Welcome to another instance of the Blood Bath report. This months we saw a fix of critical bug in OpenZeppelin [https://forum.openzeppelin.com/t/uupsupgradeable-vulnerability-post-mortem/15680] , a Supply Chain attack on SushiSwap and just yesterday we saw a Compound proposal that went wrong [https://www.rekt.news/overcompensated/]. Enough
Today we saw how ThorChain protocol get rekt on multiple levels. First we saw a black-hat attack the protocol and steal $8M. > THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat. ETH will be halted until it can
DeFi is an ever-growing market, and apart from everybody wanting to have a piece of multi-billion dollar industry, there are chains and copycats of protocols found originally on Ethereum. Some of those copycats grew into their respective applications, but also it meant, we have multiple chains we can deploy the
Blockchain is an innovative and futuristic technology. It enables different opportunities for its users. There are many takes how blockchain should behave and what it should offer. With many different approaches to the subject, we see few main chains of blockchain being in use, like Ethereum, BSC, Polygon, or Bitcoin.
In today’s post we’re going to unbox another popular type of attack, front-running transactions. This type of attack takes different forms and can be used in various ways. One of the examples of front-running I explained recently during ERC20 approval unboxing [https://www.adrianhetman.com/unboxing-erc20-approve-issues/]. But first
Ehh…Same exploit used for the 4th time. Devs do not learn, do they?Exploit is very similar to the one found on PancakeBunny [https://www.adrianhetman.com/pancakebunny-exploit-used-for-the-3rd-time/]. 40 ETH was sent through Torando Cash on Ethereum. Below analysis is taken from WatchPugs. [https://watchpug.medium.com/pancakehunny-performance-fee-minting-attack-analysis-e347d12bfdde] https:
When I wrote about PancakeBunny exploit, [https://www.adrianhetman.com/pancakebunny-hacked-for-40m/] I didn’t think I would be reporting the same hack for the 3rd time. But that’s our reality when projects fork another project’s code without changing much. Without even trying to stop the protocol and fix