A critical reentrancy vulnerability was discovered in a multi-token liquidity pool. The attacker exploited callback mechanisms to drain accumulated fees before internal accounting updates. Potential impact: 0M+ TVL at risk. Status: Reported and patched.
Bridge Arbitrary Call Exploit
The bridge contract contained a flaw allowing cross-chain messages to trigger arbitrary function calls on external contracts. An attacker could execute any function with the bridge’s privileges. Impact: 00M+ in cross-chain assets potentially compromised.
Governance Timelock Bypass via Flash Loan
The governance timelock mechanism was circumvented using flash-loaned tokens to pass proposal thresholds. This allowed execution of sensitive governance actions without the mandatory waiting period. Impact: 0M+ in governance tokens affected.
Cross-Chain Message Relay Authority Bypass
The message relay mechanism trusted incoming messages without sufficient caller authority verification. Attackers could craft messages appearing to originate from legitimate relayers. Impact: Double-spend across chains, 00M+ bridge exploitation possible.
Vault Permission Escalation via Delegatecall
A defi aggregator vault used delegatecall to execute strategy contracts, creating critical storage manipulation vulnerabilities. Malicious strategies could modify vault permissions and drain all deposited funds. Impact: 0M+ at risk.