Reproduce DeFi hack incidents using Foundry.
669 incidents included.
Let's make Web3 secure! Join Discord
Notion: 101 root cause analysis of past DeFi hacked incidents
Disclaimer: This content serves solely as a proof of concept showcasing past DeFi hacking incidents. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.
- Getting Started
- Who Support Us
- Donate Us
- List of Past DeFi Incidents
- Transaction debugging tools
- Ethereum Signature Database
- Useful tools
- Hacks Dashboard
- List of DeFi Hacks & POCs
-
Follow the instructions to install Foundry.
-
Clone and install dependencies:
git submodule update --init --recursive
All articles are also published on Substack.
- Lesson 1: Tools ( English | 中文 | Vietnamese | Korean | Spanish | 日本語 )
- Lesson 2: Warm up ( English | 中文 | Korean | Spanish | 日本語 )
- Lesson 3: Write Your Own PoC (Price Oracle Manipulation) ( English | 中文 | Korean | Spanish | 日本語 )
- Lesson 4: Write Your Own PoC (MEV Bot) ( English | 中文 | Korean | Spanish | 日本語 )
- Lesson 5: Rugpull Analysis ( English | 中文 | Spanish | 日本語 )
- Lesson 6: Write Your Own PoC (Reentrancy) ( English | 中文 | Spanish | 日本語 )
- Lesson 7: Hack Analysis: Nomad Bridge, August 2022 ( English | 中文 | Spanish | 日本語 )
If you appreciate our work, please consider donating. Even a small amount helps us continue developing and improving our projects, and promoting web3 security.
- Gitcoin - Donate DeFiHackLabs
- EVM Chains - 0xD7d6215b4EF4b9B5f40baea48F41047Eb67a11D5
- Giveth
20250509 Nalakuvara_LotteryTicket50
20250305 1inch Fusion V1 Settlement
2024
20240703 UnverifiedContr_0x452E25
20240610 UwuLend - Price Manipulation
2023
20231201 UnverifiedContr_0x431abb
20230715 USDTStakingContract28
2022
20221024 MulticallWithoutCheck
20221011 Rabby Wallet SwapRouter
20220908 Ragnarok Online Invasion
20220701 Quixotic - Optimism NFT Marketplace
20220624 Harmony's Horizon Bridge
20220608 Optimism - Wintermute
20220430 Rari Capital/Fei Protocol
2021
Before 2020
Phalcon | Tx tracer | Cruise | Ethtx | Tenderly | eigenphi
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | ETHCMD - Guess ABI | Abi tools
Slowmist | Defillama | De.Fi | Rekt | Cryptosec | BlockSec
forge test --contracts ./src/test/2025-10/TokenHolder_exp.sol -vvv --evm-version shanghaihttps://t.me/defimon_alerts/2027
forge test --contracts ./src/test/2025-10/MIMSpell3_exp.sol -vvvhttps://x.com/Phalcon_xyz/status/1974532815208485102
forge test --contracts ./src/test/2025-09/Kame_exp.sol -vvvhttps://x.com/SupremacyHQ/status/1966909841483636849
forge test --contracts ./src/test/2025-08/EverValueCoin -vvvhttps://x.com/SuplabsYi/status/1961906638438445268
forge test --contracts ./src/test/2025-08/Hexotic_exp.sol -vvvhttps://t.me/defimon_alerts/1757
forge test --contracts ./src/test/2025-08/0xf340_exp.sol -vvvhttps://t.me/defimon_alerts/1733
forge test --contracts ./src/test/2025-08/ABCCApp_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1959457212914352530
forge test --contracts ./src/test/2025-08/MulticallWithXera_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1958354933247590450
forge test --contracts ./src/test/2025-08/0x8d2e_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1958354933247590450
forge test --contracts ./src/test/2025-08/d3xai_exp.sol -vvvhttps://x.com/suplabsyi/status/1956695597546893598
forge test --contracts ./src/test/2025-08/PDZ_exp.sol -vvvhttps://x.com/tikkalaresearch/status/1957500585965678828
forge test --contracts ./src/test/2025-08/SizeCredit_exp.sol -vvvhttps://x.com/SuplabsYi/status/1956306748073230785
forge test --contracts ./src/test/2025-08/YuliAI_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1955817707808432584
forge test --contracts ./src/test/2025-08/coinbase_exp.sol -vvv --evm-version cancunhttps://x.com/deeberiroz/status/1955718986894549344
forge test --contracts ./src/test/2025-08/Grizzifi_exp.sol -vvvhttps://x.com/MetaTrustAlert/status/1955967862276829375
forge test --contracts ./src/test/2025-08/Bebop_dex_exp.sol -vvvhttps://x.com/SuplabsYi/status/1955230173365961128
forge test --contracts ./src/test/2025-08/WXC_Token -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1954774967481962832
forge test --contracts ./src/test/2025-07/SuperRare_exp.sol -vvvhttps://x.com/SlowMist_Team/status/1949770231733530682
forge test --contracts ./src/test/2025-07/MulticallWithETH_exp.sol -vvvforge test --contracts ./src/test/2025-07/SWAPPStaking_exp.sol -vvvhttps://x.com/deeberiroz/status/1947213692220710950
