Decentralized Intelligence AG

An attacker made 130.6222 ETH ($285,927.84 USD) 9 days ago with blockchain transaction 0xc3f70057e261af554c6acf6a372389899f0c2d7d1ebd27311e39525dee88fb39. *Only 9 core function calls*. Check it out and try for yourself! 🤑 app.d23e.ch/simplify/f9347…

🛡️ Why Understanding the Root Cause of an Attack Matters 👀 Attacks often exploit vulnerabilities that can resurface in forked projects across different chains. By understanding the core logic early, we can secure similar projects faster. At D23E, our simple yet powerful…

Attack Throwback 🚨The iVest Token Exploit (August 12, 2024) Root cause: Vulnerabilities in the custom transfer function, specifically the __MakeDonation feature, allowed attackers to manipulate the token’s price by altering the balance in the swap pool during transfers. 💡…

Attack Throwback 🚨 The SushiSwap Hack (March 2023) Root cause: The RouteProcessor2 contract failed to validate user-provided route parameters in its processRoute function. This allowed attackers to specify malicious pools and exploit the uniswapV3SwapCallback function, draining…

Attack Throwback 🚨 Check out how a simple free mint can let you extract 1.82 ETH of free money: app.d23e.ch/fuzzer?chain=e… 💡 More importantly, this vulnerability was detected by D23E's state-of-the-art fuzzer. Protect your projects now! 🔓

Attack Throwback🚨 XStable Protocol An attacker exploited a flaw in the $XST token's reward logic. The contract misidentified "purchases" when the sender was a supported Uniswap pool, even during internal transfers like skim(). By triggering skim() on Pool2, the attacker…

Attack Throwback 🚨 On July 23, 2024, Spectra Protocol was attacked, resulting in a $73K loss. Root cause? Insufficient input validation allowed attackers to control which contracts the protocol called and with what parameters, enabling unauthorized token transfers. 💡 This…

Attack Throwback --- Learning from the past 🚨 In March 2024, Unizen DEX suffered a $2.1M exploit after upgrading their aggregation contract to reduce gas fees. What went wrong? The upgrade introduced an unsafe external call vulnerability, enabling attackers to drain funds from…

Once you launch a fuzzing job, we show you the transactions/second and MGas/second that the fuzzer is searching through the search tree of smart contract calls.

Attack Throwback 😼 A case with 5 relevant contracts. The attacker took a flash loan of ETH and swapped it to PNT token. After calling convertAndBurn, he was able to exchange it back at a gain of 1.7 ETH.