➕ Add OpenLeverage and GemPad Attacks

Signed-off-by: Pascal Marco Caversaccio <[email protected]>
pcaversaccio · Dec 18, 2024 · 119fd74 · 119fd74
1 parent 2da87dc
commit 119fd74
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -84,6 +84,7 @@ A chronological and (hopefully) complete list of reentrancy attacks to date.
 - [ChainPaint attack](https://x.com/0xNickLFranklin/status/1757186636985798842) – 12 February 2024 | [Victim contract](https://etherscan.io/address/0x52d69c67536f55EfEfe02941868e5e762538dBD6), [Exploit contract](https://etherscan.io/address/0x8d4dE2Bc1a566b266bD4B387f62C21e15474D12a), [Exploit transaction](https://etherscan.io/tx/0x0eb8f8d148508e752d9643ccf49ac4cb0c21cbad346b5bbcf2d06974d31bd5c4)
 - [Rugged Art attack](https://x.com/AnciliaInc/status/1760718167582888148) – 19 February 2024 | [Victim contract](https://etherscan.io/address/0x2648f5592c09a260C601ACde44e7f8f2944944Fb), [Exploit contract](https://etherscan.io/address/0x9bB0cA1E54025232E18f3874F972a851A910E9cB), [Exploit transaction](https://etherscan.io/tx/0x5a63da39b5b83fccdd825fed0226f330f802e995b8e49e19fbdd246876c67e1f)
 - [The Smoofs attack](https://x.com/AnciliaInc/status/1762893563103428783) – 28 February 2024 | [Victim contract](https://polygonscan.com/address/0x757C2d1Ef0942F7a1B9FC1E618Aea3a6F3441A3C), [Exploit contract](https://polygonscan.com/address/0x367120bf791cc03f040e2574aea0ca7790d3d2e5), [Exploit transaction](https://polygonscan.com/tx/0xde51af983193b1be3844934b2937a76c19610ddefcdd3ffcf127db3e68749a50)
+- [OpenLeverage attack](https://neptunemutual.com/blog/how-was-open-leverage-exploited) – 1 April 2024 | [Victim contract](https://bscscan.com/address/0xF436F8FE7B26D87eb74e5446aCEc2e8aD4075E47), [Exploit contract](https://bscscan.com/address/0xd0C8af170397C04525A02234b65E9a39969F4e93), [Exploit transaction](https://bscscan.com/tx/0xf08b6d36dc6f650c030344b6307ae94528f77a01db11d1284ed966e7e44337d3)
 - [Sumer Money attack](https://x.com/0xNickLFranklin/status/1778986926705672698) – 12 April 2024 | [Victim contract](https://basescan.org/address/0x142017b52c99d3dFe55E49d79Df0bAF7F4478c0c), [Exploit contract](https://basescan.org/address/0x13D27a2D66eA33A4bC581d5fEFB0b2A8dEfe9fE7), [Exploit transaction](https://basescan.org/tx/0x619c44af9fedb8f5feea2dcae1da94b6d7e5e0e7f4f4a99352b6c4f5e43a4661)
 - [Predy Finance attack](https://predyfinance.medium.com/postmortem-report-on-the-details-of-the-events-of-may-14-2024-8690508c820b) – 14 May 2024 | [Victim contract](https://arbiscan.io/address/0x9215748657319B17fecb2b5D086A3147BFBC8613), [Exploit contract](https://arbiscan.io/address/0x8afFdD350eb754b4652D9EA5070579394280CaD9), [Exploit transaction](https://arbiscan.io/tx/0xbe163f651d23f0c9e4d4a443c0cc163134a31a1c2761b60188adcfd33178f50f)
 - [Mint Raises Prices attack](https://x.com/0xNickLFranklin/status/1808309614443733005) – 2 July 2024 | [Victim contract](https://bscscan.com/address/0x35F5cEf517317694DF8c50C894080caA8c92AF7D), [Exploit contract](https://bscscan.com/address/0x9485c2950d6C27Fa3f9e87EAda17815a8224A69b), [Exploit transaction](https://bscscan.com/tx/0x1fec78f6433fe230086b673c1f19cc39e32422e80dfabbc7b4b154c3e768d111)
@@ -94,6 +95,7 @@ A chronological and (hopefully) complete list of reentrancy attacks to date.
 - [Penpie attack](https://blog.penpiexyz.io/penpie-post-mortem-report-1ac9863b663a) – 3 September 2024 | [Victim contract](https://etherscan.io/address/0x6E799758CEE75DAe3d84e09D40dc416eCf713652), [Exploit contract](https://etherscan.io/address/0x4aF4C234B8CB6e060797e87AFB724cfb1d320Bb7), [Exploit transaction](https://etherscan.io/tx/0x56e09abb35ff12271fdb38ff8a23e4d4a7396844426a94c4d3af2e8b7a0a2813)[^10]
 - [TrustSwap attack](https://github.com/trustswap/teamfinance-stakingpool/blob/main/audit-reports/Bailsec%20-%20Trustswap%20-%20Post%20Mortem%20-%20Final%20Report%20.pdf) – 30 September 2024 | [Victim contract](https://etherscan.io/address/0xd6A07b8065f9e8386A9a5bBA6A754a10A9CD1074), [Exploit contract](https://etherscan.io/address/0x15716E4ec8BD864eFD6dD0927De7e8b180349198), [Exploit transaction](https://etherscan.io/tx/0x83952d998cc562f40d0a58b76d563a16f3064ddb116e7b1b4e40298ca80499b8)
 - [Clober attack](https://x.com/peckshield/status/1866443215186088048) – 10 December 2024 | [Victim contract](https://basescan.org/address/0x6A0b87D6b74F7D5C92722F6a11714DBeDa9F3895), [Exploit contract](https://basescan.org/address/0x32Fb1BedD95BF78ca2c6943aE5AEaEAAFc0d97C1), [Exploit transaction](https://basescan.org/tx/0x8fcdfcded45100437ff94801090355f2f689941dca75de9a702e01670f361c04)
+- [GemPad attack](https://x.com/pennysplayer/status/1869025663963091421) – 17 December 2024 | [Victim contract](https://etherscan.io/address/0x10B5F02956d242aB770605D59B7D27E51E45774C), [Exploit contract](https://etherscan.io/address/0x8e18Fb32061600A82225CAbD7fecF5b1be477c43), [Exploit transaction](https://etherscan.io/tx/0x7b67e39cd253724372d67da78221a38eca98d2a6b69027a89010bca2101dd02a)
 
 > Some of the exploits carried out involve multiple separate transactions as well as multiple victim and exploit contracts. For each attack, I have listed the most affected victim contract, the most critical exploit contract, and the most devastating exploit transaction.