Last Issues (27)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 7 | 1 | - | - | 8 |
Fixed | 13 | 5 | 1 | - | 19 |
| Total | 20 | 6 | 1 | 0 | 27 |
None
not_fixed/medium
None
None
not_fixed/low
None
None
not_fixed/low
None
None
not_fixed/low
None
None
not_fixed/low
None
None
not_fixed/low
None
None
not_fixed/low
None
None
not_fixed/low
None
Reported rekts
Penpie
fixed/high
Quick Summary On September 3, 2024, the yield protocol Penpie was exploited for $27 million through a reentrancy vulnerability in its smart contracts. Details of the Exploit The attacker exploited a reentrancy vulnerability by creating valueless versions of Pendle’s yield-bearing tokens (Standardized Yield, SY) and linking them to valuable assets. They deployed five malicious contracts mimicking legitimate liquidity pools, tricking Penpie’s rewards system. Using these fake SY tokens, they claimed real yield and executed three attack transactions between 6:25 PM and 6:42 PM UTC, siphoning $15.7 million in the first transaction and $5.6 million in the other two. The attacker stole various assets including 695 rswETH, 4,101 agETH, 2,723 wstETH, and 2.52 million sUSDe. Pendle’s team managed to pause the contracts three minutes after the final attack, preventing further exploitation. Block Data Reference Exploiter: https://etherscan.io/address/0x2f2dde668e5426463e05d795f5297db334f61c39 https://etherscan.io/address/0x69751b7e52dbbd64281ec9049dfa623c7ecdeb52 https://etherscan.io/address/0x28e3fd9edca8fccb912fe3ab36c78f96cfc74769 https://etherscan.io/address/0x7a2f4d625fb21f5e51562ce8dc2e722e12a61d1b
Audits (2)
| # | Name | Auditor | Date | Chains | Issues |
|---|---|---|---|---|---|
| 1 | Penpie Smart Contracts Review | Zokyo | 2023/07/13 | Off-Chain (Private) | No active critical issues |
| 2 | Penpie Smart Contract Review | Zokyo | 2023/06/22 | Off-Chain (Private) | No active critical issues |