forge test --contracts ./src/test/2025-07/Stepp2p_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1946887946877149520
forge test --contracts ./src/test/2025-07/WETC_Token_exp.sol -vvv --evm-version shanghaihttps://t.me/evmhacks/78?single
forge test --contracts ./src/test/2025-07/VDS_exp.sol -vvvhttps://x.com/SlowMist_Team/status/1945672192471302645
forge test --contracts ./src/test/2025-07/gmx_exp.sol -vvvhttps://x.com/GMX_IO/status/1943336664102756471
forge test --contracts ./src/test/2025-07/unverified_54cd_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1941689712621576493
forge test --contracts ./src/test/2025-07/RANTToken_exp.sol -vvv- https://x.com/Phalcon_xyz/status/1941788315549946225
- https://x.com/AgentLISA_ai/status/1942162643437203531
forge test --contracts ./src/test/2025-07/FPC_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1940423393880244327
forge test --contracts ./src/test/2025-06/Stead_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1939508301596672036
forge test --contracts ./src/test/2025-06/ResupplyFi_exp.sol -vvvhttps://x.com/ResupplyFi/status/1938927974272938420
forge test --contracts ./src/test/2025-06/unverified_b5cb_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1937761064713941187
forge test --contracts ./src/test/2025-06/GradientMakerPool_exp.sol -vvvhttps://t.me/defimon_alerts/1339
forge test --contracts ./src/test/2025-06/Gangsterfinance.sol -vvv --evm-version shanghaihttps://t.me/defimon_alerts/1323
forge test --contracts ./src/test/2025-06/BankrollStack_exp.sol -vvv --evm-version shanghaiforge test --contracts ./src/test/2025-06/BankrollNetwork_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1935618109802459464
forge test --contracts ./src/test/2025-06/MetaPool_exp.sol -vvvhttps://x.com/peckshield/status/1934895187102454206
forge test --contracts ./src/test/2025-06/AAVEBoost_exp.sol -vvvhttps://x.com/CertiKAlert/status/1933011428157563188
forge test --contracts ./src/test/2025-06/unverified_8490_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1932309011564781774
forge test --contracts ./src/test/2025-05/Corkprotocol_exp.sol -vvv --via-ir --evm-version cancunhttps://x.com/SlowMist_Team/status/1928100756156194955
forge test --contracts ./src/test/2025-05/UsualMoney_exp.sol -vvvhttps://x.com/BlockSecTeam/status/1927601457815040283
forge test --contracts ./src/test/2025-05/YDTtoken_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1926587721885040686
forge test --contracts ./src/test/2025-05/RICE_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1926461662644633770
forge test --contracts ./src/test/2025-05/IRYSAI_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1925012844052975776
forge test --contracts ./src/test/2025-05/KRC_token_exp.sol -vvv --evm-version shanghaihttps://x.com/CertikAIAgent/status/1924280794916536765
forge test --contracts ./src/test/2025-05/Unwarp_exp.sol -vvvforge test --contracts ./src/test/2025-05/MBUToken_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1921474575965065701
https://x.com/CertiKAlert/status/1921483904483000457
forge test --contracts ./src/test/2025-05/Nalakuvara_LotteryTicket50_exp.sol -vvvNalakuvara_LotteryTicket50_exp.sol
https://x.com/TenArmorAlert/status/1920816516653617318
forge test --contracts ./src/test/2025-04/Lifeprotocol_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1916312483792408688
forge test --contracts ./src/test/2025-04/ImpermaxV3_exp.sol -vvvhttps://medium.com/@quillaudits/how-impermax-v3-lost-300k-in-a-flashloan-attack-35b02d0cf152
forge test --contracts ./src/test/2025-04/BTNFT_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1913500336301502542
forge test --contracts ./src/test/2025-04/YBToken_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1912684902664782087
forge test --contracts ./src/test/2025-04/Roar_exp.sol -vvvhttps://x.com/CertiKAlert/status/1912430535999189042
forge test --contracts ./src/test/2025-04/Unverified_6077_exp.sol -vvvforge test --contracts ./src/test/2025-04/Laundromat_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1909814943290884596
forge test --contracts ./src/test/2025-04/AIRWA_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1908086092772900909
forge test --contracts ./src/test/2025-03/LeverageSIR_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1906268185046745262
forge test --contracts ./src/test/2025-03/Alkimiya_io_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1906371419807568119
