DeFi黑客复现 - Foundry

该文档整理了2023年DeFi领域发生的安全事件,总共包含214起。每一条事件都列出了被攻击的项目名称、攻击日期、攻击类型、损失金额,以及复现漏洞的 Foundry 测试代码,和相关参考链接,可以帮助安全研究人员快速了解DeFi安全态势。

DeFi 黑客复现 - Foundry

2023 - 过去的 DeFi 事件列表

包括 214 起事件。

20231231 Channels BUSD&USDC

20231230 ChannelsFinance

20231228 CCV

20231228 DominoTT

20231225 Telcoin

20231222 PineProtocol

20231220 TransitFinance

20231217 Bob

20231217 FloorProtocol

20231216 GoodDollar

20231216 KEST

20231216 NFTTrader

20231214 PHIL

20231213 HYPR

20231211 GoodCompound

20231209 BCT

20231207 HNet

20231206 TIME

20231206 ElephantStatus

20231205 MAMO

20231205 BEARNDAO

20231202 bZxProtocol

20231201 UnverifiedContr_0x431abb

20231130 EEE

20231130 CAROLProtocol

20231129 Burntbubba

20231129 AIS

20231128 FiberRouter

20231125 MetaLend

20231125 TheNFTV2

20231122 KyberSwap

20231117 Token8633_9419

20231117 ShibaToken

20231116 WECO

20231115 EHX

20231115 XAI

20231115 LinkDAO

20231114 OKC Project

20231112 MEV_0x8c2d

20231112 MEV_0xa247

20231111 Mahalend

20231110 Raft_fi

20231110 GrokToken

20231107 RBalancer

20231107 MEVbot

20231106 TrustPad

20231106 TheStandard_io

20231106 KR

20231102 BRAND

20231102 3913Token

20231101 SwampFinance

20231101 OnyxProtocol

20231031 UniBotRouter

20231030 LaEeb

20231028 AstridProtocol

20231024 MaestroRouter2

20231022 OpenLeverage

20231019 kTAF

20231018 HopeLend

20231018 MicDao

20231013 BelugaDex

20231013 WiseLending

20231012 Platypus

20231011 BH

20231008 ZS

20231008 pSeudoEth

20231007 StarsArena

20231005 DePayRouter

20230930 FireBirdPair

20230929 DEXRouter

20230926 XSDWETHpool

20230924 KubSplit

20230921 CEXISWAP

20230916 uniclyNFT

20230911 0x0DEX

20230909 BFCToken

20230908 APIG

20230907 HCT

20230905 QuantumWN

20230905 JumpFarm

20230905 HeavensGate

20230905 FloorDAO

20230902 DAppSocial

20230829 EAC

20230827 Balancer

20230826 SVT

20230824 GSS

20230821 EHIVE

20230819 BTC20

20230818 ExactlyProtocol

20230814 ZunamiProtocol

20230809 EarningFram

20230802 CurveBurner

20230802 Uwerx

20230801 NeutraFinance

20230801 LeetSwap

20230731 GYMNET

20230730 Curve

20230726 Carson

20230724 Palmswap

20230723 MintoFinance

20230722 ConicFinance02

20230721 ConicFinance

20230721 SUT

20230720 Utopia

20230720 FFIST

20230718 APEDAO

20230718 BNO

20230717 NewFi

20230715 USDTStakingContract28

20230712 Platypus

20230712 WGPT

20230711 RodeoFinance

20230711 Libertify

20230710 ArcadiaFi

20230708 CIVNFT

20230708 Civfund

20230707 LUSD

20230704 BambooIA

20230704 BaoCommunity

20230703 AzukiDAO

20230630 Biswap

20230630 MyAi

20230628 Themis

20230627 UnverifiedContr_9ad32

20230627 STRAC

20230623 SHIDO

20230621 BabyDogeCoin02

20230621 BUNN

20230620 MIM

20230619 Contract_0x7657

20230618 ARA

20230617 MidasCapitalXYZ

20230617 Pawnfi

20230615 CFC

20230615 DEPUSDT_LEVUSDC

20230612 Sturdy Finance

20230611 SellToken04

20230607 CompounderFinance

20230606 VINU

20230606 UN

20230602 NST SimpleSwap

20230601 DDCoin

20230601 Cellframenet

20230531 ERC20TokenBank

20230529 Jimbo

20230529 BabyDogeCoin

20230529 FAPEN

20230529 NOON_NO

20230525 GPT

20230524 LocalTrade

20230524 CS

20230523 LFI

20230514 landNFT

20230514 SellToken03

20230513 Bitpaidio

20230513 SellToken02

20230512 LW

20230511 SellToken01

20230510 SNK

20230509 MCC

20230509 HODL

20230506 Melo

20230505 DEI

20230503 NeverFall

20230502 Level

20230428 0vix

20230427 SiloFinance

20230424 Axioma

20230419 OLIFE

20230416 Swapos V2

20230415 HundredFinance

20230413 yearnFinance

20230412 MetaPoint

20230411 Paribus

20230409 SushiSwap

20230405 Sentiment

20230402 Allbridge

20230328 SafeMoon Hack

20230328 THENA

20230325 DBW

20230322 BIGFI

20230317 ParaSpace NFT

20230315 Poolz

20230313 EulerFinance

20230308 DKP

20230307 Phoenix

20230227 LaunchZone

20230227 SwapX

20230224 EFVault

20230222 DYNA

20230218 RevertFinance

20230217 Starlink

20230217 Dexible

20230217 Platypusdefi

20230210 Sheep Token

20230210 dForce

20230207 CowSwap

20230206 FDP Token

20230203 Orion Protocol

20230203 Spherax USDs

20230202 BonqDAO

20230130 BEVO

20230126 TomInu Token

20230119 SHOCO Token

20230119 ThoreumFinance

20230118 QTN Token

20230118 UPS Token

20230117 OmniEstate

20230116 MidasCapital

20230111 UFDao

20230111 ROE

20230110 BRA

20230103 GDS

20231231 Channels - 价格操纵

损失:约 $4.4K

forge test --contracts ./src/test/2023-12/Channels_exp.sol -vvv --evm-version shanghai
合约

Channels_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0xcf729a9392b0960cd315d7d49f53640f000ca6b8a0bd91866af5821fdf36afc5


20231230 ChannelsFinance - CompoundV2 膨胀攻击

损失:约 320K

forge test --contracts src/test/2023-12/ChannelsFinance_exp.sol -vvv
合约

ChannelsFinance_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1741353303542501455


20231228 CCV - 精度损失

损失:约 3.2K $BUSD

forge test --contracts src/test/2023-12/CCV_exp.sol -vvv
合约

CCV_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x6ba4152db9da45f5751f2c083bf77d4b3385373d5660c51fe2e4382718afd9b4


20231228 DominoTT - 精度损失

损失:约 5 $WBNB

forge test --contracts src/test/2023-12/DominoTT_exp.sol -vvv
合约

DominoTT_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x1ee617cd739b1afcc673a180e60b9a32ad3ba856226a68e8748d58fcccc877a8


