Skip to main content
Use this section when you want to understand why a real exploit worked and which assertion pattern would have blocked it. If you already know the kind of invariant you want and just need examples, use the assertion pattern catalog. These pages analyze real-world hacks and demonstrate how assertions could have prevented them. They show how assertions work as a safety net by catching failures that might slip through audits and testing. Each analysis includes:
  • Detailed explanation of the attack mechanism
  • Root cause analysis of the vulnerability
  • Specific assertion code that would have prevented the exploit

Access Control & Administrative Vulnerabilities

Bybit - Compromised Safe Wallet UI

Attack Type: UI Compromise + Implementation Change Loss: $1.4B USD Root Cause: Compromised frontend showed fake transactions while changing proxy implementation Prevention: Implementation address change assertions and transaction validation

Radiant Capital Hack

Attack Type: Ownership Takeover Loss: $58M+ USD Root Cause: Attackers gained control of multisig signers and changed ownership of lending pools Prevention: Owner change assertions with proper validation and whitelisting Attack Type: Private Key Compromise + Multisig Manipulation Loss: $39.3M USD Root Cause: Compromised private keys enabled rapid multisig reconfiguration and threshold reduction Prevention: Threshold protection assertions, owner whitelisting, and cooling periods

Arithmetic & Calculation Errors

Balancer V2 Rate Manipulation Exploit

Attack Type: Rounding Error Accumulation Loss: $120M+ USD Root Cause: Accumulated rounding errors in stable pool invariant calculation manipulated exchange rates Prevention: Rate change bounds assertions detecting drastic pool rate changes within single transactions

Bunni XYZ Rounding Error Exploit

Attack Type: Rounding Error + Liquidity Manipulation Loss: $8.4M USD Root Cause: Rounding error in withdrawal mechanism led to disproportionate liquidity decreases Prevention: Withdrawal proportionality assertions ensuring balance decreases match share burns

Abracadabra Rounding Error Attack

Attack Type: Rounding Error Exploitation Loss: $6.5M USD Root Cause: Rounding error in RebaseToken mechanism allowed base value inflation Prevention: Invariant checks ensuring debt shares consistency

Vestra DAO Hack

Attack Type: Unchecked State Flag Loss: Protocol drained Root Cause: Missing validation of isActive flag in unstake function Prevention: State flag validation assertions

Compound Upgrade Bug

Attack Type: Logic Error in Upgrade Loss: $280K USD (limited by quick response) Root Cause: One-letter bug (> instead of >=) in reward calculation Prevention: Maximum reward rate validation assertions

Oracle & Price Manipulation

GMX v1 AUM Manipulation Hack

Attack Type: Reentrancy + AUM Manipulation Loss: $42M USD Root Cause: Reentrancy vulnerability allowed artificial AUM inflation Prevention: AUM manipulation bounds assertions and atomic state consistency

KiloEx Price Oracle Manipulation

Attack Type: Access Control + Price Manipulation Loss: $7.5M USD Root Cause: Lack of access controls in MinimalForwarder allowed price manipulation Prevention: Price deviation assertions and access control validation

Vicuna Finance Oracle Manipulation

Attack Type: LP Token Oracle Manipulation Loss: $700K USD Root Cause: LP tokens priced using simple sum formula instead of fair pricing Prevention: Price deviation assertions monitoring oracle changes per call

Cream Finance 2

Attack Type: Price Manipulation Loss: $130M USD Root Cause: Sudden price manipulation through asset donation to vault Prevention: Price deviation monitoring assertions

Protocol Logic Vulnerabilities

Abracadabra GMX V2 Cauldron Exploit

Attack Type: Accounting Bug Loss: $13.4M USD Root Cause: Phantom collateral created when tokens extracted without updating order value Prevention: Collateral tracking assertions ensuring borrowed amounts never exceed actual collateral

Abracadabra CauldronV4 Cook Function Exploit

Attack Type: Logic Flaw in Action Sequencing Loss: $1.8M USD Root Cause: Action sequence [5, 0] allowed solvency check flag to be set then immediately cleared Prevention: Post-transaction solvency assertions enforcing outcome-based validation

Euler Finance Donation Hack

Attack Type: Missing Health Check Loss: $197M USD Root Cause: Donation function lacked health factor validation Prevention: Health factor assertions after all state changes

Visor Finance Unrestricted Mint

Attack Type: Unrestricted Token Minting Loss: Protocol funds Root Cause: Anyone could mint reward tokens without proper validation Prevention: Collateralization ratio assertions

First Depositor Bug

Attack Type: Share Price Manipulation Loss: Various protocols affected Root Cause: First depositor can manipulate exchange rate through donation Prevention: Minimum supply assertions and exchange rate validation