forge test --contracts ./src/test/2025-03/YziAIToken_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1905528525785805027
forge test --contracts ./src/test/2025-03/BBXToken_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1902651550733906379
forge test --contracts ./src/test/2025-03/DCFToken_exp.sol -vvv --evm-version shanghaihttps://x.com/Phalcon_xyz/status/1860890801909190664
forge test --contracts ./src/test/2025-03/wKeyDAO_exp.sol -vvv --evm-version shanghaihttps://x.com/Phalcon_xyz/status/1900809936906711549
forge test --contracts ./src/test/2025-03/H2O_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1900525198157205692
forge test --contracts ./src/test/2025-03/DUCKVADER_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1899378096056201414
forge test --contracts ./src/test/2025-03/UNI_exp.sol -vvvhttps://x.com/CertiKAlert/status/1897973904653607330
forge test --contracts ./src/test/2025-03/SBRToken_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1897826817429442652
forge test --contracts ./src/test/2025-03/OneInchFusionV1SettlementHack.sol -vvvOneInchFusionV1SettlementHack.sol
forge test --contracts ./src/test/2025-03/Pump_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1897115993962635520
forge test --contracts ./src/test/2025-02/HegicOptions_exp.sol -vvv[Pending]
forge test --contracts ./src/test/2025-02/unverified_35bc_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1893333680417890648
forge test --contracts ./src/test/2025-02/StepHeroNFTs_exp.sol -vvvhttps://x.com/SlowMist_Team/status/1892822286715277344
forge test --contracts ./src/test/2025-02/Bybit_exp.sol -vvvhttps://x.com/dhkleung/status/1893073663391604753
forge test --contracts ./src/test/2025-02/unverified_d4f1_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1890776122918309932
forge test --contracts ./src/test/2025-02/FourMeme_exp.sol -vvv --evm-version shanghaihttps://www.chaincatcher.com/en/article/2167296
forge test --contracts ./src/test/2025-02/PeapodsFinance_exp.sol -vvvhttps://blog.solidityscan.com/peapods-finance-hack-analysis-bdc5432107a5
forge test --contracts ./src/test/2025-01/ODOS_exp.sol -vvvforge test --contracts ./src/test/2025-01/Ast_exp.sol -vvvforge test --contracts ./src/test/2025-01/Paribus_exp.sol -vvvforge test --contracts ./src/test/2025-01/IdolsNFT_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1879376744161132981
forge test --contracts ./src/test/2025-01/Mosca2_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1878699517450883407
forge test --contracts ./src/test/2025-01/Unilend_exp.sol -vvvhttps://slowmist.medium.com/analysis-of-the-unilend-hack-90022fa35a54
forge test --contracts ./src/test/2025-01/RoulettePotV2_exp.sol -vvv --evm-version shanghaihttps://x.com/TenArmorAlert/status/1878008055717376068
forge test --contracts ./src/test/2025-01/JPulsepot_exp.sol -vvv --evm-version shanghaihttps://x.com/CertiKAlert/status/1877662352834793639
forge test --contracts ./src/test/2025-01/HORS_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1877032470098428058
forge test --contracts ./src/test/2025-01/LPMine.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1877030261067571234
forge test --contracts ./src/test/2025-01/IPC_exp.sol -vvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1876663900663370056
forge test --contracts ./src/test/2025-01/Mosca_exp.sol -vvv --evm-version shanghai[Pending]
forge test --contracts ./src/test/2025-01/sorraStaking.sol -vv --evm-version cancunhttps://x.com/TenArmorAlert/status/1875582709512188394
forge test --contracts ./src/test/2025-01/98Token_exp.sol -vvvv --evm-version cancunhttps://x.com/TenArmorAlert/status/1875462686353363435
forge test --contracts ./src/test/2025-01/LAURAToken_exp.sol -vvvhttps://x.com/TenArmorAlert/status/1874455664187023752
Foundry also has the ability to report the gas used per function call which mimics the behavior of hardhat-gas-reporter. Generally speaking if gas costs per function call is very high, then the likelihood of its success is reduced. Gas optimization is an important activity done by smart contract developers.
Every poc in this repository can produce a gas report like this:
forge test --gas-report --contracts <contract> -vvvFor Example: Let us find out the gas used in the Audius poc
Execution
forge test --gas-report --contracts ./src/test/Audius.exp.sol -vvvDemo
Moved to DeFiVulnLabs
Moved to DeFiLabs