20231225 Telcoin - 存储冲突

损失:约 1,24M

forge test --contracts ./src/test/2023-12/Telcoin_exp.sol -vvv
合约

Telcoin_exp.sol

链接参考

https://blocksec.com/phalcon/blog/telcoin-security-incident-in-depth-analysis

https://hacked.slowmist.io/?c=&page=2


20231222 PineProtocol - 业务逻辑缺陷

损失:约 90k

forge test --contracts ./src/test/2023-12/PineProtocol_exp.sol -vvv
合约

PineProtocol_exp.sol

链接参考##### 链接参考

https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure


20231206 ElephantStatus - 价格操纵

损失:~$165k

测试

forge test --contracts ./src/test/2023-12/ElephantStatus_exp.sol -vvv
合约

ElephantStatus_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1732354930529435940


20231205 MAMO - 价格操纵

损失:~$3.3K

forge test --contracts ./src/test/2023-12/MAMO_exp.sol -vvv --evm-version shanghai
合约

MAMO_exp.sol

链接参考

https://bscscan.com/tx/0x189a8dc1e0fea34fd7f5fa78c6e9bdf099a8d575ff5c557fa30d90c6acd0b29f


20231205 BEARNDAO - 业务逻辑缺陷

损失:~$769k

测试

forge test --contracts ./src/test/2023-12/BEARNDAO_exp.sol -vvv
合约

BEARNDAO_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1732159377749180646


20231202 bZxProtocol - 通货膨胀攻击

损失:~$208k

测试

forge test --contracts ./src/test/2023-12/bZx_exp.sol -vvv
合约

bZx_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730811240942088263


20231201 UnverifiedContr_0x431abb - 业务逻辑缺陷

损失:~$500k

测试

forge test --contracts ./src/test/2023-12/UnverifiedContr_0x431abb_exp.sol -vvv
合约

UnverifiedContr_0x431abb_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1730625352953901123


20231130 EEE - 价格操纵

损失:~$22.8K

forge test --contracts ./src/test/2023-11/EEE_exp.sol -vvv --evm-version shanghai
合约

EEE_exp.sol

链接参考

https://bscscan.com/tx/0x7312d9f9c13fc69f00f58e92a112a3e7f036ced7e65f7e0fa67382488d5557dc


20231130 CAROLProtocol - 通过重入进行价格操纵

损失:~$53k

测试

forge test --contracts ./src/test/2023-11/CAROLProtocol_exp.sol -vvv
合约

CAROLProtocol_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730496513359647167


20231129 Burntbubba - 价格操纵

损失:~$3K

测试

forge test --contracts src/test/2023-11/Burntbubba_exp.sol -vvv
合约

Burntbubba_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1730044259087315046


20231129 AIS - 验证不足

损失:~$61k

测试

forge test --contracts ./src/test/2023-11/AIS_exp.sol -vvv
合约

AIS_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1729861048004391306


20231128 FiberRouter - 输入验证

损失:18 eth

测试

forge test --contracts ./src/test/2023-11/FiberRouter_exp.sol -vvv
合约

FiberRouter_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1729323254610002277


20231125 MetaLend - CompoundV2 通货膨胀攻击

损失:~$4K

测试

forge test --contracts src/test/2023-11/MetaLend_exp.sol -vvv
合约

MetaLend_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1728424965257691173


20231125 TheNFTV2 - 逻辑缺陷

损失:~$19K

测试

forge test --contracts ./src/test/2023-11/TheNFTV2_exp.sol -vvv
合约

TheNFTV2_exp.sol

链接参考

https://x.com/MetaTrustAlert/status/1728616715825848377


20231122 KyberSwap - 精度损失

损失:~$48M

攻击分布在 6 个链和 17 个交易中。

每笔交易都以 KyberSwap elastic CLAMM 中的最多 5 个池为目标并耗尽。

测试

所有池的攻击都遵循与第一个相同的方案:

forge test --contracts ./src/test/2023-11/KyberSwap_exp.eth.1.sol -vvv
合约

KyberSwap_exp.eth.1.sol

链接参考

快速分析

深入分析

交易列表


20231117 Token8633_9419 - 价格操纵

损失:~$52K

测试

forge test --contracts ./src/test/2023-11/Token8633_9419_exp.sol -vvv
合约

Token8633_9419_exp.sol


20231117 ShibaToken - 业务逻辑缺陷

损失:~$31K

测试

forge test --contracts ./src/test/2023-11/ShibaToken_exp.sol -vvv
合约

ShibaToken_exp.sol


20231116 WECO - 业务逻辑缺陷

损失:~$18K

测试

forge test --contracts ./src/test/2023-11/WECO_exp.sol -vvv
合约

WECO_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1725311048625041887


20231115 EHX - 缺乏滑点控制

损失:不明确

测试

forge test --contracts ./src/test/2023-11/EHX_exp.sol -vvv
合约

EHX_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1724691996638618086


20231115 XAI - 业务逻辑缺陷

损失:不明确

测试

forge test --contracts src/test/2023-11/XAI_exp.sol -vvv
合约

XAI_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1724683082064855455


20231115 LinkDAO - 错误的 K 值验证

损失:~$30K

测试

forge test --contracts ./src/test/2023-11/LinkDao_exp.sol -vvv
合约

LinkDao_exp.sol

链接参考

https://x.com/phalcon_xyz/status/1725058908144746992


20231114 OKC 项目 - 即时奖励,已解锁

损失:~$6268

测试

forge test --contracts ./src/test/2023-11/OKC_exp.sol -vvv
合约

OKC_exp.sol

链接参考

https://lunaray.medium.com/okc-project-hack-analysis-0907312f519b


20231112 MEVBot_0x8c2d - 缺乏访问控制

损失:~$365K

测试

forge test --contracts ./src/test/2023-11/MEV_0x8c2d_exp.sol -vvv
合约

MEV_0x8c2d_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723897569661657553


20231112 MEVBot_0xa247 - 不正确的访问控制

损失:~$150K

测试

forge test --contracts ./src/test/2023-11/MEV_0xa247_exp.sol -vvv
合约

MEV_0xa247_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723591214262632562


20231111 MahaLend - 捐赠通货膨胀 ExchangeRate & 舍入误差

损失:~$20 K

测试

forge test --contracts ./src/test/2023-11/MahaLend_exp.sol -vvv

合约

MahaLend_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1723223766350832071


20231110 Raft_fi - 捐赠通货膨胀 ExchangeRate & 舍入误差

损失:~$3.2 M

测试

forge test --contracts ./src/test/2023-11/Raft_exp.sol -vvv

合约

Raft_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1723229393529835972


20231110 grok - 缺乏滑点保护

损失:~26 ETH

测试

forge test --contracts ./src/test/2023-11/grok_exp.sol -vvv
合约

grok_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1722841076120130020


20231107 RBalancer - 业务逻辑缺陷

损失:~17 ETH

测试

forge test --contracts ./src/test/2023-11/RBalancer_exp.sol -vvv --evm-version "shanghai"
合约

RBalancer_exp.sol

链接参考

https://x.com/AnciliaInc/status/1722121056083943909


20231107 MEVbot - 缺乏访问控制

损失:~$2M

测试

forge test --contracts ./src/test/2023-11/bot_exp.sol -vvv
合约

bot_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1722101942061601052


20231106 TrustPad - 缺乏 msg.sender 地址验证

损失:~$155K

测试

forge test --contracts ./src/test/2023-11/TrustPad_exp.sol  -vvv
合约

TrustPad_exp.sol

链接参考

https://twitter.com/BeosinAlert/status/1721800306101793188


20231106 KR - 精度损失

损失:~$15K

测试

forge test --contracts ./src/test/2023-11/KR_exp.sol  -vvv
合约

KR_exp.sol

链接参考

https://app.blocksec.com/explorer/tx/bsc/0x2abf871eb91d03bc8145bf2a415e79132a103ae9f2b5bbf18b8342ea9207ccd7


