Source materials for on-chain exploit analyses. The workflow is based on the Exploit Investigator Skill, then manually reviewed and validated before reports are added to this repository.
reports/ Final incident write-ups, validation files, and attachments.
artifacts/ Raw on-chain evidence keyed by canonical transaction hash.
articles/ Long-form research and cross-incident analysis.
scripts/ Local maintenance and validation tooling.
.local-automation/ Local-only automation state, drafts, queues, and logs.
analysis_0x*/ Transient local investigation workspaces; promote finished evidence to artifacts/.
| Date | Chain | Incident | Report |
|---|---|---|---|
| 2026-05-25 | Ethereum | New Market Trading SquidRouterModule Forged Express Payload Safe Swap Exploit | report |
| 2026-05-25 | Ethereum | WUSD / GLOVE englove Sybil Abuse |
report |
| 2026-05-20 | Ethereum | Butter Network Bridge Retry Authorization Bypass Triggers Unauthorized MAPO Mint | report |
| 2026-05-19 | Polygon | ElevateFi Staking Vault Spot-Price Oracle Manipulation | report |
| 2026-05-17 | Ethereum | Ethereum Bridge BTC Import/Proof Path Trace-Attributed Unauthorized Payout | report |
| 2026-05-17 | Arbitrum | SEA Settlement Adapter Round Redemption Inflation | report |
| 2026-05-15 | Ethereum | WrappedADS Privileged wrapTo() Mint |
report |
| 2026-05-14 | Ethereum | WOJAK Uniswap V2 Public-Mempool Sandwich | report |
| 2026-05-13 | BNB Chain | MAIL token drain via Moolah flash-loan callback reentrancy | report |
| 2026-05-12 | Ethereum | BoostHook Leveraged Long Drain via Spot-Priced openLong() |
report |
| 2026-05-12 | BNB Chain | Eonx.ai IEXCBP Reward Drain via Pancake Spot-Price Manipulation | report |
| 2026-05-12 | BNB Chain | SQ Token Staking Drain via Hardcoded Owner Backdoor | report |
| 2026-05-11 | Polygon | Huma Finance V1 Deprecated Pools Credit Lifecycle Drain | report |
| 2026-05-11 | Polygon | INK Finance Treasury Drain via Whitelisted Claimer | report |
| 2026-05-10 | Arbitrum | Renegade Dark Pool Unprotected Initializer Drain | report |
| 2026-05-07 | BSC | White Eagle Withdraw Drain | report |
| 2026-05-07 | Ethereum | TrustedVolumes RFQ Proxy Drain | report |
| 2026-05-05 | Ethereum | WBTC Approval Drain via Ekubo Flash Accounting | report |
| 2026-04-29 | Base | Syndicate Commons Bridge Upgrade Compromise | report |
| 2026-04-29 | Sui | AftermathFi Perpetuals Negative Integrator Fee Collateral Inflation | report |
| 2026-04-28 | Ethereum | YieldCore RWAVault Unauthorized Withdrawal | report |
| 2026-04-28 | Ethereum | yvWETH Approval Arbitrary Command Drain | report |
| 2026-04-28 | Ethereum | QNT Pool Drain via EIP-7702 Admin EOA Delegation | report |
| 2026-04-28 | BSC | JUDAO Sell-Burn Reserve Manipulation | report |
| 2026-04-27 | Ethereum | Executor Missing Access Control USDC/USDT Drain | report |
| 2026-04-25 | Base | Singularity_Fi dynBaseUSDCv3 Oracle Share Inflation | report |
| 2026-04-23 | Ethereum | GiddyVaultV3 Signature Replay | report |
| 2026-04-18 | Ethereum | KelpDAO rsETH LayerZero Packet Drain | report |
| 2026-04-14 | BSC | BurnAddress / MONA Deferred LP Burn | report |
| 2026-04-13 | Ethereum | Hyperbridge ISMP Forged Proof DOT Mint | report |
| 2026-04-12 | Base | SubQuery Settings Access Control Staking Drain | report |
| 2026-04-05 | Linea | Denaria Finance Virtual AMM Manipulation | report |
| 2026-03-31 | Polygon | WhaleBit CES/IGT Staking Oracle Manipulation | report |
| 2026-03-31 | BSC | LML APower Reward-Claim Price Manipulation | report |
| 2026-03-31 | BSC | InfinitySix TWAP Stale Price | report |
| 2026-03-28 | Arbitrum | VTSwapHook Pricing Error | report |
| 2026-03-27 | BSC | EST BNBDeposit Claim Manipulation | report |
| 2026-03-22 | BSC | Cyrus Price Manipulation | report |
| 2026-03-22 | Ethereum | Escrow Overflow | report |
| 2026-03-18 | Ethereum | dTRINITY dLEND Index Manipulation | report |
| 2026-03-17 | Polygon zkEVM | KToken Redeem Logic Flaw | report |
| 2026-03-16 | Ethereum | USDC Permit Phishing Drain | report |
| 2026-03-15 | BSC | Venus Lending Exploit | report |
| 2026-03-12 | BSC | AM Burn Reserve Manipulation | report |
| 2026-03-12 | Ethereum | CoW Protocol Solver Exploit | report |
| 2026-03-12 | BSC | DBXen ERC2771 Confusion | report |
| 2026-03-11 | BSC | Gamma Lending Exploit | report |
| 2026-03-11 | BSC | Planet Finance Lending | report |
| 2026-03-11 | BSC | Wukong Staking Reentrancy | report |
| 2026-03-10 | Ethereum | Alkemi Self-Liquidation | report |
| 2026-03-09 | Ethereum | Gondi PurchaseBundler Drain | report |
