge test --contracts ./src/test/2023-06/NST_exp.sol -vvv


##### 合约

[NST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/NST_exp.sol)

##### 链接参考

https://discord.com/channels/1100129537603407972/1100129538056396870/1114142216923926528

---

#### 20230601 DDCoin - 闪电贷攻击和智能合约漏洞

#### 损失：~$30万

测试

forge test --contracts ./src/test/2023-06/DDCoin_exp.sol -vvv


##### 合约

[DDCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DDCoin_exp.sol)

##### 链接参考

https://twitter.com/ImmuneBytes/status/1664239580210495489
https://twitter.com/ChainAegis/status/1664192344726581255?cxt=HHwWjsDRldmHs5guAAAA

---

#### 20230601 Cellframenet - 流动性迁移期间的计算问题

#### 损失：~$7.6万

测试

forge test --contracts ./src/test/2023-06/Cellframe_exp.sol -vvv


##### 合约

[Cellframe_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Cellframe_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1664132985883615235?cxt=HHwWhoDTqceImJguAAAA

---

#### 20230531 ERC20TokenBank - 价格操纵

#### 损失：~$11.1万

测试

forge test --contracts ./src/test/2023-05/ERC20TokenBank_exp.sol -vvv


##### 合约

[ERC20TokenBank.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/ERC20TokenBank_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1663810037788311561

---

#### 20230529 Jimbo - 协议特定价格操纵

#### 损失：~$800万

测试

forge test --contracts ./src/test/2023-05/Jimbo_exp.sol -vvv


##### 合约

[Jimbo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Jimbo_exp.sol)

##### 链接参考

https://twitter.com/cryptofishx/status/1662888991446941697

https://twitter.com/yicunhui2/status/1663793958781353985

---

#### 20230529 BabyDogeCoin - 缺乏滑点保护

#### 损失：~$13.5万

测试

forge test --contracts ./src/test/2023-05/BabyDogeCoin_exp.sol -vvv


##### 合约

[BabyDogeCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/BabyDogeCoin_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1662744426475831298

---

#### 20230529 FAPEN - 错误的余额检查

#### 损失：~$600

测试

forge test --contracts ./src/test/2023-05/FAPEN_exp.sol -vvv


##### 合约

[FAPEN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/FAPEN_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501550600302601

---

#### 20230529 NOON (NO) - 函数中错误的可见性

#### 损失：~$2千

测试

forge test --contracts ./src/test/2023-05/NOON_exp.sol -vvv


##### 合约

[NOON_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NOON_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501545105702912

---

#### 20230525 GPT Token - 手续费机制漏洞 (Fee Machenism Exploitation)

#### 损失：~$4.2万

测试

forge test --contracts ./src/test/2023-05/GPT_exp.sol -vvv


##### 合约

[GPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/GPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1661424685320634368

---

#### 20230524 Local Trade LCT - 闭源合约的不正确访问控制

#### 损失：~384 BNB

测试

forge test --contracts ./src/test/2023-05/LocalTrader_exp.sol -vvv


##### 合约

[LocalTrader_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader_exp.sol) | [LocalTrader2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader2_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1661213691893944320

---

#### 20230524 CS Token - 过时的全局变量

#### 损失：~71.4万美元

测试

forge test --contracts ./src/test/2023-05/CS_exp.sol -vvv


##### 合约

[CS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/CS_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1661098394130198528

https://twitter.com/numencyber/status/1661207123102167041

---

#### 20230523 LFI Token - 业务逻辑缺陷

#### 损失：~3.6万美元

测试

forge test --contracts ./src/test/2023-05/LFI_exp.sol -vvv


##### 合约

[LFI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LFI_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1660767088699666433

---

#### 20230514 landNFT - 缺乏权限控制

#### 损失：149,616 $BUSD

测试

forge test --contracts ./src/test/2023-05/landNFT_exp.sol -vvv


##### 合约

[landNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/landNFT_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1658000784943124480