20231106 TheStandard_io - 缺乏滑点保护

损失:~$290K

测试

forge test --contracts ./src/test/2023-11/TheStandard_io_exp.sol -vvv
合约

TheStandard_io_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1721807569222549518

https://twitter.com/CertiKAlert/status/1721839125836321195


20231102 BRAND - 缺乏访问控制

损失:~23 WBNB

测试

forge test --contracts ./src/test/2023-11/BRAND_exp.sol  -vvv
合约

BRAND_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1720035913009709473


20231102 3913Token - 通货紧缩型代币攻击

损失:~$31354 USD$

测试

forge test --contracts ./src/test/2023-11/3913_exp.sol --evm-version 'shanghai' -vvv
合约

3913_exp.sol

链接参考

https://defimon.xyz/attack/bsc/0x8163738d6610ca32f048ee9d30f4aa1ffdb3ca1eddf95c0eba086c3e936199ed


20231101 OnyxProtocol - 精度损失漏洞

损失:~$2M

测试

forge test --contracts ./src/test/2023-11/OnyxProtocol_exp.sol --evm-version 'shanghai' -vvv
合约

OnyxProtocol_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1719697319824851051 https://defimon.xyz/attack/mainnet/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635 https://twitter.com/DecurityHQ/status/1719657969925677161


20231101 SwampFinance - 业务逻辑缺陷

损失:不明确

测试

forge test --contracts ./src/test/2023-11/SwampFinance_exp.sol -vvv
合约

SwampFinance_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1720373044517208261


20231031 UniBotRouter - 任意外部调用

损失:~$83,944 USD$

测试

forge test --contracts ./src/test/2023-10/UniBot_exp.sol --evm-version 'shanghai' -vvv
合约

UniBot_exp.sol

链接参考

https://twitter.com/PeckShieldAlert/status/1719251390319796477


20231030 LaEeb - 缺乏滑点保护

损失:~1.8 WBNB

测试

forge test --contracts ./src/test/2023-10/LaEeb_exp.sol -vvv
合约

LaEeb_exp.sol

链接参考

https://x.com/MetaSec_xyz/status/1718964562165420076


20231028 AstridProtocol - 业务逻辑缺陷

损失:~$127ETH

测试

forge test --contracts ./src/test/2023-10/Astrid_exp.sol --evm-version 'shanghai' -vvv
合约

Astrid_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1718454835966775325


20231024 MaestroRouter2 - 任意外部调用

损失:~$280ETH

测试

forge test --contracts ./src/test/2023-10/MaestroRouter2_exp.sol --evm-version 'shanghai' -vvv
合约

MaestroRouter2_exp.sol

链接参考

https://twitter.com/Phalcon_xyz/status/1717014871836098663

https://twitter.com/BeosinAlert/status/1717013965203804457


20231022 OpenLeverage - 业务逻辑缺陷

损失:~$8K

测试

forge test --contracts ./src/test/2023-10/OpenLeverage_exp.sol -vvv
合约

OpenLeverage_exp.sol

链接参考

https://defimon.xyz/exploit/bsc/0x5366c6ba729d9cf8d472500afc1a2976ac2fe9ff


20231019 kTAF - CompoundV2 通货膨胀攻击

损失:~$8K

测试

forge test --contracts ./src/test/2023-10/kTAF_exp.sol -vvv
合约

kTAF_exp.sol

链接参考

https://defimon.xyz/attack/mainnet/0x325999373f1aae98db2d89662ff1afbe0c842736f7564d16a7b52bf5c777d3a4


20231018 Hopelend - Div 精度损失

损失:~$825K

测试

forge test --contracts ./src/test/2023-10/Hopelend_exp.sol --evm-version 'shanghai' -vvv
合约

HopeLend_exp.sol

链接参考

https://twitter.com/immunefi/status/1722810650387517715

https://lunaray.medium.com/deep-dive-into-hopelend-hack-5962e8b55d3f


20231018 MicDao - 价格操纵

损失:~$13K

测试

forge test --contracts ./src/test/2023-10/MicDao_exp.sol -vvv
合约

MicDao_exp.sol

链接参考

https://twitter.com/CertiKAlert/status/1714677875427684544

https://twitter.com/ChainAegis/status/1714837519488205276


20231013 BelugaDex - 价格操纵

损失:~$175K

测试

forge test --contracts ./src/test/2023-10/BelugaDex_exp.sol -vvv
合约

BelugaDex_exp.sol

链接参考

https://twitter.com/AnciliaInc/status/1712676040471105870

https://twitter.com/CertiKAlert/status/1712707006979613097


20231013 WiseLending - 捐赠通货膨胀 ExchangeRate && 舍入误差

损失:~$260K

测试

forge test --contracts ./src/test/2023-10/WiseLending_exp.sol --evm-version 'shanghai' -vvv
合约

WiseLending_exp.sol

链接参考

https://twitter.com/bbbb/status/1712841315522638034

https://twitter.com/BlockSecTeam/status/1712871304993689709


20231012 Platypus - 业务逻辑缺陷

损失:~$2M

测试

forge test --contracts ./src/test/2023-10/Platypus03_exp.sol -vvv
合约

Platypus03_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1712445197538468298

https://twitter.com/peckshield/status/1712354198246035562


20231011 BH - 价格操纵

损失:~$1.27M

测试

forge test --contracts ./src/test/2023-10/BH_exp.sol -vvv
合约

BH_exp.sol

链接参考

https://twitter.com/BeosinAlert/status/1712139760813375973

https://twitter.com/DecurityHQ/status/1712118881425203350


20231008 ZS - 业务逻辑缺陷

损失:~$14K

测试

forge test --contracts ./src/test/202```markdown
#### 20230908 APIG - 业务逻辑缺陷

#### 损失:约 16.9 万美元

测试

forge test --contracts ./src/test/2023-09/APIG_exp.sol -vvv


##### 合约

[APIG_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/APIG_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1700128158647734745

---

#### 20230907 HCT - 价格操纵

#### 损失:约 30.5 BNB

测试

forge test --contracts ./src/test/2023-09/HCT_exp.sol -vvv


##### 合约

[HCT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HCT_exp.sol)

##### 链接参考

https://twitter.com/leovctech/status/1699775506785198499

---

#### 20230905 QuantumWN - Rebasing 逻辑问题

#### 损失:约 0.5 ETH

测试

forge test --contracts ./src/test/2023-09/QuantumWN_exp.sol -vvv


##### 合约

[QuantumWN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/QuantumWN_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 JumpFarm - Rebasing 逻辑问题

#### 损失:约 2.4 ETH

测试

forge test --contracts ./src/test/2023-09/JumpFarm_exp.sol -vvv


##### 合约

[JumpFarm_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/JumpFarm_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1699384904218202618

---

#### 20230905 HeavensGate - Rebasing 逻辑问题

#### 损失:约 8 ETH

测试

forge test --contracts ./src/test/2023-09/HeavensGate_exp.sol -vvv


##### 合约

[HeavensGate_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/HeavensGate_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xe28ca1f43036f4768776805fb50906f8172f75eba3bf1d9866bcd64361fda834

