Hacks Analyses 1. Euler Finance  |  Amount Lost: $197M The attacker used a flash loan to borrow DAI and leveraged Euler Protocol to borrow eDAI and dDAI. By exploiting a vulnerability in the donateToReserves function, the attacker was able to initiate the liquidation process and profit from it. The vulnerability was due to the missing checkLiquidity step in the donateToReserves function, allowing users to enter a state of liquidation and complete the liquidation process. Olympix has developed a tool to protect against flash loan attacks resulting from missing check vulnerabilities. These vulnerabilities and resulting attack vectors have become increasingly common and dangerous throughout the defi ecosystem. The Olympix tool uses static code analysis, traditional statistics, and AI to detect anomalies throughout the code base by comparing the code base against itself. 2. Sentiment Protocol   |  Amount Lost: $1M An attack on Sentiment Protocol resulted in the loss of almost $1 million worth of various tokens and stablecoins. The attacker borrowed 606 WBTC, 10,050 WETH, and 18 million USDC using a flash loan, and deposited these tokens into the Balancer pool on Sentiment. The attacker exploited a reentrancy vulnerability during the exitPool function to transfer back the deposited tokens to their account, which decreased the pool token's total supply but token balance state remained the same. The exploit contract recursively borrowed assets using the inflated price of the pool token as collateral. Sentiment is continuing to investigate the attack and has implemented a fix to address the vulnerability exploited in the attack. 3. Poolz Finance   |  Amount Lost: $500K The attacker used a vulnerability in the smart contract by invoking the CreateMassPools() method and causing an overflow in the array using the GetArraySum() method. This allowed the attacker to use the TransferInToken() function to establish liquidity in the pool and withdraw the gained tokens using the withdraw feature. 4. Safemoon   |  Amount Lost: $8.9M The hacker exploited a function in the Safemoon contract, which allowed any user to burn tokens from any other address. This function was used to remove SFM tokens from the liquidity pool, raising their price artificially and allowing the attacker to sell them back to the pool at a profit. public burn()* *A burn() function allows the destruction of tokens or coins that exist on a blockchain. When tokens are "burned", they are permanently removed from circulation, decreasing total supply of the token. 5. Hedera  |  Amount Lost: $515K An attacker used a suspicious address to deploy a malicious contract that stole assets from various pools. The attack was on Hedera's mainnet Smart Contract Service code, which resulted in the transfer of Hedera Token Service tokens from victims' accounts to the attacker's account. The targeted accounts were on multiple decentralized exchanges that used Uniswap v2-derived contract code, including Pangolin, SaucerSwapLabs, and HeliSwap_DEX. Explore Olympix Announcements We are excited to share new updates about the Olympix tool; Our tool now utilizes a combination of static code analysis, traditional statistics, and AI to identify anomalies in the code base by performing comparisons against itself, which helps safeguard against flash loan attacks caused by missing check vulnerabilities. This feature is accessible through an API call. Olympix can detect if a contract is an upgradable or proxy, allowing for more curated and accurate results. We've added additional patching capabilities to quickly fix vulnerabilities. Interested in learning more about Olympix? Here are some links to get you started: - Our website where you can sign up to join our Beta / Discord https://www.olympix.ai/ - Get updates on exploits, product updates https://twitter.com/Olympix_ai - Newsletter #1, subscribe for more. https://t.co/jeLkihA1Fa. Also published here.

The writer is smart, but don't just like, take their word for it. #DoYourOwnResearch before making any investment decisions or decisions regarding you health or security. (Do not regard any of this content as professional investment advice, or health advice)

The is an opinion piece based on the author’s POV and does not necessarily reflect the views of HackerNoon.

5 Smart Contract Hacks Everyone Should Learn From

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Smart Contract Exploits in April

4 DeFi Security Risks Explained: Understanding Common Vulnerabilities

4 Enterprise Cybersecurity Trends in 2021

5 Reasons Why We Need To Define Security of Blockchain

A Necessary Evolution of Privacy and Data Protection on Blockchain Networks

A Technical Q&A on Network Partition Attacks

Smart Contract Exploits in April

4 DeFi Security Risks Explained: Understanding Common Vulnerabilities

4 Enterprise Cybersecurity Trends in 2021

5 Reasons Why We Need To Define Security of Blockchain

A Necessary Evolution of Privacy and Data Protection on Blockchain Networks

A Technical Q&A on Network Partition Attacks

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps