Attack × Chain dossier

Smart Contract Bug attacks on Optimism

Total losses

$94.2M

6 incidents

№ 001Smart Contract BugMay 14, 2024
Sonne Finance Donation Attack
Sonne Finance lost $20M on Optimism to a 'donation attack', a well-known Compound v2 fork exploit hitting the gap between deploying and seeding a new market.
Sonne FinanceOptimismFunds Stolen
Loss
20.0M
USD
№ 002Smart Contract BugApril 26, 2024
Pike Finance Uninitialized Proxy
$1.9M drained from Pike Finance after uninitialized upgradeable contracts let an attacker seize ownership and drain CCIP-bridged assets.
Pike FinanceEthereumArbitrumOptimismFunds Stolen
Loss
1.9M
USD
№ 003Smart Contract BugNovember 22, 2023
KyberSwap Elastic Precision Bug
$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.
KyberSwapEthereumArbitrumOptimismPolygonBaseFunds Stolen
Loss
54.7M
USD
№ 004Smart Contract BugAugust 18, 2023
Exactly Protocol Periphery Exploit
Attacker passed a fake market and forged permit to Exactly Protocol's DebtManager on Optimism; leverage() validated neither, draining $7.3M from 117 accounts.
Exactly ProtocolOptimismFunds Stolen
Loss
7.3M
USD
№ 005Smart Contract BugApril 15, 2023
Hundred Finance Exchange-Rate Manipulation
Hundred Finance on Optimism lost $7M to a donation-attack variant: a rounding bug in the Compound v2 fork's exchange-rate code let tiny hWBTC drain the pool.
Hundred FinanceOptimismFunds Stolen
Loss
7.0M
USD
№ 006Smart Contract BugApril 9, 2023
Sushi RouteProcessor2 Approval Bug
A missing access check in Sushi's RouteProcessor2 router let bots drain $3.3M in WETH from users with token approvals before a white-hat rescue.
SushiSwapEthereumArbitrumPolygonOptimismPartially Recovered
Loss
3.3M
USD

Sonne Finance Donation Attack

Pike Finance Uninitialized Proxy

KyberSwap Elastic Precision Bug

Exactly Protocol Periphery Exploit

Hundred Finance Exchange-Rate Manipulation

Sushi RouteProcessor2 Approval Bug