---

#### 20230905 FloorDAO - Rebasing 逻辑问题

#### 损失:约 40 ETH

测试

forge test --contracts ./src/test/2023-09/FloorDAO_exp.sol -vvv


##### 合约

[FloorDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/FloorDAO_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1698962105058361392

https://medium.com/floordao/floor-post-mortem-incident-summary-september-5-2023-e054a2d5afa4

---

#### 20230902 DAppSocial - 业务逻辑缺陷

#### 损失:约 1.6 万美元

测试

forge test --contracts ./src/test/2023-09/DAppSocial_exp.sol -vvv


##### 合约

[DAppSocial_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-09/DAppSocial_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1698064511230464310

---

#### 20230829 EAC - 价格操纵

#### 损失:约 29 BNB

测试

forge test --contracts ./src/test/2023-08/EAC_exp.sol -vvv


##### 合约

[EAC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EAC_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1696520866564350157

---

#### 20230827 Balancer - 舍入误差 && 业务逻辑缺陷

#### 损失:约 200 万美元

测试

forge test --contracts ./src/test/2023-08/Balancer_exp.sol -vvv


##### 合约

[Balancer_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Balancer_exp.sol)

##### 链接参考

https://medium.com/balancer-protocol/rate-manipulation-in-balancer-boosted-pools-technical-postmortem-53db4b642492

https://blocksecteam.medium.com/yet-another-risk-posed-by-precision-loss-an-in-depth-analysis-of-the-recent-balancer-incident-fad93a3c75d4

---

#### 20230826 SVT - 有缺陷的价格计算

#### 损失:约 40 万美元

测试

forge test --contracts ./src/test/2023-08/SVT_exp.sol -vvv


##### 合约

[SVT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/SVT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1695285435671392504?s=20

---

#### 20230824 GSS - 提取 token 余额

#### 损失:约 2.5 万美元

测试

forge test --contracts ./src/test/2023-08/GSS_exp.sol -vvv


##### 合约

[GSS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/GSS_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1694571228185723099

---

#### 20230821 EHIVE - 业务逻辑缺陷

#### 损失:约 1.5 万美元

测试

forge test --contracts ./src/test/2023-08/EHIVE_exp.sol -vvv


##### 合约

[EHIVE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EHIVE_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1693636187485872583

---

#### 20230819 BTC20 - 价格操纵

#### 损失:约 18 ETH

测试

forge test --contracts ./src/test/2023-08/BTC20_exp.sol -vvv


##### 合约

[BTC20_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/BTC20_exp.sol)

##### 链接参考

https://twitter.com/DecurityHQ/status/1692924369662513472

---

#### 20230818 ExactlyProtocol - 验证不足

#### 损失:约 700 万美元

测试

forge test --contracts ./src/test/2023-08/Exactly_exp.sol -vvv


##### 合约

[Exactly_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Exactly_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1692533280971936059

https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed

---

#### 20230814 ZunamiProtocol - 价格操纵

#### 损失:约 200 万美元

测试

forge test --contracts ./src/test/2023-08/Zunami_exp.sol --evm-version 'shanghai' -vvv


##### 合约

[Zunami_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Zunami_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1690877589005778945

https://twitter.com/BlockSecTeam/status/1690931111776358400

---

#### 20230809 EarningFram - 重入

#### 损失:约 28.6 万美元

测试

forge test --contracts ./src/test/2023-08/EarningFram_exp.sol -vvv


##### 合约

[EarningFram_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/EarningFram_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1689182459269644288

---

#### 20230802 CurveBurner - 缺乏滑点保护

#### 损失:约 3.6 万美元

测试

forge test --contracts ./src/test/2023-08/CurveBurner_exp.sol -vvv


##### 合约

[CurveBurner_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/CurveBurner_exp.sol)

##### 链接参考

https://medium.com/@Hypernative/exotic-culinary-hypernative-systems-caught-a-unique-sandwich-attack-against-curve-finance-6d58c32e436b

---

#### 20230802 Uwerx - 错误逻辑

#### 损失:约 176 ETH

测试

forge test --contracts ./src/test/2023-08/Uwerx_exp.sol -vvv


##### 合约

[Uwerx_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Uwerx_exp.sol)

##### 链接参考

https://twitter.com/deeberiroz/status/1686683788795846657

https://twitter.com/CertiKAlert/status/1686667720920625152

https://etherscan.io/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8

---

#### 20230801 NeutraFinance - 价格操纵

#### 损失:约 23 ETH

测试

forge test --contracts ./src/test/2023-08/NeutraFinance_exp.sol -vvv


##### 合约

[NeutraFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/NeutraFinance_exp.sol)

##### 链接参考

https://twitter.com/phalcon_xyz/status/1686654241111429120

---

#### 20230801 LeetSwap - 访问控制

#### 损失:约 63 万美元

测试

forge test --contracts ./src/test/2023-08/Leetswap_exp.sol -vvv


##### 合约

[Leetswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-08/Leetswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1686217464051539968

https://twitter.com/peckshield/status/1686209024587710464

---

#### 20230731 GYMNET - 验证不足

#### 损失:不明确

测试

forge test --contracts ./src/test/2023-07/GYMNET_exp.sol -vvv


##### 合约

[GYMNET_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/GYMNET_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1686605510655811584

---

#### 20230730 Curve - Vyper 编译器 Bug && 重入

#### 损失:约 4100 万美元

测试

forge test --contracts ./src/test/2023-07/Curve_exp01.sol -vvv


##### 合约

[Curve_exp01.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp01.sol) | [Curve_exp02.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Curve_exp02.sol)

##### 链接参考

https://hackmd.io/@LlamaRisk/BJzSKHNjn

---

#### 20230726 Carson - 价格操纵

#### 损失:约 15 万美元

测试

forge test --contracts ./src/test/2023-07/Carson_exp.sol -vvv


##### 合约

[Carson_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Carson_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1684393202252402688

https://twitter.com/Phalcon_xyz/status/1684503154023448583

https://twitter.com/hexagate_/status/1684475526663004160

---

#### 20230724 Palmswap - 业务逻辑缺陷

#### 损失:约 90 万美元

测试

forge test --contracts ./src/test/2023-07/Palmswap_exp.sol -vvv


##### 合约

[Palmswap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Palmswap_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1683680026766737408

---

#### 20230723 MintoFinance - 签名重放

#### 损失:约 9 千美元

测试

forge test --contracts ./src/test/2023-07/MintoFinance_exp.sol -vvv


##### 合约

[MintoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/MintoFinance_exp.sol)

##### 链接参考

https://twitter.com/bbbb/status/1683180340548890631

---

#### 20230722 Conic Finance 02 - 价格操纵

#### 损失:约 93.4 万美元

测试

forge test --contracts ./src/test/2023-07/Conic02_exp.sol --evm-version 'shanghai' -vvv


##### 合约

[Conic02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic02_exp.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/spreekaway/status/1682467603518726144

---

#### 20230721 Conic Finance - 只读重入 && 错误配置

#### 损失:约 325 万美元

测试

forge test --contracts ./src/test/2023-07/Conic_exp.sol -vvv


##### 合约

[Conic_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp.sol)|[Conic_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Conic_exp2.sol)

##### 链接参考

https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d

https://twitter.com/BlockSecTeam/status/1682356244299010049

---

#### 20230721 SUT - 业务逻辑缺陷

#### 损失:约 8 千美元

测试

forge test --contracts ./src/test/2023-07/SUT_exp.sol -vvv


##### 合约

[SUT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/SUT_exp.sol)

