Source materials for on-chain exploit analyses published by @Defi_Nerd_sec. Based on Exploit Investigator Skill.
reports/ # Incident write-ups (Markdown + diagrams)
artifacts/ # On-chain data: tx traces, receipts, contract source, transfer logs
articles/ # Long-form analysis articles and cross-incident research
| Date | Chain | Incident | Report |
|---|---|---|---|
| 2026-05-11 | Polygon | Huma Finance V1 Deprecated Pools Credit Lifecycle Drain | report |
| 2026-05-11 | Polygon | INK Finance Treasury Drain via Whitelisted Claimer | report |
| 2026-05-10 | Arbitrum | Renegade Dark Pool Unprotected Initializer Drain | report |
| 2026-05-07 | BSC | White Eagle Withdraw Drain | report |
| 2026-05-07 | Ethereum | TrustedVolumes RFQ Proxy Drain | report |
| 2026-05-05 | Ethereum | WBTC Approval Drain via Ekubo Flash Accounting | report |
| 2026-04-29 | Base | Syndicate Commons Bridge Upgrade Compromise | report |
| 2026-04-29 | Sui | AftermathFi Perpetuals Negative Integrator Fee Collateral Inflation | report |
| 2026-04-28 | Ethereum | YieldCore RWAVault Unauthorized Withdrawal | report |
| 2026-04-28 | Ethereum | yvWETH Approval Arbitrary Command Drain | report |
| 2026-04-28 | Ethereum | QNT Pool Drain via EIP-7702 Admin EOA Delegation | report |
| 2026-04-28 | BSC | JUDAO Sell-Burn Reserve Manipulation | report |
| 2026-04-27 | Ethereum | Executor Missing Access Control USDC/USDT Drain | report |
| 2026-04-25 | Base | Singularity_Fi dynBaseUSDCv3 Oracle Share Inflation | report |
| 2026-04-23 | Ethereum | GiddyVaultV3 Signature Replay | report |
| 2026-04-18 | Ethereum | KelpDAO rsETH LayerZero Packet Drain | report |
| 2026-04-14 | BSC | BurnAddress / MONA Deferred LP Burn | report |
| 2026-04-13 | Ethereum | Hyperbridge ISMP Forged Proof DOT Mint | report |
| 2026-04-12 | Base | SubQuery Settings Access Control Staking Drain | report |
| 2026-04-05 | Linea | Denaria Finance Virtual AMM Manipulation | report |
| 2026-03-31 | Polygon | WhaleBit CES/IGT Staking Oracle Manipulation | report |
| 2026-03-31 | BSC | LML APower Reward-Claim Price Manipulation | report |
| 2026-03-31 | BSC | InfinitySix TWAP Stale Price | report |
| 2026-03-28 | Arbitrum | VTSwapHook Pricing Error | report |
| 2026-03-27 | BSC | EST BNBDeposit Claim Manipulation | report |
| 2026-03-22 | BSC | Cyrus Price Manipulation | report |
| 2026-03-22 | Ethereum | Escrow Overflow | report |
| 2026-03-18 | Ethereum | dTRINITY dLEND Index Manipulation | report |
| 2026-03-17 | Polygon zkEVM | KToken Redeem Logic Flaw | report |
| 2026-03-16 | Ethereum | USDC Permit Phishing Drain | report |
| 2026-03-15 | BSC | Venus Lending Exploit | report |
| 2026-03-12 | BSC | AM Burn Reserve Manipulation | report |
| 2026-03-12 | Ethereum | CoW Protocol Solver Exploit | report |
| 2026-03-12 | BSC | DBXen ERC2771 Confusion | report |
| 2026-03-11 | BSC | Gamma Lending Exploit | report |
| 2026-03-11 | BSC | Planet Finance Lending | report |
| 2026-03-11 | BSC | Wukong Staking Reentrancy | report |
| 2026-03-10 | Ethereum | Alkemi Self-Liquidation | report |
| 2026-03-09 | Ethereum | Gondi PurchaseBundler Drain | report |
| 2026-03-08 | Base | MOLT EVM Weak Spawner Access Control | report |
| 2026-03-05 | Ethereum | SOLV BRO Double Mint | report |
| 2026-03-04 | Base | Base Multi-Contract Exploit | report |
| 2026-03-03 | BSC | Inugami Staking Reward Debt Drain | report |
| 2026-03-03 | Ethereum | Uniswap V4 Hook Swap Drain | report |
| 2026-03-02 | Ethereum | sDOLA LlamaLend Oracle Manipulation | report |
| 2026-03-01 | BSC | BUBU2 Fee Token Staking Drain | report |
| 2026-02-28 | BSC | Movie Token Burn Manipulation | report |
| 2026-02-26 | Ethereum | Aave Fork Undercollateralized Borrow | report |
| 2026-02-25 | BSC | HPay Staking ForceExit Drain | report |
| 2026-02-23 | BSC | STO Deflationary Burn Drain | report |
| 2026-02-22 | Ethereum | TARA DODO CoopPool Exploit | report |
| 2026-02-20 | Base | Veil Cash Groth16 Forgery | report |
| 2026-02-16 | BSC | Fee Token Skim Exploit | report |
| 2026-02-13 | Ethereum | Uniswap Router Approval Abuse | report |
| 2026-02-08 | Ethereum | ERC1155 Bonding Curve Reentrancy | report |
| 2026-02-07 | Ethereum | USDe Safe Module Flashloan | report |
| 2026-02-04 | Ethereum | NEUTRL nUSD Internal Balance | report |
| 2026-02-04 | Ethereum | reUSD SingleAdapterRouter Withdraw | report |
| 2026-02-01 | Ethereum | EYWA PortalV2 Axelar | report |
| 2026-01-30 | Ethereum | Gyro Finance CCIP Escrow | report |
| 2026-01-28 | BSC | XPL | report |
| 2026-01-20 | Ethereum | Makina Oracle Manipulation | report |
| 2026-01-10 | Arbitrum | FutureSwap | report |
| 2026-01-05 | Arbitrum | TMX Tribe | report |
| Title | Path |
|---|---|
| Rhea Finance Margin Trading Exploit (NEAR) | article |
Publishable reports may include an explicit metadata contract next to the final report:
reports/<incident>/report.md
reports/<incident>/publish.json
publish.json is the authoritative source for website publication metadata. The generation scripts in this repository convert report bundles into mature Hugo page bundles and write only final index.md files into darknavysecurity.github.io.
Generated site pages remove the source report's first Markdown # heading because the Hugo layout renders publish.json.title as the page heading. Keep publish.json.title aligned with the report H1 and prefer the most complete, user-facing title.
Required publish.json fields:
titleslugdatechainchain_displaytx_hashlossvuln_type
Optional fields:
summarydescription
Local dry run:
python3 scripts/sync_reports_to_site.py --source-repo . --output-dir /tmp/exploit-site-previewFor educational and research purposes only.