- CREAM: flashloan attack & reentrancy with ERC777-like token (no checks-effects-interaction protection) Postmortem POC
- CREAM: Price manipulation Postmortem POC
- Lendf.me: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Compound: Double-entry point token issue Retrospective POC
- Lodestar Finance: Exchange rate manipulation POC
- Agave Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- Hundred Finance: Flashloan and reentrancy on gnosis, where native token has callback hook (no checks-effects-interaction protection) Postmortem
- Ola Finance: Flashloan and reentrancy (no checks-effects-interaction protection) Postmortem
- Rari Capital: Flashloan and reentrancy (no checks-effects-interaction protection) POC
- Hundred Finance: Exploit of empty markets Postmortem POC
- 0VIX: price oracle vulnerability allowed donation-based price maniulation Thread POC
- Uranium Finance: bad k-value Postmortem POC
- DDC: bad k-value Thread
- Swapos: bad k-value Thread POC
- Balancer: deflationary token can drain pools Postmortem
- Sentiment: read-only reentrancy Postmortem forum POC
- Curve: read-only reentrancy Postmortem
- Aave V2: risk of price manipulation can lead to accumulating bad debt Governance proposed mitigation writeup