##### 链接参考

https://twitter.com/bulu4477/status/1682983956080377857

---

#### 20230720 Utopia - 业务逻辑缺陷

#### 损失:约 11.9 万美元

测试

forge test --contracts ./src/test/2023-07/Utopia_exp.sol -vvv


##### 合约

[Utopia_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Utopia_exp.sol)

##### 链接参考

https://twitter.com/DeDotFiSecurity/status/1681923729645871104

https://twitter.com/bulu4477/status/1682380542564769793

---

#### 20230720 FFIST - 业务逻辑缺陷

#### 损失:约 11 万美元

测试

forge test --contracts ./src/test/2023-07/FFIST_exp.sol -vvv


##### 合约

[FFIST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/FFIST_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1681869807698984961

https://twitter.com/AnciliaInc/status/1681901107940065280

---

#### 20230718 APEDAO - 业务逻辑缺陷

#### 损失:约 7 千美元

测试

forge test --contracts ./src/test/2023-07/ApeDAO_exp.sol -vvv


##### 合约

[ApeDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ApeDAO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681316257034035201

---

#### 20230718 BNO - 无效的紧急提款机制

#### 损失:约 50.5 万美元

测试

forge test --contracts ./src/test/2023-07/BNO_exp.sol -vvv


##### 合约

[BNO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/BNO_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1681116206663876610

---

#### 20230717 NewFi - 缺乏滑点保护

#### 损失:约 3.1 万美元

测试

forge test --contracts ./src/test/2023-07/NewFi_exp.sol -vvv


##### 合约

[NewFi_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/NewFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1680961588323557376

---

#### 20230715 USDTStakingContract28 - 缺乏访问控制

#### 损失:约 20999 美元

测试

forge test --contracts ./src/test/2023-07/USDTStakingContract28_exp.sol -vvv


##### 合约

[USDTStakingContract28_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/USDTStakingContract28_exp.sol)

##### 链接参考

https://x.com/DecurityHQ/status/1680117291013267456

---

#### 20230712 Platypus - 业务逻辑缺陷

#### 损失:约 5.1 万美元

测试

forge test --contracts ./src/test/2023-07/Platypus02_exp.sol -vvv


##### 合约

[Platypus02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Platypus02_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678800450303164431

---

#### 20230712 WGPT - 业务逻辑缺陷

#### 损失:约 8 万美元

测试

forge test --contracts ./src/test/2023-07/WGPT_exp.sol -vvv


##### 合约

[WGPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/WGPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1679042549946933248

https://twitter.com/BeosinAlert/status/1679028240982368261

---

#### 20230711 RodeoFinance - TWAP Oracle 操纵

#### 损失:约 88.8 万美元

测试

forge test --contracts ./src/test/2023-07/RodeoFinance_exp.sol -vvv


##### 合约

[RodeoFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/RodeoFinance_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678765773396008967

https://twitter.com/peckshield/status/1678700465587130368

https://medium.com/@Rodeo_Finance/rodeo-post-mortem-overview-f35635c14101

---

#### 20230711 Libertify - 重入

#### 损失:约 45.2 万美元

测试

forge test --contracts ./src/test/2023-07/Libertify_exp.sol -vvv


##### 合约

[Libertify_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Libertify_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1678688731908411393

https://twitter.com/Phalcon_xyz/status/1678694679767031809

---

#### 20230710 ArcadiaFi - 重入

#### 损失:约 40 万美元

测试

forge test --contracts ./src/test/2023-07/ArcadiaFi_exp.sol -vvv


##### 合约

[ArcadiaFi_exp.so](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/ArcadiaFi_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1678250590709899264

https://twitter.com/peckshield/status/1678265212770693121

---

#### 20230708 CIVNFT - 缺乏访问控制

#### 损失:约 18 万美元

测试

forge test --contracts ./src/test/2023-07/CIVNFT_exp.sol -vvv


##### 合约

[CIVNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/CIVNFT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1677722208893022210

https://news.civfund.org/civtrade-hack-analysis-9a2398a6bc2e

https://blog.solidityscan.com/civnft-hack-analysis-4ee79b8c33d1

---

#### 20230708 Civfund - 缺乏访问控制

#### 损失:约 16.5 万美元

测试

forge test --contracts ./src/test/2023-07/Civfund_exp.sol -vvv


##### 合约

[Civfund_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Civfund_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1677529544062803969

https://twitter.com/BeosinAlert/status/1677548773269213184

---

#### 20230707 LUSD - 价格操纵攻击

#### 损失:约 9464 USDT

测试

forge test --contracts ./src/test/2023-07/LUSD_exp.sol -vvv


##### 合约

[LUSD_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2023-07/LUSD_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1677391242878140417

---

#### 20230704 BambooIA - 价格操纵攻击

#### 损失:约 200 BNB

测试

forge test --contracts ./src/test/2023-07/Bamboo_exp.sol -vvv


##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bamboo_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1676220090142916611

https://twitter.com/eugenioclrc

---

#### 20230704 BaoCommunity - 捐赠通货膨胀汇率 && 舍入误差

#### 损失:约 4.6 万美元

测试

forge test --contracts ./src/test/2023-07/bao_exp.sol -vvv


##### 合约

[Bao_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/Bao_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1676224397248454657

---

#### 20230703 AzukiDAO - 无效的签名验证

#### 损失:约 6.9 万美元

测试

forge test --contracts ./src/test/2023-07/AzukiDAO_exp.sol -vvv


##### 合约

[AzukiDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-07/AzukiDAO_exp.sol)

##### 链接参考

https://twitter.com/sharkteamorg/status/1676892088930271232

---

#### 20230630 Biswap - V3Migrator 利用

#### 损失:约 7.2 万美元

测试

forge test --contracts ./src/test/2023-06/Biswap_exp.sol -vvv


##### 合约

[Biswap_exp.sol](https://github.com/Sun#### 20230615 CFC - Uniswap Skim() token balance attack (Uniswap Skim() token 余额攻击)

#### 损失:~$1.6万

测试

forge test --contracts ./src/test/2023-06/CFC_exp.sol -vvv


##### 合约

[CFC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CFC_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1669280632738906113

---

#### 20230615 DEPUSDT_LEVUSDC - 不正确的访问控制

#### 损失:~$10.5万

测试

forge test --contracts ./src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol -vvv


##### 合约

[DEPUSDT_LEVUSDC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DEPUSDT_LEVUSDC_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1669278694744150016?cxt=HHwWgMDS9Z2IvKouAAAA

---

#### 20230612 Sturdy Finance - 只读重入 (Read-Only-Reentrancy)

#### 损失:~$80万

测试

forge test --contracts ./src/test/2023-06/Sturdy_exp.sol -vvv


##### 合约

[Sturdy_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Sturdy_exp.sol)

##### 链接参考

https://sturdyfinance.medium.com/exploit-post-mortem-49261493307a

https://twitter.com/AnciliaInc/status/1668081008615325698

https://twitter.com/BlockSecTeam/status/1668084629654638592

---

#### 20230611 SellToken04 - 价格操纵

#### 损失:~$10.9万

测试

forge test --contracts ./src/test/2023-06/SELLC03_exp.sol -vvv


##### 合约

[SELLC03_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/SELLC03_exp.sol)

##### 链接参考

https://twitter.com/EoceneSecurity/status/1668468933723328513

---

#### 20230607 CompounderFinance - 通过可交换资产数量的波动来操纵资金

#### 损失:~$27,174

Testing

forge test --contracts ./src/test/2023-06/CompounderFinance_exp.sol -vvv


##### Contract

[CompounderFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/CompounderFinance_exp.sol)

