Reentrancy attacks in 2021

Visor Finance's staking contract lost $8.2M to a reentrancy in the delegateTransferERC20 path. VISR fell 95% same-day; Visor migrated to a new token.

Grim Finance vaults on Fantom lost $30M to a 5-loop reentrancy in depositFor that faked extra deposits mid-call. TVL collapsed from $98.9M to $4.2M.

$18.8M drained from Cream Finance v1 lending markets via a reentrancy bug in the AMP token's ERC-777 transfer hook — the second of Cream's three 2021 exploits.

BurgerSwap on BNB Chain didn't validate swap-path tokens, letting a fake token's transfer callback re-enter the pool mid-swap and drain $7.2M in reserves.

2,600 ETH ($10M, 60% of pool) drained from Rari's Ethereum Pool after its Alpha Finance ibETH integration allowed arbitrary external calls enabling reentrancy.