---

#### 20230514 SellToken03 - 未经检查的用户输入

#### 损失：不明确

测试

forge test --contracts ./src/test/2023-05/SELLC02_exp.sol -vvv


##### 合约

[SELLC02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC02_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657715018908180480

---

#### 20230513 Bitpaidio - 业务逻辑缺陷

#### 损失：~$3万

测试

forge test --contracts ./src/test/2023-05/Bitpaidio_exp.sol -vvv


##### 合约

[Bitpaidio_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Bitpaidio_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657411284076478465

---

#### 20230512 LW - 闪电贷价格操纵

#### 损失：~$5万

测试

forge test --contracts ./src/test/2023-05/LW_exp.sol -vvv


##### 合约

[LW_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LW_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1656850634312925184

https://twitter.com/hexagate_/status/1657051084131639296

---

#### 20230513 SellToken02 - 价格操纵

#### 损失：~$19.7万

测试

forge test --contracts ./src/test/2023-05/SellToken_exp.sol -vvv


##### 合约

[SellToken_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SellToken_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657324561577435136

---

#### 20230511 SellToken01 - 业务逻辑缺陷

#### 损失：~$9.5万

测试

forge test --contracts ./src/test/2023-05/SELLC_exp.sol -vvv


##### 合约

[SELLC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1656337400329834496

https://twitter.com/AnciliaInc/status/1656341587054702598

---

#### 20230510 SNK - 奖励计算错误

#### 损失：~$19.7万

测试

forge test --contracts ./src/test/2023-05/SNK_exp.sol -vvv


##### 合约

[SNK_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SNK_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1656176776425644032

---

#### 20230509 MCC - 反射 token (Reflection token)

#### 损失：~$10 ETH

测试

forge test --contracts ./src/test/2023-05/MultiChainCapital_exp.sol -vvv


##### 合约

[MultiChainCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/MultiChainCapital_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1655846558762692608

---

#### 20230509 HODL - 反射 token (Reflection token)

#### 损失：~$2.3 ETH

测试

forge test --contracts ./src/test/2023-05/HODLCapital_exp.sol -vvv


##### 合约

[HODLCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/HODLCapital_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xedc214a62ff6fd764200ddaa8ceae54f842279eadab80900be5f29d0b75212df

https://x.com/numencyber/status/1655825767392247808

---

#### 20230506 Melo - 访问控制

#### 损失：~$9万

测试

forge test --contracts ./src/test/2023-05/Melo_exp.sol -vvv


##### 合约

[Melo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Melo_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1654667621139349505

---

#### 20230505 DEI - 错误的实现

##### 损失：~540万美元 USDC

测试

forge test --contracts ./src/test/2023-05/DEI_exp.sol -vvv


##### 合约

[DEI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/DEI_exp.sol)

##### 链接参考

https://twitter.com/eugenioclrc/status/1654576296507088906

---

#### 20230503 NeverFall - 价格操纵

#### 损失：~7.4万

测试

forge test --contracts ./src/test/2023-05/NeverFall_exp.sol -vvv


##### 合约

[NeverFall_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NeverFall_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1653619782317662211

---

#### 20230502 Level - 业务逻辑缺陷

#### 损失：~$100万

测试

forge test --contracts ./src/test/2023-05/Level_exp.sol -vvv


##### 合约

[Level_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Level_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1653149493133729794

https://twitter.com/BlockSecTeam/status/1653267431127920641

---

#### 20230428 0vix - 闪电贷价格操纵

#### 损失：~$200万

测试

forge test --contracts ./src/test/2023-04/0vix_exp.sol -vvv


##### 合约

[0vix_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/0vix_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1651932529874853888

https://twitter.com/peckshield/status/1651923235603361793

https://twitter.com/Mudit__Gupta/status/1651958883634536448

---

#### 20230427 Silo finance - 业务逻辑缺陷

#### 损失：无

测试

forge test --contracts ./src/test/2023-04/silo_finance_exp.sol -vvv


##### 合约

[silo_finance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/silo_finance_exp.sol)

