- Compound: price manipulation of DAI on Coinbase impacted Coinbase oracle price Postmortem
- CREAM: flashloan attack & reentrancy with ERC777-like token (no checks-effects-interaction protection) Postmortem POC
- CREAM: Price manipulation Postmortem POC
- Lendf.me: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Compound: Double-entry point token issue Retrospective POC
- Lodestar Finance: Exchange rate manipulation Thread POC
- Agave Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- Hundred Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- Ola Finance: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Rari Capital: Flashloan and reentrancy (no checks-effects-interaction protection) POC
- Venus: Chainlink LUNA oracle became inaccurate during the Terra collapse, which cause a similar result as oracle manipulation and led to draining of protocols writeup
- Hundred Finance: Exploit of empty markets Postmortem POC
- 0VIX: price oracle vulnerability allowed donation-based price maniulation Thread POC
- Uranium Finance: bad k-value Postmortem POC
- DDC: bad k-value Thread
- Swapos: bad k-value Thread POC
- Balancer: deflationary token can drain pools Postmortem
- Sentiment: read-only reentrancy Postmortem forum POC
- Balancer: Double entrypoint token DoS risk Forum
- Curve: read-only reentrancy Postmortem
- Aave V2: risk of price manipulation can lead to accumulating bad debt Governance proposed mitigation writeup
- Blizz Finance: Chainlink LUNA oracle became inaccurate during the Terra collapse, which cause a similar result as oracle manipulation and led to draining of protocols writeup