##### Link Reference

https://twitter.com/numencyber/status/1666346419702362112

---

#### 20230606 VINU - 价格操纵

#### 损失:~$6千

测试

forge test --contracts ./src/test/2023-06/VINU_exp.sol -vvv


##### 合约

[VINU_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/VINU_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1666051854386511873?cxt=HHwWgoC24bPVgJ8uAAAA

---

#### 20230606 UN - 价格操纵

#### 损失:~$2.6万

测试

forge test --contracts ./src/test/2023-06/UN_exp.sol -vvv


##### 合约

[UN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/UN_exp.sol)

##### 链接参考

https://twitter.com/MetaTrustAlert/status/1667041877428932608

---

#### 20230602 NST Simple Swap - 未验证的合约,错误的授权

#### 损失:$4万

这次攻击在一个单独的交易中执行,导致从 swap 合约中盗取了价值 $40,000 美元的 USDT。

forge test --contracts ./src/test/2023-06/NST_exp.sol -vvv


##### 合约

[NST_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/NST_exp.sol)

##### 链接参考

https://discord.com/channels/1100129537603407972/1100129538056396870/1114142216923926528

---

#### 20230601 DDCoin - 闪电贷攻击和智能合约漏洞

#### 损失:~$30万

测试

forge test --contracts ./src/test/2023-06/DDCoin_exp.sol -vvv


##### 合约

[DDCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/DDCoin_exp.sol)

##### 链接参考

https://twitter.com/ImmuneBytes/status/1664239580210495489
https://twitter.com/ChainAegis/status/1664192344726581255?cxt=HHwWjsDRldmHs5guAAAA

---

#### 20230601 Cellframenet - 流动性迁移期间的计算问题

#### 损失:~$7.6万

测试

forge test --contracts ./src/test/2023-06/Cellframe_exp.sol -vvv


##### 合约

[Cellframe_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-06/Cellframe_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1664132985883615235?cxt=HHwWhoDTqceImJguAAAA

---

#### 20230531 ERC20TokenBank - 价格操纵

#### 损失:~$11.1万

测试

forge test --contracts ./src/test/2023-05/ERC20TokenBank_exp.sol -vvv


##### 合约

[ERC20TokenBank.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/ERC20TokenBank_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1663810037788311561

---

#### 20230529 Jimbo - 协议特定价格操纵

#### 损失:~$800万

测试

forge test --contracts ./src/test/2023-05/Jimbo_exp.sol -vvv


##### 合约

[Jimbo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Jimbo_exp.sol)

##### 链接参考

https://twitter.com/cryptofishx/status/1662888991446941697

https://twitter.com/yicunhui2/status/1663793958781353985

---

#### 20230529 BabyDogeCoin - 缺乏滑点保护

#### 损失:~$13.5万

测试

forge test --contracts ./src/test/2023-05/BabyDogeCoin_exp.sol -vvv


##### 合约

[BabyDogeCoin_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/BabyDogeCoin_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1662744426475831298

---

#### 20230529 FAPEN - 错误的余额检查

#### 损失:~$600

测试

forge test --contracts ./src/test/2023-05/FAPEN_exp.sol -vvv


##### 合约

[FAPEN_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/FAPEN_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501550600302601

---

#### 20230529 NOON (NO) - 函数中错误的可见性

#### 损失:~$2千

测试

forge test --contracts ./src/test/2023-05/NOON_exp.sol -vvv


##### 合约

[NOON_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NOON_exp.sol)

##### 链接参考

https://twitter.com/hexagate_/status/1663501545105702912

---

#### 20230525 GPT Token - 手续费机制漏洞 (Fee Machenism Exploitation)

#### 损失:~$4.2万

测试

forge test --contracts ./src/test/2023-05/GPT_exp.sol -vvv


##### 合约

[GPT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/GPT_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1661424685320634368

---

#### 20230524 Local Trade LCT - 闭源合约的不正确访问控制

#### 损失:~384 BNB

测试

forge test --contracts ./src/test/2023-05/LocalTrader_exp.sol -vvv


##### 合约

[LocalTrader_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader_exp.sol) | [LocalTrader2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LocalTrader2_exp.sol)

##### 链接参考

https://twitter.com/numencyber/status/1661213691893944320

---

#### 20230524 CS Token - 过时的全局变量

#### 损失:~71.4万美元

测试

forge test --contracts ./src/test/2023-05/CS_exp.sol -vvv


##### 合约

[CS_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/CS_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1661098394130198528

https://twitter.com/numencyber/status/1661207123102167041

---

#### 20230523 LFI Token - 业务逻辑缺陷

#### 损失:~3.6万美元

测试

forge test --contracts ./src/test/2023-05/LFI_exp.sol -vvv


##### 合约

[LFI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LFI_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1660767088699666433

---

#### 20230514 landNFT - 缺乏权限控制

#### 损失:149,616 $BUSD

测试

forge test --contracts ./src/test/2023-05/landNFT_exp.sol -vvv


##### 合约

[landNFT_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/landNFT_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1658000784943124480

---

#### 20230514 SellToken03 - 未经检查的用户输入

#### 损失:不明确

测试

forge test --contracts ./src/test/2023-05/SELLC02_exp.sol -vvv


##### 合约

[SELLC02_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC02_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657715018908180480

---

#### 20230513 Bitpaidio - 业务逻辑缺陷

#### 损失:~$3万

测试

forge test --contracts ./src/test/2023-05/Bitpaidio_exp.sol -vvv


##### 合约

[Bitpaidio_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Bitpaidio_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657411284076478465

---

#### 20230512 LW - 闪电贷价格操纵

#### 损失:~$5万

测试

forge test --contracts ./src/test/2023-05/LW_exp.sol -vvv


##### 合约

[LW_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/LW_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1656850634312925184

https://twitter.com/hexagate_/status/1657051084131639296

---

#### 20230513 SellToken02 - 价格操纵

#### 损失:~$19.7万

测试

forge test --contracts ./src/test/2023-05/SellToken_exp.sol -vvv


##### 合约

[SellToken_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SellToken_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1657324561577435136

---

#### 20230511 SellToken01 - 业务逻辑缺陷

#### 损失:~$9.5万

测试

forge test --contracts ./src/test/2023-05/SELLC_exp.sol -vvv


##### 合约

[SELLC_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SELLC_exp.sol)

##### 链接参考

https://twitter.com/AnciliaInc/status/1656337400329834496

https://twitter.com/AnciliaInc/status/1656341587054702598

---

#### 20230510 SNK - 奖励计算错误

#### 损失:~$19.7万

测试

forge test --contracts ./src/test/2023-05/SNK_exp.sol -vvv


##### 合约

[SNK_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/SNK_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1656176776425644032

---

#### 20230509 MCC - 反射 token (Reflection token)

#### 损失:~$10 ETH

测试

forge test --contracts ./src/test/2023-05/MultiChainCapital_exp.sol -vvv


##### 合约

[MultiChainCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/MultiChainCapital_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1655846558762692608

---

#### 20230509 HODL - 反射 token (Reflection token)

#### 损失:~$2.3 ETH

测试

forge test --contracts ./src/test/2023-05/HODLCapital_exp.sol -vvv


##### 合约

[HODLCapital_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/HODLCapital_exp.sol)