##### 链接参考

https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a

---

#### 20230424 Axioma - 业务逻辑缺陷

#### 损失：~21 WBNB

测试

forge test --contracts ./src/test/2023-04/Axioma_exp.sol -vvv


##### 合约

[Axioma_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Axioma_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1650382589847302145

---

#### 20230419 OLIFE - 反射 token (Reflection token)

#### 损失：~32 WBNB

测试

forge test --contracts ./src/test/2023-04/OLIFE_exp.sol -vvv


##### 合约

[OLIFE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/OLIFE_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1648520494516420608

---

#### 20230416 Swapos V2 - 错误的 k 值攻击

#### 损失：~$46.8万

测试

forge test --contracts ./src/test/2023-04/Swapos_exp.sol -vvv


##### 合约

[Swapos_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Swapos_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1647530789947469825

https://twitter.com/BeosinAlert/status/1647552192243728385

---

#### 20230415 HundredFinance - 捐赠通货膨胀汇率 (Donate Inflation ExchangeRate) && 舍入误差 (Rounding Error)

#### 损失：$700万

测试

forge test --contracts ./src/test/2023-04/HundredFinance_2_exp.sol -vvv


##### 合约

[HundredFinance_2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/HundredFinance_2_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1647307128267476992

https://twitter.com/danielvf/status/1647329491788677121

https://twitter.com/hexagate_/status/1647334970258608131

https://blog.hundred.finance/15-04-23-hundred-finance-hack-post-mortem-d895b618cf33

---

#### 20230413 yearnFinance - 错误配置

#### 损失：$1160万

测试

forge test --contracts ./src/test/2023-04/YearnFinance_exp.sol -vvv


##### 合约

[YearnFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/YearnFinance_exp.sol)

##### 链接参考

https://twitter.com/cmichelio/status/1646422861219807233

https://twitter.com/BeosinAlert/status/1646481687445114881

---

#### 20230412 MetaPoint - 不受限制的授权

#### 损失：$82万(2500BNB)

测试

forge test --contracts ./src/test/2023-04/MetaPoint_exp.sol -vvv


##### 合约

[MetaPoint_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/MetaPoint_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1645980197987192833

https://twitter.com/Phalcon_xyz/status/1645963327502204929

---

#### 20230411 Paribus - 重入

#### 损失：$10万

测试

forge test --contracts ./src/test/2023-04/Paribus_exp.sol -vvv


##### 合约

[Paribus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Paribus_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1645742620897955842

https://twitter.com/BlockSecTeam/status/1645744655357575170

https://twitter.com/peckshield/status/1645742296904929280

---

#### 20230409 SushiSwap - 未经检查的用户输入

#### 损失：>$330万

测试

forge test --contracts ./src/test/2023-04/Sushi_Router_exp.sol -vvv


##### 合约

[Sushi_Router_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sushi_Router_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1644907207530774530

https://twitter.com/SlowMist_Team/status/1644936375924584449

https://twitter.com/AnciliaInc/status/1644925421006520320

---

#### 20230405 Sentiment - 只读重入 (Read-Only-Reentrancy)

#### 损失：$100万

测试

forge test --contracts ./src/test/2023-04/Sentiment_exp.sol -vvv


##### 合约

[Sentiment_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sentiment_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1643417467879059456

https://twitter.com/spreekaway/status/1643313471180644360

https://medium.com/coinmonks/theoretical-practical-balancer-and-read-only-reentrancy-part-1-d6a21792066c

---

#### 20230402 Allbridge - 闪电贷价格操纵

#### 损失：$55万

测试

forge test --contracts ./src/test/2023-04/Allbridge_exp.sol -vvv


##### 合约

[Allbrideg_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp.sol) | [Allbrideg_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp2.sol)

##### 链接参考

https://twitter.com/peckshield/status/1642356701100916736

https://twitter.com/BeosinAlert/status/1642372700726505473

---

#### 20230328 SafeMoon Hack - 访问控制

#### 损失：$890万

测试

forge test --contracts ./src/test/2023-03/safeMoon_exp.sol -vvv


##### 合约

[safeMoon_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-03/safeMoon_exp.sol)

