From 119fd74db247de633619b922e49c24f21f7e02f2 Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Wed, 18 Dec 2024 21:23:14 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9E=95=20Add=20OpenLeverage=20and=20GemPad?= =?UTF-8?q?=20Attacks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pascal Marco Caversaccio --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f089288..d776ead 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,7 @@ A chronological and (hopefully) complete list of reentrancy attacks to date. - [ChainPaint attack](https://x.com/0xNickLFranklin/status/1757186636985798842) – 12 February 2024 | [Victim contract](https://etherscan.io/address/0x52d69c67536f55EfEfe02941868e5e762538dBD6), [Exploit contract](https://etherscan.io/address/0x8d4dE2Bc1a566b266bD4B387f62C21e15474D12a), [Exploit transaction](https://etherscan.io/tx/0x0eb8f8d148508e752d9643ccf49ac4cb0c21cbad346b5bbcf2d06974d31bd5c4) - [Rugged Art attack](https://x.com/AnciliaInc/status/1760718167582888148) – 19 February 2024 | [Victim contract](https://etherscan.io/address/0x2648f5592c09a260C601ACde44e7f8f2944944Fb), [Exploit contract](https://etherscan.io/address/0x9bB0cA1E54025232E18f3874F972a851A910E9cB), [Exploit transaction](https://etherscan.io/tx/0x5a63da39b5b83fccdd825fed0226f330f802e995b8e49e19fbdd246876c67e1f) - [The Smoofs attack](https://x.com/AnciliaInc/status/1762893563103428783) – 28 February 2024 | [Victim contract](https://polygonscan.com/address/0x757C2d1Ef0942F7a1B9FC1E618Aea3a6F3441A3C), [Exploit contract](https://polygonscan.com/address/0x367120bf791cc03f040e2574aea0ca7790d3d2e5), [Exploit transaction](https://polygonscan.com/tx/0xde51af983193b1be3844934b2937a76c19610ddefcdd3ffcf127db3e68749a50) +- [OpenLeverage attack](https://neptunemutual.com/blog/how-was-open-leverage-exploited) – 1 April 2024 | [Victim contract](https://bscscan.com/address/0xF436F8FE7B26D87eb74e5446aCEc2e8aD4075E47), [Exploit contract](https://bscscan.com/address/0xd0C8af170397C04525A02234b65E9a39969F4e93), [Exploit transaction](https://bscscan.com/tx/0xf08b6d36dc6f650c030344b6307ae94528f77a01db11d1284ed966e7e44337d3) - [Sumer Money attack](https://x.com/0xNickLFranklin/status/1778986926705672698) – 12 April 2024 | [Victim contract](https://basescan.org/address/0x142017b52c99d3dFe55E49d79Df0bAF7F4478c0c), [Exploit contract](https://basescan.org/address/0x13D27a2D66eA33A4bC581d5fEFB0b2A8dEfe9fE7), [Exploit transaction](https://basescan.org/tx/0x619c44af9fedb8f5feea2dcae1da94b6d7e5e0e7f4f4a99352b6c4f5e43a4661) - [Predy Finance attack](https://predyfinance.medium.com/postmortem-report-on-the-details-of-the-events-of-may-14-2024-8690508c820b) – 14 May 2024 | [Victim contract](https://arbiscan.io/address/0x9215748657319B17fecb2b5D086A3147BFBC8613), [Exploit contract](https://arbiscan.io/address/0x8afFdD350eb754b4652D9EA5070579394280CaD9), [Exploit transaction](https://arbiscan.io/tx/0xbe163f651d23f0c9e4d4a443c0cc163134a31a1c2761b60188adcfd33178f50f) - [Mint Raises Prices attack](https://x.com/0xNickLFranklin/status/1808309614443733005) – 2 July 2024 | [Victim contract](https://bscscan.com/address/0x35F5cEf517317694DF8c50C894080caA8c92AF7D), [Exploit contract](https://bscscan.com/address/0x9485c2950d6C27Fa3f9e87EAda17815a8224A69b), [Exploit transaction](https://bscscan.com/tx/0x1fec78f6433fe230086b673c1f19cc39e32422e80dfabbc7b4b154c3e768d111) @@ -94,6 +95,7 @@ A chronological and (hopefully) complete list of reentrancy attacks to date. - [Penpie attack](https://blog.penpiexyz.io/penpie-post-mortem-report-1ac9863b663a) – 3 September 2024 | [Victim contract](https://etherscan.io/address/0x6E799758CEE75DAe3d84e09D40dc416eCf713652), [Exploit contract](https://etherscan.io/address/0x4aF4C234B8CB6e060797e87AFB724cfb1d320Bb7), [Exploit transaction](https://etherscan.io/tx/0x56e09abb35ff12271fdb38ff8a23e4d4a7396844426a94c4d3af2e8b7a0a2813)[^10] - [TrustSwap attack](https://github.com/trustswap/teamfinance-stakingpool/blob/main/audit-reports/Bailsec%20-%20Trustswap%20-%20Post%20Mortem%20-%20Final%20Report%20.pdf) – 30 September 2024 | [Victim contract](https://etherscan.io/address/0xd6A07b8065f9e8386A9a5bBA6A754a10A9CD1074), [Exploit contract](https://etherscan.io/address/0x15716E4ec8BD864eFD6dD0927De7e8b180349198), [Exploit transaction](https://etherscan.io/tx/0x83952d998cc562f40d0a58b76d563a16f3064ddb116e7b1b4e40298ca80499b8) - [Clober attack](https://x.com/peckshield/status/1866443215186088048) – 10 December 2024 | [Victim contract](https://basescan.org/address/0x6A0b87D6b74F7D5C92722F6a11714DBeDa9F3895), [Exploit contract](https://basescan.org/address/0x32Fb1BedD95BF78ca2c6943aE5AEaEAAFc0d97C1), [Exploit transaction](https://basescan.org/tx/0x8fcdfcded45100437ff94801090355f2f689941dca75de9a702e01670f361c04) +- [GemPad attack](https://x.com/pennysplayer/status/1869025663963091421) – 17 December 2024 | [Victim contract](https://etherscan.io/address/0x10B5F02956d242aB770605D59B7D27E51E45774C), [Exploit contract](https://etherscan.io/address/0x8e18Fb32061600A82225CAbD7fecF5b1be477c43), [Exploit transaction](https://etherscan.io/tx/0x7b67e39cd253724372d67da78221a38eca98d2a6b69027a89010bca2101dd02a) > Some of the exploits carried out involve multiple separate transactions as well as multiple victim and exploit contracts. For each attack, I have listed the most affected victim contract, the most critical exploit contract, and the most devastating exploit transaction.