Ocean Life   |  Amount Lost: $11K The Ocean Life Token on the BNB chain has been exploited for $11K. The attacker initially borrowed wrapped BNB using flash loans and swapped these funds to get $OLIFE tokens. The exploit contract had a vulnerability where the total balance state did not get updated internally before an external call was made. The private reflectFee function had decreased the total value to 969 worth of OLIFE tokens. However, the balance of the pool did not get updated correctly and the attacker was able to swap 1,001 WBNB and make a profit of 34 WBNB. WBNB Exploit Contract (BNB Chain): 0xb5a0ce3acd6ec557d39afdcbc93b07a1e1a9e3fa Transaction Hash (BNB Chain): 0xa21692ffb561767a74a4cbd1b78ad48151d710efab723b1efa5f1e0147caab0a Hundred Finance   |  Amount Lost: $7M An attack on Hundred Finance resulted in a loss of $7M. The hacker used flash loans and donated 500 to Hundred Finance's CErc20 Contract, with the intention to manipulate the exchange rate of Hundred WBTC (hWBTC). The attack contract deposited the WBTC funds into child contracts, which are utilized to mint hWBTC. WBTC Subsequently, the child contract redeemed nearly all of the WBTC funds, except for 2 wei, causing the total supply of hWBTC to be 2 wei. The attacker then donated 500 WBTC to Hundred's CErc20 Contract, which inflated the exchange rate to nearly 1 wei hWBTC = 250 WBTC. Taking advantage of this inflated rate, the attacker borrowed 1022 WETH with 2 wei of underlying assets. After borrowing the WETH funds, the attacker was able to withdraw the 500 WBTC that was previously donated to Hundred's CErc20 Contract due to a rounding error, and eventually repaid the flash loan. Exploit Contract (Optimism): 0x74b8932801bfbf63B44b001d77e62c808B1e2d12 Transaction Hash (Optimism): 0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451 Yearn Finance   |  Amount Lost: $11M Yield Finance suffered an exploit this morning, resulting in losses potentially over $11 million due to a misconfiguration in its yUSDT contract. The attacker flash loaned , , and and used some of the funds to repay other people's debts on the Aave v1 Lending Pool, lowering the priority of the Aave pool within the Yearn contract. DAI USDC USDT The Yearn contract contained a hard-coded lender contract address for Fulcrum which used iUSDC as the underlying asset instead of iUSDT. This caused the Yield contract to miscalculate the yield-to-deposit ratio. The attacker was able to mint an excessive amount of yUSDT by depositing a small amount of USDT. The attacker then swapped yUSDT to DAI and ETH. Exploit Contract: 0x83f798e925BcD4017Eb265844FDDAbb448f1707D Metapoint   |  Amount Lost: $920K MetaPoint on BNB Chain suffered a $920K hack due to a vulnerability in their deposit contract function. The exploit happened because every time a user deposited $POT to the pool, a new smart contract was generated, and $META tokens were deposited to it. The new smart contract had a public approve function that allowed unrestricted access to the deposited tokens, enabling the attacker to drain them. MetaPoint team announced the hack and suspended all operations. One of the exploited smart contracts with the approve function(): 0x086f403461478F6aE7b81d9654f96f65AbDfAC29 Paribus   |  Amount Lost: $20K An attack on Paribus resulted in the loss of approximately $20,000. The attacker borrowed 200 ETH and 30,000 USDT using a flash loan and deposited the tokens into the Paribus protocol. The deposited funds were used as collateral to borrow additional ETH from the pETH pool. The attacker exploited a reentrancy vulnerability during the pToken redeems function. According to the Paribus Post-Mortem update, the non-reentrant modifier failed to update the storage prior to the transfer. The attacker was able to borrow additional funds while the deposited pETH balance remained unchanged. Interested in learning more about Olympix? Olympix is a paradigm shift in Web3 protection. It offers proactive detection, enabling you to identify and prioritize smart contract vulnerabilities while you code. Its intuitive nature makes security an integral part of the development process, with security-first thinking embedded at every stage. Here are some links to get you started: - Our website where you can sign up to join our Beta / Discord - Get updates on exploits, product updates https://www.olympix.ai/ https://twitter.com/Olympix_ai - April 25 Newsletter, subscribe for more https://tinyurl.com/3fwyhpub Also published . here

The writer is smart, but don't just like, take their word for it. #DoYourOwnResearch before making any investment decisions or decisions regarding you health or security. (Do not regard any of this content as professional investment advice, or health advice)

5 Smart Contract Hacks Everyone Should Learn From

Security tool for solidity developers!

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Smart Contract Exploits in April

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

5 Smart Contract Hacks Everyone Should Learn From

5 Basic Tips to Protect Your Crypto Wallet from Theft

5 Less-Known DeFi and NFT Projects Promoting User Protection and Funds Security

5 Security Incidents Involving DAG Networks—and How to Protect Yourself

9 Ways To Keep Your Cryptocurrency Wallet Safe

5 Smart Contract Hacks Everyone Should Learn From

5 Basic Tips to Protect Your Crypto Wallet from Theft

5 Less-Known DeFi and NFT Projects Promoting User Protection and Funds Security

5 Security Incidents Involving DAG Networks—and How to Protect Yourself

9 Ways To Keep Your Cryptocurrency Wallet Safe

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps