List of Ethereum Smart Contracts Post-Mortems

Note: Also check our Compiled List of Solidity Vulnerabilities.

When things go wrong with the development, testing and auditing processes, vulnerable contracts are deployed to mainnet and go into production.
These vulnerabilities are then either found by the good hackers and the project is patched, or they are exploited by the bad hackers and the project crashes. Sometimes weird things happen, when the definitions of good, bad, and crash are not very clear.

But this is how we learn. Things go wrong and then we figure out ways to make it better next time. It's a very interesting cycle, full of drama and epic moments that we will always remember.

In here we would like to make a list of the post-mortems that describe why things went wrong. We are not in a hurry, so this will be a wiki post to which we can all contribute and complete over time. Let's start...

202105

Mushroom Finance sandwich to manipulate yield

Mushroom Finance provides vaults with strategies to profit from yield farming. Before the harvest transaction occurs, it can be sandwiched to manipulate the Uniswap price before, and return it afterwards, earning a portion of the Mushroom harvest. The harvest transaction is now being run more frequently, to make it unprofitable to pay miners for including the sandwich transactions.

Published on May 20th, 2021.

Fei Uniswap price manipulation with flash loan

FEI is a stable coin. When the price increases, newly minted FEI can be purchased for ETH, which is scrowed in the protocol bonding curve. Then this ETH was deposited by a keeper in the ETH-FEI Uniswap pair. An attacker could take a flash loan to drive up the ETH-FEI spot price in Uniswap, purchase FEI from the bonding curve, trigger the ETH deposit as liquidity in Uniswap, and finally sell the FEI received at an elevated price.
After the fix, the ETH from the bonding curve is sent to the reserve stabilizer rather than the ETH-FEI Uniswap pool. And it won't mint any liquidity at a price significantly different from the oracle price of ETH.

Published on May 13th, 2021.

202102

ArmorFi

ArmorFi provides insurance for DeFi protocols. When withdrawing the amount agreed by the coverage policy, the amount returned is in wei but was treated as ether by mistake, converting it to wei again and returning 10^18 times more wei than it should.

Published on February 2nd, 2021.

Tellor upgrade

202008

Harvest flash loan

202006

non-standard ERC20 deflationary tokens on Balancer

Bancor public safeTransferFrom function

Argent recovery without guardians

202004

Etheroll fork manipulation

https://www.reddit.com/r/etheroll/comments/g7zrvz/contract_is_currently_in_lockdown_mode_all_funds/

Hedgic wrong loop

https://medium.com/@molly.wintermute/post-mortem-hegic-unlock-function-bug-or-three-defi-development-mistakesthat-i-feel-sorry-about-5a23a7197bce

sUSD pool contract vulnerability

ERC777 Reentrancy exploit in Uniswap and Lendf.me

202003

Hegic DAI liquidity pool exploit

Aragon bugs in Jurors Registry and Dispute Manager

https://blog.aragon.one/aragon-court-v1-upgrades/

202002

Authereum Metatransactions Order

Published on February 18th, 2020.

Fulcrum Flash Loan and Oracle Manipulation

Published on February 17th, 2020.

202001

Curve Finance exchange of the same asset

https://blog.curve.fi/vulnerability-disclosure/

ENS shady transfer

201912

Synthetix Reentrancy in Withdrawals

https://www.certora.com/blog/reentrancy.html

201910

Cheeze Wizards Timeout

201909

DDEX and bZx Exchange Price Manipulation

ENS Short Domains Auction

201908

MakerDao Auction Lack of Validation

201907

Livepeer Slashing Vulnerability

Published on July 29th, 2019.

0x Invalid Signatures

Published on July 13th, 2019.

Edgeware Lockdrop Denial of Service

The Edgeware project plans to give away their EDG tokens in exchange for locked ether or a signal of interest by ether holders. There was a bug in the contract that allowed people to deposit ether to a future lock contract and bring the lockdrop to a halt. The bug was patched and a new lockdrop contract was deployed. No funds were at risk.
Found and responsibly disclosed by Neil McLaren. Published on July 1st, 2019.

201906

Synthetix oracle incident

201905

MakerDAO’s Governance Vulnerability

Published on May 6th, 2019.

201902

Genesis Alpha DAO Untrusted Repeated Calls

201810

SpankChain Reentrancy Issue in Payment Channels

Published on October 8th, 2018.

201802

PoWH Coin Ponzi Scheme Overflow

Published on February 1st, 2018

201711

Parity Multi-Sig Library Self-Destruct

Published on November 8th, 2017.

201708

Bancor Front-running

Published on August 17th, 2017.

201707

Parity Multi-Sig Unguarded Reset Ownership

Published on July 21th, 2017.

201606

The DAO Reentrancy Hack

Published on June 17th, 2016.

201604

GovernMental Denial of Servie

Published on April 26th, 2016.

201602

King of the Ether Unchecked Return Value

King of Ether is a game, or maybe a scam, to send increasing amounts of ether in order to take over the throne. The dethroned king is supposed to get some ether back. There was a bug because in some cases the amount of gas used to send the ether was not enough. In those cases the transfer failed, the system kept the ether, the king was dethroned anyway, and the game continued.

Published on February 20th, 2016.


Other classifications of vulnerabilities

8 Likes