Reproduce DeFi hack incidents using Foundry.
313 incidents included.
Let's make Web3 secure! Join Discord
Notion: 101 root cause analysis of past DeFi hacked incidents
Disclaimer: This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.
-
Follow the instructions to install Foundry.
-
Clone and install dependencies:
git submodule update --init --recursive
All articles are also published on Substack.
- Lesson 1: Tools ( English | ä¸ć–‡ | Vietnamese | Korean )
- Lesson 2: Warm up ( English | ä¸ć–‡ | Korean )
- Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( English | ä¸ć–‡ | Korean )
- Lesson 4: Write Your Own PoC (MEV Bot) ( English | ä¸ć–‡ | Korean )
- Lesson 5: Rugpull Analysis ( English | ä¸ć–‡ )
- Lesson 6: Write Your Own PoC (Reentrancy) ( English | ä¸ć–‡ )
- Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( English | ä¸ć–‡ )
2022
20221024 MulticallWithoutCheck
20221011 Rabby Wallet SwapRouter
20220908 Ragnarok Online Invasion
20220701 Quixotic - Optimism NFT Marketplace
20220624 Harmony's Horizon Bridge
20220608 Optimism - Wintermute
20220430 Rari Capital/Fei Protocol
2021
Before 2020
Phalcon | Tx tracer | Cruise | Ethtx | Tenderly | eigenphi
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI | Abi tools
Slowmist | Defillama | De.Fi | Rekt | Cryptosec
Test
forge test --contracts ./src/test/grok_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1722841076120130020
Test
forge test --contracts ./src/test/bot_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1722101942061601052
Test
forge test --contracts ./src/test/TrustPad_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1721800306101793188
Test
forge test --contracts ./src/test/TheStandard_io_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1721807569222549518
https://twitter.com/CertiKAlert/status/1721839125836321195
Test
forge test --contracts ./src/test/3913_exp.sol --evm-version 'shanghai' -vvv
https://defimon.xyz/attack/bsc/0x8163738d6610ca32f048ee9d30f4aa1ffdb3ca1eddf95c0eba086c3e936199ed
Test
forge test --contracts ./src/test/OnyxProtocol_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/Phalcon_xyz/status/1719697319824851051 https://defimon.xyz/attack/mainnet/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635 https://twitter.com/DecurityHQ/status/1719657969925677161
Test
forge test --contracts .\src\test\UniBot_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/PeckShieldAlert/status/1719251390319796477
Test
forge test --contracts .\src\test\Astrid_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/Phalcon_xyz/status/1718454835966775325
Test
forge test --contracts .\src\test\MaestroRouter2_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/Phalcon_xyz/status/1717014871836098663
https://twitter.com/BeosinAlert/status/1717013965203804457
Test
forge test --contracts ./src/test/OpenLeverage_exp.sol -vvv
https://defimon.xyz/exploit/bsc/0x5366c6ba729d9cf8d472500afc1a2976ac2fe9ff
Test
forge test --contracts ./src/test/kTAF_exp.sol -vvv
Test
forge test --contracts ./src/test/MicDao_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1714677875427684544
https://twitter.com/ChainAegis/status/1714837519488205276
Test
forge test --contracts ./src/test/BelugaDex_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1712676040471105870
https://twitter.com/CertiKAlert/status/1712707006979613097
Test
forge test --contracts ./src/test/WiseLending_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/bbbb/status/1712841315522638034
https://twitter.com/BlockSecTeam/status/1712871304993689709
Test
forge test --contracts ./src/test/Platypus03_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1712445197538468298
https://twitter.com/peckshield/status/1712354198246035562
Test
forge test --contracts ./src/test/BH_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1712139760813375973
https://twitter.com/DecurityHQ/status/1712118881425203350
Test
forge test --contracts ./src/test/pSeudoEth_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1710979615164944729
Test
forge test --contracts ./src/test/StarsArena_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1710556926986342911
https://twitter.com/Phalcon_xyz/status/1710554341466395065
https://twitter.com/peckshield/status/1710555944269292009
Test
forge test --contracts ./src/test/DePayRouter_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1709764146324009268
Test
forge test --contracts ./src/test/FireBirdPair_exp.sol -vvv
Test
forge test --contracts ./src/test/DEXRouter_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1707851321909428688
Test
forge test --contracts ./src/test/XSDWETHpool_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1706765042916450781
Test