##### 链接参考

https://twitter.com/zokyo_io/status/164101452[DYNA_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/DYNA_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1628319536117153794

https://twitter.com/BeosinAlert/status/1628301635834486784

---

#### 20230218 - RevertFinance - 任意外部调用漏洞

#### 损失: ~$3万

测试

forge test --contracts ./src/test/2023-02/RevertFinance_exp.sol -vvv


##### 合约

[RevertFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/RevertFinance_exp.sol)

##### 链接参考

https://mirror.xyz/revertfinance.eth/3sdpQ3v9vEKiOjaHXUi3TdEfhleAXXlAEWeODrRHJtU

---

#### 20230217 - Starlink - 业务逻辑缺陷

#### 损失: ~$1.2万

测试

forge test --contracts ./src/test/2023-02/Starlink_exp.sol -vvv


##### 合约

[Starlink_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Starlink_exp.sol)

##### 链接参考

https://twitter.com/NumenAlert/status/1626447469361102850

https://twitter.com/bbbb/status/1626392605264351235

---

#### 20230217 - Dexible - 任意外部调用漏洞

#### 损失: ~$150万

测试

forge test --contracts src/test/2023-02/Dexible_exp.sol -vvv


##### 合约

[Dexible_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Dexible_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626493024879673344

https://twitter.com/MevRefund/status/1626450002254958592

---

#### 20230217 - Platypusdefi - 业务逻辑缺陷

#### 损失: ~$850万

测试

forge test --contracts src/test/2023-02/Platypus_exp.sol -vvv


##### 合约

[Platypus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Platypus_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626367531480125440

https://twitter.com/spreekaway/status/1626319585040338953

---

#### 20230210 - Sheep - 反射代币

#### 损失: ~$3千

测试

forge test --contracts src/test/2023-02/Sheep_exp.sol -vvv


##### 合约

[Sheep_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Sheep_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1623999717482045440

https://twitter.com/BlockSecTeam/status/1624077078852210691

---

#### 20230210 - dForce - 只读重入

#### 损失: ~$365万

测试

forge test --contracts ./src/test/2023-02/dForce_exp.sol -vvv


##### 合约

[dForce_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/dForce_exp.sol)

##### 链接参考

https://twitter.com/SlowMist_Team/status/1623956763598000129

https://twitter.com/BlockSecTeam/status/1623901011680333824

https://twitter.com/peckshield/status/1623910257033617408

---

#### 20230207 - CowSwap - 任意外部调用漏洞

#### 损失: ~$12万

测试

forge test --contracts ./src/test/2023-02/CowSwap_exp.sol -vvv


##### 合约

[CowSwap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/CowSwap_exp.sol)

##### 链接参考

https://twitter.com/MevRefund/status/1622793836291407873

https://twitter.com/peckshield/status/1622801412727148544

---

#### 20230206 - FDP - 反射代币

#### 损失: ~16 WBNB

测试

forge test --contracts src/test/2023-02/FDP_exp.sol -vv


##### 合约

[FDP_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/FDP_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1622806011269771266

---

#### 20230203 - Spherax USDs - 余额重新计算错误

#### 损失: ~30.9万 USDs (稳定币)

测试

forge test --contracts ./src/test/2023-02/USDs_exp.sol -vv


##### 合约

[USDs_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/USDs_exp.sol)

##### 链接参考

https://twitter.com/danielvf/status/1621965412832350208

https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c

---

#### 20230203 - Orion Protocol - 重入

#### 损失: $300万

测试

forge test --contracts ./src/test/2023-02/Orion_exp.sol -vvv


##### 合约

[Orion_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Orion_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1621337925228306433

https://twitter.com/BlockSecTeam/status/1621263393054420992

https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/

---

#### 20230202 - BonqDAO - 价格预言机操纵

#### 损失: BEUR 稳定币和 ALBT 代币 (~8800万美元)

测试

forge test --contracts ./src/test/2023-02/BonqDAO_exp.sol -vv


##### 合约

[BonqDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/BonqDAO_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1621043757390123008

