Note: Also check our Compiled List of Solidity Vulnerabilities.
When things go wrong with the development, testing and auditing processes, vulnerable contracts are deployed to mainnet and go into production.
These vulnerabilities are then either found by the good hackers and the project is patched, or they are exploited by the bad hackers and the project crashes. Sometimes weird things happen, when the definitions of good, bad, and crash are not very clear.
But this is how we learn. Things go wrong and then we figure out ways to make it better next time. It's a very interesting cycle, full of drama and epic moments that we will always remember.
In here we would like to make a list of the post-mortems that describe why things went wrong. We are not in a hurry, so this will be a wiki post to which we can all contribute and complete over time. Let's start...
202105
Mushroom Finance sandwich to manipulate yield
Mushroom Finance provides vaults with strategies to profit from yield farming. Before the harvest transaction occurs, it can be sandwiched to manipulate the Uniswap price before, and return it afterwards, earning a portion of the Mushroom harvest. The harvest transaction is now being run more frequently, to make it unprofitable to pay miners for including the sandwich transactions.
Published on May 20th, 2021.
Fei Uniswap price manipulation with flash loan
FEI is a stable coin. When the price increases, newly minted FEI can be purchased for ETH, which is scrowed in the protocol bonding curve. Then this ETH was deposited by a keeper in the ETH-FEI Uniswap pair. An attacker could take a flash loan to drive up the ETH-FEI spot price in Uniswap, purchase FEI from the bonding curve, trigger the ETH deposit as liquidity in Uniswap, and finally sell the FEI received at an elevated price.
After the fix, the ETH from the bonding curve is sent to the reserve stabilizer rather than the ETH-FEI Uniswap pool. And it won't mint any liquidity at a price significantly different from the oracle price of ETH.
Published on May 13th, 2021.
202102
ArmorFi
ArmorFi provides insurance for DeFi protocols. When withdrawing the amount agreed by the coverage policy, the amount returned is in wei but was treated as ether by mistake, converting it to wei again and returning 10^18 times more wei than it should.
Published on February 2nd, 2021.
Tellor upgrade
202008
Harvest flash loan
202006
non-standard ERC20 deflationary tokens on Balancer
Bancor public safeTransferFrom function
Argent recovery without guardians
202004
Etheroll fork manipulation
https://www.reddit.com/r/etheroll/comments/g7zrvz/contract_is_currently_in_lockdown_mode_all_funds/
Hedgic wrong loop
sUSD pool contract vulnerability
ERC777 Reentrancy exploit in Uniswap and Lendf.me
202003
Hegic DAI liquidity pool exploit
Aragon bugs in Jurors Registry and Dispute Manager
https://blog.aragon.one/aragon-court-v1-upgrades/
202002
Authereum Metatransactions Order
Published on February 18th, 2020.
Fulcrum Flash Loan and Oracle Manipulation
Published on February 17th, 2020.
202001
Curve Finance exchange of the same asset
https://blog.curve.fi/vulnerability-disclosure/
ENS shady transfer
201912
Synthetix Reentrancy in Withdrawals
https://www.certora.com/blog/reentrancy.html
201910
Cheeze Wizards Timeout
201909
DDEX and bZx Exchange Price Manipulation
ENS Short Domains Auction
201908
MakerDao Auction Lack of Validation
201907
Livepeer Slashing Vulnerability
Published on July 29th, 2019.
0x Invalid Signatures
Published on July 13th, 2019.
- Official announcement by 0x.
- Post-mortem by 0x.
- Explanation of the issue by samczsun.
- Post-mortem by ConsenSys Dilligence, auditors of the vulnerable code.
Edgeware Lockdrop Denial of Service
The Edgeware project plans to give away their EDG tokens in exchange for locked ether or a signal of interest by ether holders. There was a bug in the contract that allowed people to deposit ether to a future lock contract and bring the lockdrop to a halt. The bug was patched and a new lockdrop contract was deployed. No funds were at risk.
Found and responsibly disclosed by Neil McLaren. Published on July 1st, 2019.
201906
Synthetix oracle incident
201905
MakerDAO’s Governance Vulnerability
Published on May 6th, 2019.
201902
Genesis Alpha DAO Untrusted Repeated Calls
201810
SpankChain Reentrancy Issue in Payment Channels
Published on October 8th, 2018.
201802
PoWH Coin Ponzi Scheme Overflow
Published on February 1st, 2018
201711
Parity Multi-Sig Library Self-Destruct
Published on November 8th, 2017.
201708
Bancor Front-running
Published on August 17th, 2017.
201707
Parity Multi-Sig Unguarded Reset Ownership
Published on July 21th, 2017.
- Official announcement by Parity.
- Post-mortem by Parity.
- Explanation of the issue by Santiago Palladino.
- Explanation of the issue by Lorenz Breidenbach.
201606
The DAO Reentrancy Hack
Published on June 17th, 2016.
- Official announcement by the Ethereum Foundation.
- Explanation of the issue by Phil Daian.
- 15 lines of code that could have prevented TheDAO Hack by Manuel Araoz.
201604
GovernMental Denial of Servie
Published on April 26th, 2016.
201602
King of the Ether Unchecked Return Value
King of Ether is a game, or maybe a scam, to send increasing amounts of ether in order to take over the throne. The dethroned king is supposed to get some ether back. There was a bug because in some cases the amount of gas used to send the ether was not enough. In those cases the transfer failed, the system kept the ether, the king was dethroned anyway, and the game continued.
Published on February 20th, 2016.
Other classifications of vulnerabilities
- Compiled list of solidity vulnerabilities, by @fasteater from OpenZeppelin.
- Solidity Security: Comprehensive list of known attack vectors and common anti-patterns, by Sigma Prime.
- Smart Contract Weakness Classification and Test Cases, by the Mythril team.