forge test --contracts ./src/test/Kub_Split_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1705966214319612092
Test
forge test --contracts ./src/test/CEXISWAP_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1704759560614126030
Test
forge test --contracts ./src/test/uniclyNFT_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1703096116047421863
Test
forge test --contracts ./src/test/0x0DEX_exp.sol -vvv
https://0x0ai.notion.site/0x0ai/0x0-Privacy-DEX-Exploit-25373263928b4f18b31c438b2a040e33
Test
forge test --contracts ./src/test/BFCToken_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1700621314246017133
Test
forge test --contracts ./src/test/APIG_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1700128158647734745
Test
forge test --contracts ./src/test/HCT_exp.sol -vvv
https://twitter.com/leovctech/status/1699775506785198499
Test
forge test --contracts ./src/test/JumpFarm_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1699384904218202618
Test
forge test --contracts ./src/test/HeavensGate_exp.sol -vvv
Test
forge test --contracts ./src/test/FloorDAO_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1698962105058361392
https://medium.com/floordao/floor-post-mortem-incident-summary-september-5-2023-e054a2d5afa4
Test
forge test --contracts ./src/test/DAppSocial_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1698064511230464310
Test
forge test --contracts ./src/test/Balancer_exp.sol -vvv
Test
forge test --contracts ./src/test/EAC_exp.sol -vvv
https://twitter.com/bbbb/status/1696520866564350157
Test
forge test --contracts ./src/test/SVT_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1695285435671392504?s=20
Test
forge test --contracts ./src/test/GSS_exp.sol -vvv
https://twitter.com/bbbb/status/1694571228185723099
Test
forge test --contracts ./src/test/EHIVE_exp.sol -vvv
https://twitter.com/bulu4477/status/1693636187485872583
Test
forge test --contracts ./src/test/BTC20_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1692924369662513472
Test
forge test --contracts ./src/test/Exactly_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1692533280971936059
https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed
Test
forge test --contracts ./src/test/Zunami_exp.sol --evm-version 'shanghai' -vvv
https://twitter.com/peckshield/status/1690877589005778945
https://twitter.com/BlockSecTeam/status/1690931111776358400
Test
forge test --contracts ./src/test/EarningFram_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1689182459269644288
Test
forge test --contracts ./src/test/CurveBurner_exp.sol -vvv
Test
forge test --contracts ./src/test/Uwerx_exp.sol -vvv
https://twitter.com/deeberiroz/status/1686683788795846657
https://twitter.com/CertiKAlert/status/1686667720920625152
https://etherscan.io/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8
Test
forge test --contracts ./src/test/NeutraFinance_exp.sol -vvv
https://twitter.com/phalcon_xyz/status/1686654241111429120
Test
forge test --contracts ./src/test/Leetswap_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1686217464051539968
https://twitter.com/peckshield/status/1686209024587710464
Test
forge test --contracts ./src/test/GYMNET_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1686605510655811584
Test
forge test --contracts ./src/test/Curve_exp01.sol -vvv
Curve_exp01.sol | Curve_exp02.sol
https://hackmd.io/@LlamaRisk/BJzSKHNjn
Test
forge test --contracts ./src/test/Carson_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1684393202252402688
https://twitter.com/Phalcon_xyz/status/1684503154023448583
https://twitter.com/hexagate_/status/1684475526663004160
Test
forge test --contracts ./src/test/Palmswap_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1683680026766737408
Test
forge test --contracts ./src/test/MintoFinance_exp.sol -vvv
https://twitter.com/bbbb/status/1683180340548890631
Test
forge test --contracts ./src/test/Conic02_exp.sol --evm-version 'shanghai' -vvv
https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d
https://twitter.com/spreekaway/status/1682467603518726144
Testing
forge test --contracts ./src/test/Conic_exp.sol -vvv
https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d
https://twitter.com/BlockSecTeam/status/1682356244299010049
Testing
forge test --contracts ./src/test/SUT_exp.sol -vvv
https://twitter.com/bulu4477/status/1682983956080377857
Testing
forge test --contracts ./src/test/Utopia_exp.sol -vvv
https://twitter.com/DeDotFiSecurity/status/1681923729645871104
https://twitter.com/bulu4477/status/1682380542564769793
Testing
forge test --contracts ./src/test/FFIST_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1681869807698984961
https://twitter.com/AnciliaInc/status/1681901107940065280
Testing
