Oracle manipulation via compromised private keys. Learn how a leak in server logs can lead to complete price control and the systematic draining of an NFT exchange.
Evolution of price manipulation on Uniswap V2. Learn how blindly trusting official libraries and increasing collateral requirements still fails if the underlying price oracle remains manipulative.
Exploiting fixed fees and identity spoofing. Learn how to drain a user’s balance through forced flash loans and hijack admin privileges via meta-transactions.
Oracle manipulation via low-liquidity AMM pools. Learn how to crash the price of a token on Uniswap V1 to borrow an entire lending pool’s liquidity for pennies.
A vulnerable Merkle reward distributor that fails to bind claims to the intended recipient, allowing attackers to steal every unclaimed reward.
Exploring the flaws in flash loan accounting. Learn how to use a contract’s own flash loan to "deposit" into your own account and then walk out with the entire pool.
Arbitrary external calls leading to full permission leaks. Learn how a single flash loan call can trick a contract into approving away its entire treasury.
Exploiting msg.value reuse in batch processing. Learn how to combine Uniswap V2 flash swaps with a faulty NFT marketplace loop to drain an entire collection for the price of one.
A masterclass in Denial of Service (DoS) via ledger inconsistency. Learn how a single permissionless transfer can permanently paralyze an ERC4626 vault.
Governance hijacking via flash loans. Learn how a lack of snapshotting allows an attacker to borrow a majority of voting power and pass malicious proposals.
