Learn Real Smart Contract Security
45
Real Attacks Reproduced
1.8B+
In Total Value Hacked
8
EVM Chains Covered
14
Vulnerability Categories
- Sep 3, 2021
ethereum DAO maker
Exploiting unprotected initialization to become contract owner
access control$4.0M total losses
Explore → - Aug 10, 2021 ethereum
Punk Protocol Re-initialize
Taking control by re-initializing proxy contracts
access control reinitialization$8.9M total losses
Explore → - Apr 15, 2021
binance smart chain Rikkei Oracle Replace
Setting malicious price oracles through unprotected functions
access control$1.0M total losses
Explore → - Feb 8, 2022 ethereum
Sandbox Public Burn
Destroying anyone's NFTs through flawed burn logic
access controlNo losses reported
Explore → - Oct 11, 2022 ethereum
TempleDAO Spoof Old Staking Contract
Spoofing migration contracts to steal staked tokens
access control$2.3M total losses
Explore → - Sep 2, 2022 ethereum
Bad Guys NFT
Claiming unlimited NFTs through unvalidated mint amounts
data validationNo losses reported
Explore → - Oct 21, 2022 ethereum
Bond Olympus DAO
Exploiting arbitrary token parameters in redemption functions
data validation$300.0K total losses
Explore → - Nov 29, 2022 binance smart chain
MBC Token
Manipulating token prices through public liquidity functions
access control$5.0K total losses
Explore → - Sep 16, 2025 ethereum
LyraDepositWrapper
Missing validation on zero-amount deposit and arbitrary socketVault allows unauthorized fund approval and transfer.
data validation bridges$1.0M total losses
Explore → - Mar 5, 2025 ethereum
1inch Calldata Corruption
Exploiting Yul assembly calldata corruption via integer underflow to hijack resolver callbacks and drain funds
business logic data validation arithmetic$5.0M total losses
Explore → - Feb 8, 2022
polygon Superfluid
Forging transaction contexts to impersonate any user
data validationNo losses reported
Explore → - Sep 19, 2022 ethereum
Arbitrum Inbox
Exploiting reinitialization vulnerability in bridge upgrade process
access control bridges reinitialization$400.0K total losses
Explore → - Jan 19, 2022 ethereum
AnySwap Permit Attack
Draining user funds via malicious token contracts
data validation$960.0K total losses
Explore → - Aug 1, 2022 ethereum
moonbeam Nomad Bridge
Processing arbitrary messages through faulty validation logic
bridges data validation$190.0M total losses
Explore → - Mar 23, 2022 ethereum
Ronin Bridge
Compromising validator keys to authorize malicious withdrawals
bridges leaked keys$624.0M total losses
Explore → - Feb 24, 2022 ethereum
Wormhole Bridge
Bypassing signature verification through uninitialized implementation contracts
bridges access control reinitialization$10.0M total losses
Explore → - Aug 30, 2021 ethereum
Cream Finance
Bypassing reentrancy guards through cross-contract token hooks
reentrancy$18.0M total losses
Explore → - Nov 10, 2022 ethereum
DFX Finance
Exploiting flash loan callbacks to manipulate balance checks
reentrancy$6.0M total losses
Explore → - Mar 15, 2022
gnosis chain Hundred Finance
Draining lending pools via ERC667 token hook reentrancy
reentrancy$6.0M total losses
Explore → - Apr 30, 2022 ethereum
Fei Protocol
Cross-function reentrancy through lending protocol token transfers
reentrancy$80.0M total losses
Explore → - Mar 15, 2022 binance smart chain
Paraluni
Attacking liquidity pools through malicious token reentrancy
reentrancy$1.7M total losses
Explore → - Aug 10, 2021 ethereum moonbeam
Polynetwork Bridge
Hijacking validator roles through sighash collision attacks
bridges bruteforce$611.0M total losses
Explore → - Mar 27, 2022 ethereum
Revest Finance
Reentering token vault systems through ERC-1155 callbacks
reentrancy$2.0M total losses
