Optimism hacks in 2023

$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.

Attacker passed a fake market and forged permit to Exactly Protocol's DebtManager on Optimism; leverage() validated neither, draining $7.3M from 117 accounts.

Hundred Finance on Optimism lost $7M to a donation-attack variant: a rounding bug in the Compound v2 fork's exchange-rate code let tiny hWBTC drain the pool.

A missing access check in Sushi's RouteProcessor2 router let bots drain $3.3M in WETH from users with token approvals before a white-hat rescue.

Kokomo Finance, an Optimism Compound fork, rug-pulled $4M by pausing cBTC, pointing rewards at a malicious implementation, draining WBTC and deleting socials.

Curve read-only reentrancy on remove_liquidity drained $3.65M from dForce's wstETH/ETH pool on Arbitrum and Optimism. White hat returned all funds.