List of Ethereum Smart Contracts Post-Mortems

Note: Also check our Compiled List of Solidity Vulnerabilities.

When things go wrong with the development, testing and auditing processes, vulnerable contracts are deployed to mainnet and go into production.
These vulnerabilities are then either found by the good hackers and the project is patched, or they are exploited by the bad hackers and the project crashes. Sometimes weird things happen, when the definitions of good, bad, and crash are not very clear.

But this is how we learn. Things go wrong and then we figure out ways to make it better next time. It’s a very interesting cycle, full of drama and epic moments that we will always remember.

In here we would like to make a list of the post-mortems that describe why things went wrong. We are not in a hurry, so this will be a wiki post to which we can all contribute and complete over time. Let’s start…

201909

ENS Short Domains Auction

201908

MakerDao Auction Lack of Validation

201907

Livepeer Slashing Vulnerability

Published on July 29th, 2019.

0x Invalid Signatures

Published on July 13th, 2019.

Edgeware Lockdrop Denial of Service

The Edgeware project plans to give away their EDG tokens in exchange for locked ether or a signal of interest by ether holders. There was a bug in the contract that allowed people to deposit ether to a future lock contract and bring the lockdrop to a halt. The bug was patched and a new lockdrop contract was deployed. No funds were at risk.
Found and responsibly disclosed by Neil McLaren. Published on July 1st, 2019.

201905

MakerDAO’s Governance Vulnerability

Published on May 6th, 2019.

201902

Genesis Alpha DAO Untrusted Repeated Calls


201810

SpankChain Reentrancy Issue in Payment Channels

Published on October 8th, 2018.

201802

PoWH Coin Ponzi Scheme Overflow

Published on February 1st, 2018

201711

Parity Multi-Sig Library Self-Destruct

Published on November 8th, 2017.

201708

Bancor Front-running

Published on August 17th, 2017.

201707

Parity Multi-Sig Unguarded Reset Ownership

Published on July 21th, 2017.

201606

The DAO Reentrancy Hack

Published on June 17th, 2016.

201604

GovernMental Denial of Servie

Published on April 26th, 2016.

201602

King of the Ether Unchecked Return Value

Published on February 20th, 2016.


Other classifications of vulnerabilities

3 Likes