forge test --contracts ./src/test/ApeDAO_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1681316257034035201
Testing
forge test --contracts ./src/test/BNO_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1681116206663876610
Testing
forge test --contracts ./src/test/NewFi_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1680961588323557376
Testing
forge test --contracts ./src/test/Platypus02_exp.sol -vvv
https://twitter.com/peckshield/status/1678800450303164431
Testing
forge test --contracts ./src/test/WGPT_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1679042549946933248
https://twitter.com/BeosinAlert/status/1679028240982368261
Testing
forge test --contracts ./src/test/RodeoFinance_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1678765773396008967
https://twitter.com/peckshield/status/1678700465587130368
https://medium.com/@Rodeo_Finance/rodeo-post-mortem-overview-f35635c14101
Testing
forge test --contracts ./src/test/Libertify_exp.sol -vvv
https://twitter.com/peckshield/status/1678688731908411393
https://twitter.com/Phalcon_xyz/status/1678694679767031809
Testing
forge test --contracts ./src/test/ArcadiaFi_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1678250590709899264
https://twitter.com/peckshield/status/1678265212770693121
Testing
forge test --contracts ./src/test/CIVNFT_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1677722208893022210
https://news.civfund.org/civtrade-hack-analysis-9a2398a6bc2e
https://blog.solidityscan.com/civnft-hack-analysis-4ee79b8c33d1
Testing
forge test --contracts ./src/test/Civfund_exp.sol -vvv
https://twitter.com/HypernativeLabs/status/1677529544062803969
https://twitter.com/BeosinAlert/status/1677548773269213184
Testing
forge test --contracts ./src/test/LUSD_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1677391242878140417
Testing
forge test --contracts ./src/test/Bamboo_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1676220090142916611
https://twitter.com/eugenioclrc
Testing
forge test --contracts ./src/test/bao_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1676224397248454657
Testing
forge test --contracts ./src/test/AzukiDAO_exp.sol -vvv
https://twitter.com/sharkteamorg/status/1676892088930271232
Testing
forge test --contracts ./src/test/Biswap_exp.sol -vvv
https://twitter.com/MetaTrustAlert/status/1674814217122349056?s=20
Testing
forge test --contracts ./src/test/Themis_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1673930979348717570
https://twitter.com/BlockSecTeam/status/1673897088617426946
Testing
forge test --contracts ./src/test/SHIDO_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1672473343734480896
https://twitter.com/AnciliaInc/status/1672382613473083393
Testing
forge test --contracts ./src/test/ShidoGlobal_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1672473343734480896
Testing
forge test --contracts ./src/test/BabyDogeCoin02_exp.sol -vvv
https://twitter.com/hexagate_/status/1671517819840745475
Testing
forge test --contracts ./src/test/BUNN_exp.sol -vvv
https://twitter.com/DecurityHQ/status/1671803688996806656
Testing
forge test --contracts ./src/test/MIMSpell_exp.sol -vvv
https://twitter.com/hexagate_/status/1671188024607100928?cxt=HHwWgMC--e2poLEuAAAA
Testing
forge test --contracts ./src/test/ARA_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1670638160550965248
Testing
forge test --contracts ./src/test/Pawnfi_exp.sol -vvv
https://blog.solidityscan.com/pawnfi-hack-analysis-38ac9160cbb4
Testing
forge test --contracts ./src/test/CFC_exp.sol -vvv
https://twitter.com/hexagate_/status/1669280632738906113
Testing
forge test --contracts ./src/test/DEPUSDT_LEVUSDC_exp.sol -vvv
https://twitter.com/numencyber/status/1669278694744150016?cxt=HHwWgMDS9Z2IvKouAAAA
Testing
forge test --contracts ./src/test/Sturdy_exp.sol -vvv
https://sturdyfinance.medium.com/exploit-post-mortem-49261493307a
https://twitter.com/AnciliaInc/status/1668081008615325698
https://twitter.com/BlockSecTeam/status/1668084629654638592
Testing
forge test --contracts ./src/test/SELLC03_exp.sol -vvv
https://twitter.com/EoceneSecurity/status/1668468933723328513
20230607 CompounderFinance - Manipulation of funds through fluctuations in the amount of exchangeable assets
Testing
forge test --contracts ./src/test/CompounderFinance_exp.sol -vvv
https://twitter.com/numencyber/status/1666346419702362112
Testing
forge test --contracts ./src/test/VINU_exp.sol -vvv
https://twitter.com/hexagate_/status/1666051854386511873?cxt=HHwWgoC24bPVgJ8uAAAA
Testing
forge test --contracts ./src/test/UN_exp.sol -vvv
https://twitter.com/MetaTrustAlert/status/1667041877428932608
The hack was executed in a single transaction, resulting in the theft of $40,000 USD worth of USDT from the swap contract.