##### 链接参考

https://explorer.phalcon.xyz/tx/eth/0xedc214a62ff6fd764200ddaa8ceae54f842279eadab80900be5f29d0b75212df

https://x.com/numencyber/status/1655825767392247808

---

#### 20230506 Melo - 访问控制

#### 损失:~$9万

测试

forge test --contracts ./src/test/2023-05/Melo_exp.sol -vvv


##### 合约

[Melo_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Melo_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1654667621139349505

---

#### 20230505 DEI - 错误的实现

##### 损失:~540万美元 USDC

测试

forge test --contracts ./src/test/2023-05/DEI_exp.sol -vvv


##### 合约

[DEI_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/DEI_exp.sol)

##### 链接参考

https://twitter.com/eugenioclrc/status/1654576296507088906

---

#### 20230503 NeverFall - 价格操纵

#### 损失:~7.4万

测试

forge test --contracts ./src/test/2023-05/NeverFall_exp.sol -vvv


##### 合约

[NeverFall_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/NeverFall_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1653619782317662211

---

#### 20230502 Level - 业务逻辑缺陷

#### 损失:~$100万

测试

forge test --contracts ./src/test/2023-05/Level_exp.sol -vvv


##### 合约

[Level_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-05/Level_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1653149493133729794

https://twitter.com/BlockSecTeam/status/1653267431127920641

---

#### 20230428 0vix - 闪电贷价格操纵

#### 损失:~$200万

测试

forge test --contracts ./src/test/2023-04/0vix_exp.sol -vvv


##### 合约

[0vix_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/0vix_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1651932529874853888

https://twitter.com/peckshield/status/1651923235603361793

https://twitter.com/Mudit__Gupta/status/1651958883634536448

---

#### 20230427 Silo finance - 业务逻辑缺陷

#### 损失:无

测试

forge test --contracts ./src/test/2023-04/silo_finance_exp.sol -vvv


##### 合约

[silo_finance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/silo_finance_exp.sol)

##### 链接参考

https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a

---

#### 20230424 Axioma - 业务逻辑缺陷

#### 损失:~21 WBNB

测试

forge test --contracts ./src/test/2023-04/Axioma_exp.sol -vvv


##### 合约

[Axioma_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Axioma_exp.sol)

##### 链接参考

https://twitter.com/HypernativeLabs/status/1650382589847302145

---

#### 20230419 OLIFE - 反射 token (Reflection token)

#### 损失:~32 WBNB

测试

forge test --contracts ./src/test/2023-04/OLIFE_exp.sol -vvv


##### 合约

[OLIFE_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/OLIFE_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1648520494516420608

---

#### 20230416 Swapos V2 - 错误的 k 值攻击

#### 损失:~$46.8万

测试

forge test --contracts ./src/test/2023-04/Swapos_exp.sol -vvv


##### 合约

[Swapos_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Swapos_exp.sol)

##### 链接参考

https://twitter.com/CertiKAlert/status/1647530789947469825

https://twitter.com/BeosinAlert/status/1647552192243728385

---

#### 20230415 HundredFinance - 捐赠通货膨胀汇率 (Donate Inflation ExchangeRate) && 舍入误差 (Rounding Error)

#### 损失:$700万

测试

forge test --contracts ./src/test/2023-04/HundredFinance_2_exp.sol -vvv


##### 合约

[HundredFinance_2_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/HundredFinance_2_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1647307128267476992

https://twitter.com/danielvf/status/1647329491788677121

https://twitter.com/hexagate_/status/1647334970258608131

https://blog.hundred.finance/15-04-23-hundred-finance-hack-post-mortem-d895b618cf33

---

#### 20230413 yearnFinance - 错误配置

#### 损失:$1160万

测试

forge test --contracts ./src/test/2023-04/YearnFinance_exp.sol -vvv


##### 合约

[YearnFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/YearnFinance_exp.sol)

##### 链接参考

https://twitter.com/cmichelio/status/1646422861219807233

https://twitter.com/BeosinAlert/status/1646481687445114881

---

#### 20230412 MetaPoint - 不受限制的授权

#### 损失:$82万(2500BNB)

测试

forge test --contracts ./src/test/2023-04/MetaPoint_exp.sol -vvv


##### 合约

[MetaPoint_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/MetaPoint_exp.sol)

##### 链接参考

https://twitter.com/PeckShieldAlert/status/1645980197987192833

https://twitter.com/Phalcon_xyz/status/1645963327502204929

---

#### 20230411 Paribus - 重入

#### 损失:$10万

测试

forge test --contracts ./src/test/2023-04/Paribus_exp.sol -vvv


##### 合约

[Paribus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Paribus_exp.sol)

##### 链接参考

https://twitter.com/Phalcon_xyz/status/1645742620897955842

https://twitter.com/BlockSecTeam/status/1645744655357575170

https://twitter.com/peckshield/status/1645742296904929280

---

#### 20230409 SushiSwap - 未经检查的用户输入

#### 损失:>$330万

测试

forge test --contracts ./src/test/2023-04/Sushi_Router_exp.sol -vvv


##### 合约

[Sushi_Router_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sushi_Router_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1644907207530774530

https://twitter.com/SlowMist_Team/status/1644936375924584449

https://twitter.com/AnciliaInc/status/1644925421006520320

---

#### 20230405 Sentiment - 只读重入 (Read-Only-Reentrancy)

#### 损失:$100万

测试

forge test --contracts ./src/test/2023-04/Sentiment_exp.sol -vvv


##### 合约

[Sentiment_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Sentiment_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1643417467879059456

https://twitter.com/spreekaway/status/1643313471180644360

https://medium.com/coinmonks/theoretical-practical-balancer-and-read-only-reentrancy-part-1-d6a21792066c

---

#### 20230402 Allbridge - 闪电贷价格操纵

#### 损失:$55万

测试

forge test --contracts ./src/test/2023-04/Allbridge_exp.sol -vvv


##### 合约

[Allbrideg_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp.sol) | [Allbrideg_exp2.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-04/Allbridge_exp2.sol)

##### 链接参考

https://twitter.com/peckshield/status/1642356701100916736

https://twitter.com/BeosinAlert/status/1642372700726505473

---

#### 20230328 SafeMoon Hack - 访问控制

#### 损失:$890万

测试

forge test --contracts ./src/test/2023-03/safeMoon_exp.sol -vvv


##### 合约

[safeMoon_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-03/safeMoon_exp.sol)

##### 链接参考

https://twitter.com/zokyo_io/status/164101452[DYNA_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/DYNA_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1628319536117153794

https://twitter.com/BeosinAlert/status/1628301635834486784

---

#### 20230218 - RevertFinance - 任意外部调用漏洞

#### 损失: ~$3万

测试

forge test --contracts ./src/test/2023-02/RevertFinance_exp.sol -vvv


##### 合约

[RevertFinance_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/RevertFinance_exp.sol)

##### 链接参考

https://mirror.xyz/revertfinance.eth/3sdpQ3v9vEKiOjaHXUi3TdEfhleAXXlAEWeODrRHJtU

---

#### 20230217 - Starlink - 业务逻辑缺陷

#### 损失: ~$1.2万

测试

forge test --contracts ./src/test/2023-02/Starlink_exp.sol -vvv


##### 合约

[Starlink_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Starlink_exp.sol)