Explore → - Sep 2, 2025 ethereum
unichain Bunni
Exploiting rounding bug in withdrawals to manipulate liquidity
business logic price manipulation flashloan arithmetic$8.4M total losses
Explore → - Nov 3, 2025 ethereum
Balancer V2 Stable Pools Rate Manipulation
Rounding inconsistency in stable invariant calculation deflates BPT price via crafted batchSwap sequence
business logic$128.0M total losses
Explore → - Oct 30, 2022 binance smart chain
BVaults
Manipulating token prices to drain protocol funds
business logic price manipulation$35.0K total losses
Explore → - Mar 21, 2022 ethereum
Compound TUSD Integration
Exploiting dual-contract tokens in sweep functions
business logic data validationNo losses reported
Explore → - Nov 23, 2022 polygon
Curve Pool Oracle
Exploiting AMM oracle prices during liquidity withdrawal callbacks
reentrancy$180.0K total losses
Explore → - May 28, 2025 ethereum
Cork Finance
Manipulating rollover pricing to extract underpriced tokens
business logic price manipulation access control$7.2M total losses
Explore → - Mar 9, 2022
fantom Fantasm Finance
Minting tokens without required backing collateral
business logic data validation$2.6M total losses
Explore → - Oct 14, 2022 ethereum
Earning Farm
Bypassing withdrawal limits through unauthorized flash loan callbacks
business logic flashloan$967.0K total losses
Explore → - Feb 11, 2025 binance smart chain
Four Meme
Preemptively manipulating pool prices during liquidity migration
business logic price manipulation$183.0K total losses
Explore → - Feb 27, 2021 ethereum
Furucombo
Hijacking proxy contexts through malicious delegatecalls
business logic context hijacking$15.0M total losses
Explore → - Jan 10, 2025
arbitrum Futureswap
Exploiting unit mismatch in fee calculation to drain protocol funds
business logic arithmetic flashloan$395.0K total losses
Explore → - May 11, 2025 binance smart chain
MobiusDAO
Exploiting decimal precision errors to inflate token amounts
business logic arithmetic$2.1M total losses
Explore → - Mar 21, 2022 Fantom
One Ring Finance
Exploiting share price manipulation via reserve balance changes
business logic price manipulation$1.6M total losses
Explore → - Nov 1, 2023 ethereum
Onyx Protocol
Creating empty market conditions to manipulate collateral values
business logic price manipulation$2.1M total losses
Explore → - Nov 16, 2024 Fantom
Polter Finance
Breaking lending protocols through manipulated oracle price feeds
business logic price manipulation$8.7M total losses
Explore → - Nov 29, 2022 binance smart chain
Seaman
Forcing contracts to trade at manipulated token prices
business logic price manipulation$7.0K total losses
Explore → - Mar 30, 2025 ethereum
SIR Trading
Attacking through misused transient storage security checks
business logic data validation transient storage$355.0K total losses
Explore → - Oct 27, 2022 ethereum
Team Finance
Exploiting migration processes through malicious token manipulation
business logic migration process$15.0M total losses
Explore → - May 21, 2023 ethereum
TornadoCash Governance Takeover
Hijacking governance by replacing approved proposal implementations
business logic context hijacking$2.7M total losses
Explore → - Apr 28, 2021 binance smart chain
Uranium
Breaking AMM invariants through incorrect constant calculations
business logic arithmetic$50.0M total losses
Explore → - Feb 3, 2023 arbitrum
Sperax USD (USDS)
Abusing contract deployment timing to bypass balance checks
business logic migration process arithmetic$309.0K total losses
Explore → - Nov 2, 2021 ethereum
Rari Fuse
Manipulating low-liquidity pools to inflate collateral pricing
business logic price manipulation$3.0M total losses
Explore →