forge test --contracts ./src/test/NST_exp.sol -vvv
https://discord.com/channels/1100129537603407972/1100129538056396870/1114142216923926528
Testing
forge test --contracts ./src/test/DDCoin_exp.sol -vvv
https://twitter.com/ImmuneBytes/status/1664239580210495489 https://twitter.com/ChainAegis/status/1664192344726581255?cxt=HHwWjsDRldmHs5guAAAA
Testing
forge test --contracts ./src/test/Cellframe_exp.sol -vvv
https://twitter.com/numencyber/status/1664132985883615235?cxt=HHwWhoDTqceImJguAAAA
Testing
forge test --contracts ./src/test/ERC20TokenBank_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1663810037788311561
Testing
forge test --contracts ./src/test/Jimbo_exp.sol -vvv
https://twitter.com/cryptofishx/status/1662888991446941697
https://twitter.com/yicunhui2/status/1663793958781353985
Testing
forge test --contracts ./src/test/BabyDogeCoin_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1662744426475831298
Testing
forge test --contracts ./src/test/FAPEN_exp.sol -vvv
https://twitter.com/hexagate_/status/1663501550600302601
Testing
forge test --contracts ./src/test/NOON_exp.sol -vvv
https://twitter.com/hexagate_/status/1663501545105702912
Testing
forge test --contracts ./src/test/GPT_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1661424685320634368
Testing
forge test --contracts ./src/test/LocalTrader_exp.sol -vvv
LocalTrader_exp.sol | LocalTrader2_exp.sol
https://twitter.com/numencyber/status/1661213691893944320
Testing
forge test --contracts ./src/test/CS_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1661098394130198528
https://twitter.com/numencyber/status/1661207123102167041
Testing
forge test --contracts ./src/test/LFI_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1660767088699666433
Testing
forge test --contracts ./src/test/landNFT_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1658000784943124480
Testing
forge test --contracts ./src/test/SELLC02_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1657715018908180480
Testing
forge test --contracts ./src/test/Bitpaidio_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1657411284076478465
Testing
forge test --contracts ./src/test/LW_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1656850634312925184
https://twitter.com/hexagate_/status/1657051084131639296
Testing
forge test --contracts ./src/test/SellToken_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1657324561577435136
Testing
forge test --contracts ./src/test/SELLC_exp.sol -vvv
https://twitter.com/AnciliaInc/status/1656337400329834496
https://twitter.com/AnciliaInc/status/1656341587054702598
Testing
forge test --contracts ./src/test/SNK_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1656176776425644032
Testing
forge test --contracts ./src/test/Melo_exp.sol -vvv
https://twitter.com/peckshield/status/1654667621139349505
Testing
forge test --mc DEIPocTest -vvv
https://twitter.com/eugenioclrc/status/1654576296507088906
Testing
forge test --contracts ./src/test/NeverFall_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1653619782317662211
Testing
forge test --contracts ./src/test/Level_exp.sol -vvv
https://twitter.com/peckshield/status/1653149493133729794
https://twitter.com/BlockSecTeam/status/1653267431127920641
Testing
forge test --contracts ./src/test/0vix_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1651932529874853888
https://twitter.com/peckshield/status/1651923235603361793
https://twitter.com/Mudit__Gupta/status/1651958883634536448
Testing
forge test --contracts ./src/test/silo_finance.t.sol -vvv
https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a
Testing
forge test --contracts ./src/test/Axioma_exp.sol -vvv
https://twitter.com/HypernativeLabs/status/1650382589847302145
Testing
forge test --contracts ./src/test/OLIFE_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1648520494516420608
Testing
forge test --contracts ./src/test/Swapos_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1647530789947469825