##### 链接参考

https://twitter.com/NumenAlert/status/1626447469361102850

https://twitter.com/bbbb/status/1626392605264351235

---

#### 20230217 - Dexible - 任意外部调用漏洞

#### 损失: ~$150万

测试

forge test --contracts src/test/2023-02/Dexible_exp.sol -vvv


##### 合约

[Dexible_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Dexible_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626493024879673344

https://twitter.com/MevRefund/status/1626450002254958592

---

#### 20230217 - Platypusdefi - 业务逻辑缺陷

#### 损失: ~$850万

测试

forge test --contracts src/test/2023-02/Platypus_exp.sol -vvv


##### 合约

[Platypus_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Platypus_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1626367531480125440

https://twitter.com/spreekaway/status/1626319585040338953

---

#### 20230210 - Sheep - 反射代币

#### 损失: ~$3千

测试

forge test --contracts src/test/2023-02/Sheep_exp.sol -vvv


##### 合约

[Sheep_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Sheep_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1623999717482045440

https://twitter.com/BlockSecTeam/status/1624077078852210691

---

#### 20230210 - dForce - 只读重入

#### 损失: ~$365万

测试

forge test --contracts ./src/test/2023-02/dForce_exp.sol -vvv


##### 合约

[dForce_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/dForce_exp.sol)

##### 链接参考

https://twitter.com/SlowMist_Team/status/1623956763598000129

https://twitter.com/BlockSecTeam/status/1623901011680333824

https://twitter.com/peckshield/status/1623910257033617408

---

#### 20230207 - CowSwap - 任意外部调用漏洞

#### 损失: ~$12万

测试

forge test --contracts ./src/test/2023-02/CowSwap_exp.sol -vvv


##### 合约

[CowSwap_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/CowSwap_exp.sol)

##### 链接参考

https://twitter.com/MevRefund/status/1622793836291407873

https://twitter.com/peckshield/status/1622801412727148544

---

#### 20230206 - FDP - 反射代币

#### 损失: ~16 WBNB

测试

forge test --contracts src/test/2023-02/FDP_exp.sol -vv


##### 合约

[FDP_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/FDP_exp.sol)

##### 链接参考

https://twitter.com/BeosinAlert/status/1622806011269771266

---

#### 20230203 - Spherax USDs - 余额重新计算错误

#### 损失: ~30.9万 USDs (稳定币)

测试

forge test --contracts ./src/test/2023-02/USDs_exp.sol -vv


##### 合约

[USDs_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/USDs_exp.sol)

##### 链接参考

https://twitter.com/danielvf/status/1621965412832350208

https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c

---

#### 20230203 - Orion Protocol - 重入

#### 损失: $300万

测试

forge test --contracts ./src/test/2023-02/Orion_exp.sol -vvv


##### 合约

[Orion_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/Orion_exp.sol)

##### 链接参考

https://twitter.com/peckshield/status/1621337925228306433

https://twitter.com/BlockSecTeam/status/1621263393054420992

https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/

---

#### 20230202 - BonqDAO - 价格预言机操纵

#### 损失: BEUR 稳定币和 ALBT 代币 (~8800万美元)

测试

forge test --contracts ./src/test/2023-02/BonqDAO_exp.sol -vv


##### 合约

[BonqDAO_exp.sol](https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/src/test/2023-02/BonqDAO_exp.sol)

##### 链接参考

https://twitter.com/BlockSecTeam/status/1621043757390123008

https://twitter.com/SlowMist_Team/status/1621087651158966274

---

#### 20230130 - BEVO - 反射代币

#### 损失: 144 BNB

测试

```sh
forge test --contracts ./src/test/2023-01/BEVO_exp.sol -vvv
合约

BEVO_exp.sol

链接参考

https://twitter.com/QuillAudits/status/1620377951836708865


20230126 - TINU - 反射代币

损失: 22 ETH

测试

forge test --contracts ./src/test/2023-01/TINU_exp.sol -vv
合约

TINU_exp.sol

链接参考

https://twitter.com/libevm/status/1618718156343873536


20230119 - SHOCO - 反射代币

损失: ~4ETH

测试

forge test --contracts ./src/test/2023-01/SHOCO_exp.sol -vvvgit
合约

SHOCO_exp.sol

链接参考

https://github.com/Autosaida/DeFiHackAnalysis/blob/master/analysis/230119_SHOCO.md


20230119 - ThoreumFinance - 业务逻辑缺陷

损失: ~2000 BNB

测试

forge test --contracts ./src/test/2023-01/ThoreumFinance_exp.sol -vvv
合约

ThoreumFinance_exp.sol

链接参考

https://bscscan.com/tx/0x3fe3a1883f0ae263a260f7d3e9b462468f4f83c2c88bb89d1dee5d7d24262b51 https://twitter.com/AnciliaInc/status/1615944396134043648


20230118 - QTNToken - 业务逻辑缺陷

损失: ~2ETH

测试

forge test --contracts ./src/test/2023-01/QTN_exp.sol -vvv
合约

QTN_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1615625901739511809


20230118 - UPSToken - 业务逻辑缺陷

损失: ~22 ETH

测试

forge test --contracts ./src/test/2023-01/Upswing_exp.sol -vvv
合约

Upswing_exp.sol

链接参考

https://etherscan.io/tx/0x4b3df6e9c68ae482c71a02832f7f599ff58ff877ec05fed0abd95b31d2d7d912 https://twitter.com/QuillAudits/status/1615634917802807297


20230117 - OmniEstate - 无输入参数检查

损失: $7万 (236 BNB)

测试

forge test --contracts ./src/test/2023-01/OmniEstate_exp.sol -vvv
合约

OmniEstate_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1615232012834705408


20230116 - MidasCapital - 只读重入

损失: $65万

测试

forge test --contracts ./src/test/2023-01/Midas_exp.sol -vvv
合约

Midas_exp.sol

链接参考

https://twitter.com/peckshield/status/1614774855999844352

https://twitter.com/BlockSecTeam/status/1614864084956254209


20230111 - UFDao - 不正确的参数设置

损失: $9万

测试

forge test --contracts ./src/test/2023-01/UFDao_exp.sol -vvv
合约

UFDao_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1613507804412940289


20230111 - RoeFinance - 闪电贷价格操纵

损失: $8万

测试

forge test --contracts ./src/test/2023-01/RoeFinance_exp.sol -vvv
合约

RoeFinance_exp.sol

链接参考

https://twitter.com/BlockSecTeam/status/1613267000913960976


20230110 - BRA - 业务逻辑缺陷

损失: 819 BNB (~22.4万美元)

测试

forge test --contracts ./src/test/2023-01/BRA_exp.sol -vvv
合约

BRA_exp.sol

链接参考

https://twitter.com/CertiKAlert/status/1612674916070858753

https://twitter.com/BlockSecTeam/status/1612701106982862849


20230103 - GDS - 业务逻辑缺陷

损失: $18万

测试

forge test --contracts ./src/test/2023-01/GDS_exp.sol -vvv
合约

GDS_exp.sol

链接参考

https://twitter.com/peckshield/status/1610095490368180224

https://twitter.com/BlockSecTeam/status/1610167174978760704

  • 原文链接: github.com/SunWeb3Sec/De...
  • 登链社区 AI 助手,为大家转译优秀英文文章,如有翻译不通的地方,还请包涵~
点赞 0
收藏 0
分享
本文参与登链社区写作激励计划 ,好文好收益,欢迎正在阅读的你也加入。

0 条评论

请先 登录 后评论
SunWeb3Sec
SunWeb3Sec
江湖只有他的大名,没有他的介绍。