Beanstalk's convertFacet function failed to validate the Well address parameter, allowing attackers to supply a malicious contract that could return arbitrary BEAN amounts and set conversion costs to zero, enabling theft of protocol funds without proper token withdrawal. The fix added validation to ensure the Well address is whitelisted and that the fromAmount is always non-zero.
Raydium's increase_liquidity function failed to validate whether remaining_accounts[0] was the correct TickArrayBitmapExtension account, allowing attackers to manipulate tick states and drain liquidity pools by bypassing intended price boundary checks. The whitehat discovered this critical flaw on January 10, 2024, and received a $505,000 bounty.
Enzyme Finance had a critical missing privilege check vulnerability in its GasRelayPaymasterLib contract where the paymaster failed to validate the trusted forwarder's address, allowing attackers to bypass signature verification and drain the Vault by crafting malicious relayCall transactions. Whitehat rootrescue discovered and responsibly disclosed the bug, earning a $400,000 bounty.
Polygon's proof-of-stake consensus mechanism contained a vulnerability in its staking smart contract that allowed attackers to bypass the ⅔ consensus threshold by decreasing total staking power, potentially enabling fund drainage and unlimited withdrawals. Whitehat Niv Yehezkel discovered and reported the bug, which was patched and rewarded with a $75,000 bounty.