https://twitter.com/BeosinAlert/status/1647552192243728385
Testing
forge test --contracts ./src/test/HundredFinance_2_exp.sol -vvv
https://twitter.com/peckshield/status/1647307128267476992
https://twitter.com/danielvf/status/1647329491788677121
https://twitter.com/hexagate_/status/1647334970258608131
https://blog.hundred.finance/15-04-23-hundred-finance-hack-post-mortem-d895b618cf33
Testing
forge test --contracts ./src/test/YearnFinance_exp.sol -vvv
https://twitter.com/cmichelio/status/1646422861219807233
https://twitter.com/BeosinAlert/status/1646481687445114881
Testing
forge test --contracts ./src/test/MetaPoint_exp.sol -vvv
https://twitter.com/PeckShieldAlert/status/1645980197987192833
https://twitter.com/Phalcon_xyz/status/1645963327502204929
Testing
forge test --contracts ./src/test/Paribus_exp.sol -vvv
https://twitter.com/Phalcon_xyz/status/1645742620897955842
https://twitter.com/BlockSecTeam/status/1645744655357575170
https://twitter.com/peckshield/status/1645742296904929280
Testing
forge test --contracts ./src/test/Sushi_Router_exp.sol -vvv
https://twitter.com/peckshield/status/1644907207530774530
https://twitter.com/SlowMist_Team/status/1644936375924584449
https://twitter.com/AnciliaInc/status/1644925421006520320
Testing
forge test --contracts ./src/test/Sentiment_exp.sol -vvv
https://twitter.com/peckshield/status/1643417467879059456
https://twitter.com/spreekaway/status/1643313471180644360
Testing
forge test --contracts ./src/test/Allbridge_exp.sol -vvv
Allbrideg_exp.sol | Allbrideg_exp2.sol
https://twitter.com/peckshield/status/1642356701100916736
https://twitter.com/BeosinAlert/status/1642372700726505473
Testing
forge test --contracts ./src/test/safeMoon_exp.sol -vvv
https://twitter.com/zokyo_io/status/1641014520041840640
Testing
forge test --contracts ./src/test/Thena_exp.sol -vvv
https://twitter.com/LTV888/status/1640563457094451214?t=OBHfonYm9yYKvMros6Uw_g&s=19
Testing
forge test --contracts ./src/test/DBW_exp.sol -vvv
https://twitter.com/BeosinAlert/status/1639655134232969216
https://twitter.com/AnciliaInc/status/1639289686937210880
Testing
forge test --contracts ./src/test/BIGFI_exp.sol -vvv
https://twitter.com/HypernativeLabs/status/1638522680654675970
Testing
forge test --contracts ./src/test/paraspace_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1636650252844294144
Testing
forge test --contracts ./src/test/poolz_exp.sol -vvv
https://twitter.com/peckshield/status/1635860470359015425
Testing
forge test --contracts ./src/test/Euler_exp.sol -vvv
https://twitter.com/FrankResearcher/status/1635241475989721089
https://twitter.com/nomorebear/status/1635230621856600064
https://twitter.com/peckshield/status/1635229594596036608
https://twitter.com/BlockSecTeam/status/1635262150624305153
Testing
forge test --contracts ./src/test/DKP_exp.sol -vvv
https://twitter.com/CertiKAlert/status/1633421908996763648
Testing
forge test --contracts src/test/Phoenix_exp.sol -vvv
https://twitter.com/HypernativeLabs/status/1633090456157401088
Testing
forge test --contracts src/test/LaunchZone_exp.sol -vvv
https://twitter.com/immunefi/status/1630210901360951296
https://twitter.com/launchzoneann/status/1631538253424918528
Testing
forge test --contracts ./src/test/swapX_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1630111965942018049
https://twitter.com/peckshield/status/1630100506319413250
https://twitter.com/CertiKAlert/status/1630241903839985666
Testing
forge test --contracts ./src/test/EFVault_exp.sol -vvv
https://twitter.com/peckshield/status/1630490333716029440
https://twitter.com/drdr_zz/status/1630500170373685248
https://twitter.com/gbaleeeee/status/1630587522698080257
Testing
forge test --contracts ./src/test/DYNA_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1628319536117153794
https://twitter.com/BeosinAlert/status/1628301635834486784
Testing
forge test --contracts ./src/test/RevertFinance_exp.sol -vvv
