Threshold Network's L2WormholeGateway contract contained a critical vulnerability allowing attackers to mint unlimited canonical L2 tBTC by exploiting the depositWormholeTbtc function through reentrancy via a malicious ERC20 token's transfer callback. The vulnerability was discovered via Immunefi bug bounty, patched by removing the vulnerable function and adding reentrancy protection, with no funds lost.
A reentrancy vulnerability in TectonicStakingPoolV3 allows attackers to mint xTonic tokens for free by injecting a malicious token into swap paths during performConversionForTokens() calls, enabling theft of over $2.5M with minimal capital ($23K TONIC). The attack exploits unwhitelisted intermediate swap path tokens to gain execution control and stake during balance calculations.
ANKR's distributeRewards() function on BSC receives 12,300 gas per call instead of the intended 10,000 due to the protocol's 2,300 free gas stipend for value transfers, increasing gas costs and slightly elevating reentrancy attack risk, though the gas amount remains below typical exploit thresholds.