Exploits

1nf0s3cpt has created an awesome repo of reproducable exploits that includes 124 incidents. This PoCs are made with Foundry.

You can access them here:

• https://github.com/SunWeb3Sec/DeFiHackLabs

Getting Started

• Follow the instructions to install Foundry.

• Clone and install dependencies:git submodule update --init --recursive

List of DeFi Hacks & Exploits

2022

NUM

AUR

SDAO

AnnexFinance

UEarnPool

SheepFram

DFXFinance

brahTOPG

MooCAKECTX

BDEX

VTF

Team Finance

N00d Token

ULME

MulticallWithoutCheck

OlympusDAO

HEALTH Token

BEGO Token

HPAY

PLTD Token

Uerii Token

INUKO Token

EFLeverVault

MEVBOT a47b

ATK

Rabby Wallet SwapRouter

Templedao

Carrot

Xave Finance

RES-Token

Transit Swap

BabySwap

RL

Thunder Brawl

BXH

MEVBOT Badc0de

RADT-DAO

MevBot Private TX

DPC

YYDS

NewFreeDAO

Ragnarok Online Invasion

NXUSD

ZoomproFinance

ShadowFi

Bad Guys by RPF

LuckeyTiger NFT

XSTABLE Protocol

ANCH

EGD Finance

Nomad Bridge

Reaper Farm

LPC

Audius

SpaceGodzilla

Omni NFT

FlippazOne NFT

Quixotic - Optimism NFT Marketplace

XCarnival

Harmony's Horizon Bridge

SNOOD

InverseFinance

GYMNetwork

Optimism - Wintermute

Discover

NOVO Protocol

HackDao

ApeCoin

Fortress Loans

Rari Capital/Fei Protocol

DEUS DAO

Wiener DOGE

Akutar NFT

Zeed Finance

BeanstalkFarms

Rikkei Finance

ElephantMoney

GYMNetwork

Ronin Network

Redacted Cartel

Revest Finance

Auctus

CompoundTUSDSweepTokenBypass

OneRing Finance

LI.FI

Umbrella Network

Hundred Finance

Paraluni

Fantasm Finance

Bacon Protocol

TreasureDAO

BuildFinance - DAO

Sandbox LAND

Meter

Qubit Finance

Multichain (Anyswap)

2021

Visor Finance

Grim Finance

MonoX Finance

Cream Finance

SushiSwap Miso

Nimbus Platform

NowSwap Platform

ZABU Finance

DAO Maker

Cream Finance

XSURGE

Poly Network

WaultFinance

Levyathan Finance

Chainswap

Chainswap

SafeDollar

Eleven Finance

88mph NFT

PancakeHunny

PancakeBunny

Uranium

DODO

2020

Cover Protocol

Pickle Finance

Harvest Finance

Bancor Protocol

2018

20180422 Beauty Chain

2017

20171106 Parity - 'Accidentally Killed It'

---

Transaction debugging tools

Phalcon | Tx.viewer | Cruise |Ethtx | Tenderly

Ethereum Signature Database

4byte | sig.eth | etherface

Useful tools

ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder

Hacks Dashboard

Slowmist | Defillama | Defiyield | Rekt | Cryptosec

Link reference

https://elementus.io/blog/which-icos-are-affected-by-the-parity-wallet-bug/

https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9

https://etherscan.io/tx/0x47f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690

View Gas Reports

Foundry also has the ability to report the gas used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.

Every poc in this repository can produce a gas report like this:

forge test --gas-report --contracts <contract> -vvv

For Example: Let us find out the gas used in the Audius poc

Execution

forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv 

Demo

Bug Reproduce

• DeFiVulnLabs

FlashLoan Testing

• DeFiLabs

Solana PoC Framework

Neodyme Labs has made a framework for creating PoC's for Solana Smart Contracts.

You can access it here:

• https://github.com/neodyme-labs/solana-poc-framework