Smart Contract Bug attacks in 2022

$3.2M drained from Skyward Finance on NEAR via a treasury accounting flaw that let the attacker redeem SKYWARD repeatedly against the same balance.

Team Finance lost $15.8M in a Uniswap v2-to-v3 migration: locked tokens moved to a skewed v3 pair and refunded as 'leftover' for $2,700 in gas. $7M returned.

$2.3M drained from TempleDAO's StaxLPStaking after migrateStake() failed to validate the caller, letting anyone migrate another staker's full position.

Transit Swap users with infinite approvals lost $21M when claimTokens failed to validate which token to call transferFrom on. 70% returned after on-chain talks.

A fake tick account bypassed Crema's owner check and harvested fictitious fees via CLMM accounting, draining $9.6M on Solana. $8M returned in white-hat deal.

Gym Network on BNB Chain lost $2.1M after a deposit function accepted a referrer signature without validating it, letting the attacker mint huge GYMNET rewards.

Saddle's sUSDv2 metapool lost $11.9M when a known MetaSwapUtils bug was redeployed by mistake; BlockSec's bots front-ran $3.97M to safety, cutting the net loss.

Two missing collateral checks let an attacker mint 2 billion fake CASH stablecoins on Cashio, dropping TVL from $48M to zero in one transaction.

~$1.4M of NFTs stolen from TreasureDAO's marketplace after the buy function failed to check that quantity produced a non-zero price, enabling free buys.

$8.7M drained from Superfluid after a malicious 'context' passed to its host contract let the attacker spoof the caller and execute privileged streams.

~$3M drained from Tinyman, Algorand's main AMM, via a swap/burn logic flaw in pool-token operations that let attackers extract assets across many pools.