https://mirror.xyz/revertfinance.eth/3sdpQ3v9vEKiOjaHXUi3TdEfhleAXXlAEWeODrRHJtU
Testing
forge test --contracts ./src/test/Starlink_exp.sol -vvv
https://twitter.com/NumenAlert/status/1626447469361102850
https://twitter.com/bbbb/status/1626392605264351235
Testing
forge test --contracts src/test/Dexible_exp.sol -vvv
https://twitter.com/peckshield/status/1626493024879673344
https://twitter.com/MevRefund/status/1626450002254958592
Testing
forge test --contracts src/test/Platypus_exp.sol -vvv
https://twitter.com/peckshield/status/1626367531480125440
https://twitter.com/spreekaway/status/1626319585040338953
Testing
forge test --contracts src/test/Sheep_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1623999717482045440
https://twitter.com/BlockSecTeam/status/1624077078852210691
Testing
forge test --contracts ./src/test/dForce_exp.sol -vvv
https://twitter.com/SlowMist_Team/status/1623956763598000129
https://twitter.com/BlockSecTeam/status/1623901011680333824
https://twitter.com/peckshield/status/1623910257033617408
Testing
forge test --contracts ./src/test/CowSwap_exp.sol -vvv
https://twitter.com/MevRefund/status/1622793836291407873
https://twitter.com/peckshield/status/1622801412727148544
Testing
forge test --contracts src/test/FDP_exp.t.sol -vv
https://twitter.com/BeosinAlert/status/1622806011269771266
Testing
forge test --contracts ./src/test/USDs_exp.sol -vv
https://twitter.com/danielvf/status/1621965412832350208
https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c
Testing
forge test --contracts ./src/test/Orion_exp.sol -vvv
https://twitter.com/peckshield/status/1621337925228306433
https://twitter.com/BlockSecTeam/status/1621263393054420992
https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/
Testing
forge test --contracts ./src/test/BonqDAO_exp.sol -vv
https://twitter.com/BlockSecTeam/status/1621043757390123008
https://twitter.com/SlowMist_Team/status/1621087651158966274
Testing
forge test --contracts ./src/test/TINU_exp.t.sol -vv
https://twitter.com/libevm/status/1618718156343873536
Testing
forge test --contracts ./src/test/QTN_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1615625901739511809
Testing
forge test --contracts ./src/test/ThoreumFinance_exp.sol -vvv
https://bscscan.com/tx/0x3fe3a1883f0ae263a260f7d3e9b462468f4f83c2c88bb89d1dee5d7d24262b51 https://twitter.com/AnciliaInc/status/1615944396134043648
Testing
forge test --contracts ./src/test/Upswing_exp.sol -vvv
https://etherscan.io/tx/0x4b3df6e9c68ae482c71a02832f7f599ff58ff877ec05fed0abd95b31d2d7d912 https://twitter.com/QuillAudits/status/1615634917802807297
Testing
forge test --contracts ./src/test/OmniEstate_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1615232012834705408
Testing
forge test --contracts ./src/test/Midas_exp.sol -vvv
https://twitter.com/peckshield/status/1614774855999844352
https://twitter.com/BlockSecTeam/status/1614864084956254209
Testing
forge test --contracts ./src/test/UFDao_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1613507804412940289
Testing
forge test --contracts ./src/test/RoeFinance_exp.sol -vvv
https://twitter.com/BlockSecTeam/status/1613267000913960976
Testing
forge test --contracts ./src/test/BRA.exp.sol -vvv
https://twitter.com/CertiKAlert/status/1612674916070858753
https://twitter.com/BlockSecTeam/status/1612701106982862849
Testing
forge test --contracts ./src/test/GDS_exp.sol -vvv
https://twitter.com/peckshield/status/1610095490368180224
https://twitter.com/BlockSecTeam/status/1610167174978760704
Foundry also has the ability to report the gas
used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.
Every poc in this repository can produce a gas report like this:
forge test --gas-report --contracts <contract> -vvv
For Example: Let us find out the gas used in the Audius poc
Execution
forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvv
Demo
Moved to DeFiVulnLabs
Moved to DeFiLabs