| 2026-03-08 | Base | MOLT EVM Weak Spawner Access Control | report |
| 2026-03-05 | Ethereum | SOLV BRO Double Mint | report |
| 2026-03-04 | Base | Base Multi-Contract Exploit | report |
| 2026-03-03 | BSC | Inugami Staking Reward Debt Drain | report |
| 2026-03-03 | Ethereum | Uniswap V4 Hook Swap Drain | report |
| 2026-03-02 | Ethereum | sDOLA LlamaLend Oracle Manipulation | report |
| 2026-03-01 | BSC | BUBU2 Fee Token Staking Drain | report |
| 2026-02-28 | BSC | Movie Token Burn Manipulation | report |
| 2026-02-26 | Ethereum | Aave Fork Undercollateralized Borrow | report |
| 2026-02-25 | BSC | HPay Staking ForceExit Drain | report |
| 2026-02-23 | BSC | STO Deflationary Burn Drain | report |
| 2026-02-22 | Ethereum | TARA DODO CoopPool Exploit | report |
| 2026-02-20 | Base | Veil Cash Groth16 Forgery | report |
| 2026-02-16 | BSC | Fee Token Skim Exploit | report |
| 2026-02-13 | Ethereum | Uniswap Router Approval Abuse | report |
| 2026-02-08 | Ethereum | ERC1155 Bonding Curve Reentrancy | report |
| 2026-02-07 | Ethereum | USDe Safe Module Flashloan | report |
| 2026-02-04 | Ethereum | NEUTRL nUSD Internal Balance | report |
| 2026-02-04 | Ethereum | reUSD SingleAdapterRouter Withdraw | report |
| 2026-02-01 | Ethereum | EYWA PortalV2 Axelar | report |
| 2026-01-30 | Ethereum | Gyro Finance CCIP Escrow | report |
| 2026-01-28 | BSC | XPL | report |
| 2026-01-20 | Ethereum | Makina Oracle Manipulation | report |
| 2026-01-10 | Arbitrum | FutureSwap | report |
| 2026-01-05 | Arbitrum | TMX Tribe | report |
These are useful investigations, but they should not be treated as confirmed exploit pages unless their classification changes.
| Date | Chain | Classification | Note | Link |
|---|---|---|---|---|
| 2026-05-19 | BNB Chain | failed_probe |
TestProtocol Withdraw Alert | analysis |
| 2026-05-18 | Ethereum | post_exploit_message |
Verus Bridge On-Chain Message | analysis |
| 2026-05-16 | Ethereum | post_incident_message |
Adshares Wrapper Follow-Up Message | analysis |
| 2026-05-16 | Ethereum | post_exploit_message |
Adshares Wrapper Whitehat Message | analysis |
| 2026-05-15 | Ethereum | administrative_action |
Kelp DAO LRTDepositPool Authorized Unpause | analysis |
| 2026-05-15 | Ethereum | administrative_action |
Kelp DAO LRTOracle Authorized Unpause | analysis |
| 2026-05-15 | Ethereum | post_exploit_message |
TrustedVolumes On-Chain Settlement Message | analysis |
Use one directory per incident:
reports/<incident-slug>/
report.md Preferred final report filename for new reports.
validation.json Verification result from the analysis pipeline, when available.
attachments/ Diagrams, screenshots, and report-local images.
Older reports may use a descriptive Markdown filename instead of report.md. New reports should prefer report.md plus a descriptive directory name. Keep social drafts such as twitter.md local-only; they are ignored by git.
Use the primary transaction hash as the artifact key:
artifacts/analysis_<tx_hash>/
manifest.json Chain, tx hash, contracts, labels, and artifact inventory.
tx.json Raw transaction object.
receipt.json Raw transaction receipt.
trace_callTracer.json Execution trace, when available.
trace_prestateTracer.json State-diff/prestate evidence, when available.
decoded_calls.json ABI-decoded calls.
funds_flow.json Token and native-asset movement summary.
validation.json Evidence validation output, when available.
report.md Draft or source report generated during investigation.
0x<contract_address>/ Verified or recovered source and ABI for relevant contracts.
Root-level analysis_0x*/ directories are scratch workspaces. Keep them out of commits unless they are intentionally promoted into artifacts/analysis_<tx_hash>/.
- Capture the alert, chain, transaction hash, and any claimed loss or root cause.
- Run the
exploit-investigatorworkflow and save raw evidence underartifacts/analysis_<tx_hash>/. - Write or refine the final report under
reports/<incident-slug>/report.md. - Validate source snippets, trace behavior, transfer accounting, and classification; store the result as
validation.json. - Run local checks before opening a PR or committing repository cleanup changes.
git diff --checkDo not commit secrets, queues, generated social drafts, or transient investigation roots. The important ignored paths are:
.env*.local-automation/.scratchpad/analysis_0x*/reports/*/twitter.mdartifacts/analysis_*/twitter.md
| Title | Path |
|---|---|
| Rhea Finance Margin Trading Exploit (NEAR) | article |
For educational and research purposes only.