Summary On September 21, 2022, an anonymous whitehat reported a critical severity bug in Mt Pelerin’s bridge-protocol-v2 via Immunefi, which could have allowed an attacker to drain the contract of funds. However, thanks to the efforts of the whitehat, no user funds were lost. …

Introduction Saddle Finance, an automated market maker (AMM) on Ethereum, was the victim of a series of transactions on April 30, 2022, that exploited deployed smart contracts. Over the course of three attack transactions, roughly $11m in crypto was taken. One of these three attacks was a whitehat who rescued roughly…

Starting today for the next three weeks, Immunefi is launching a Timebound Bug Bounty Program for its new, proof-of-capital Vault System. This smart contract Vault System allows projects on Immunefi to: Deposit funds in vaults to demonstrate they have funds to pay out bounties Send funds to whitehats on-chain via…

Introduction Cream Finance experienced a major exploit on October 27, 2021, resulting in a loss of $130m in available liquidity. In this article, we will be walking through and explaining the fundamental flaw that the protocol experienced before recreating our own proof of concept (PoC) that drains the protocol of millions…

Pwning.eth has earned a second Whitehat Hall of Fame NFT for his critical bug find in Moonbeam on May 27, 2022, following his first Hall of Fame NFT for finding a major vulnerability in Aurora. We’d like to congratulate pwning.eth for racking up win after win. This may not be…

Summary On June 10, an anonymous whitehat submitted a critical vulnerability to Aurora via Immunefi, which consisted of improper input sanitization. The Aurora team quickly fixed the issue, and no user funds were lost. Aurora then paid out a bounty of $1,000,000 in Aurora tokens, streamed linearly over a year. Immunefi…

Introduction Hundred Finance and Agave, lending protocols on the Gnosis Chain, were hit by reentrancy attacks on March 15 this year. These attacks drained the protocols of all collateral. …

Today, we’re announcing that we’ve raised $24m for our Series A round, led by Framework Ventures and joined by other investors like Samsung Next, Electric Capital, and Polygon Ventures. This is a momentous occasion for Immunefi and security in web3. …

Summary On June 16, an anonymous whitehat submitted a critical vulnerability to Aurora via Immunefi, which consisted of a withdrawal logic error. At the time of the submission, on block 14970303, 50550.9 ETH was on the vulnerable contract. Given that the average price for ETH that day was ~$1,245, the funds…