https://twitter.com/SlowMist_Team/status/1621087651158966274

---

#### 20230130 - BEVO - 反射代币

#### 损失: 144 BNB

测试

```sh
forge test --contracts ./src/test/2023-01/BEVO_exp.sol -vvv

合约

BEVO_exp.sol

链接参考

https://twitter.com/QuillAudits/status/1620377951836708865

20230126 - TINU - 反射代币

损失: 22 ETH

测试

forge test --contracts ./src/test/2023-01/TINU_exp.sol -vv

合约

TINU_exp.sol

链接参考

https://twitter.com/libevm/status/1618718156343873536

20230119 - SHOCO - 反射代币

损失: ~4ETH

测试

forge test --contracts ./src/test/2023-01/SHOCO_exp.sol -vvvgit

合约

SHOCO_exp.sol

链接参考

https://github.com/Autosaida/DeFiHackAnalysis/blob/master/analysis/230119_SHOCO.md

20230119 - ThoreumFinance - 业务逻辑缺陷

损失: ~2000 BNB

测试

forge test --contracts ./src/test/2023-01/ThoreumFinance_exp.sol -vvv

合约

ThoreumFinance_exp.sol

链接参考

https://bscscan.com/tx/0x3fe3a1883f0ae263a260f7d3e9b462468f4f83c2c88bb89d1dee5d7d24262b51 https://twitter.com/AnciliaInc/status/1615944396134043648

20230118 - QTNToken - 业务逻辑缺陷

损失: ~2ETH

测试

forge test --contracts ./src/test/2023-01/QTN_exp.sol -vvv

合约

QTN_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1615625901739511809

20230118 - UPSToken - 业务逻辑缺陷

损失: ~22 ETH

测试

forge test --contracts ./src/test/2023-01/Upswing_exp.sol -vvv

合约

Upswing_exp.sol

链接参考

https://etherscan.io/tx/0x4b3df6e9c68ae482c71a02832f7f599ff58ff877ec05fed0abd95b31d2d7d912 https://twitter.com/QuillAudits/status/1615634917802807297

20230117 - OmniEstate - 无输入参数检查

损失: $7万 (236 BNB)

测试

forge test --contracts ./src/test/2023-01/OmniEstate_exp.sol -vvv

合约

OmniEstate_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1615232012834705408

20230116 - MidasCapital - 只读重入

损失: $65万

测试

forge test --contracts ./src/test/2023-01/Midas_exp.sol -vvv

合约

Midas_exp.sol

链接参考

https://twitter.com/peckshield/status/1614774855999844352

https://twitter.com/BlockSecTeam/status/1614864084956254209

20230111 - UFDao - 不正确的参数设置

损失: $9万

测试

forge test --contracts ./src/test/2023-01/UFDao_exp.sol -vvv

合约

UFDao_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1613507804412940289

20230111 - RoeFinance - 闪电贷价格操纵

损失: $8万

测试

forge test --contracts ./src/test/2023-01/RoeFinance_exp.sol -vvv

合约

RoeFinance_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1613267000913960976

20230110 - BRA - 业务逻辑缺陷

损失: 819 BNB (~22.4万美元)

测试

forge test --contracts ./src/test/2023-01/BRA_exp.sol -vvv

合约

BRA_exp.sol

链接参考

https://twitter.com/CertiKAlert/status/1612674916070858753

https://twitter.com/BlockSecTeam/status/1612701106982862849

20230103 - GDS - 业务逻辑缺陷

损失: $18万

测试

forge test --contracts ./src/test/2023-01/GDS_exp.sol -vvv

合约

GDS_exp.sol

链接参考

https://twitter.com/peckshield/status/1610095490368180224

https://twitter.com/BlockSecTeam/status/1610167174978760704

原文链接： github.com/SunWeb3Sec/De...

登链社区 AI 助手，为大家转译优秀英文文章，如有翻译不通的地方，还请包涵～

本文参与登链社区写作激励计划，好文好收益，欢迎正在阅读的你也加入。