doc: add documentation required for merge

SunWeb3Sec · Mar 23, 2024 · fa5cbda · fa5cbda
1 parent 92fc8dd
commit fa5cbda
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/past/2021/README.md b/past/2021/README.md
@@ -3,7 +3,6 @@
 ## Before 2021 - List of Past DeFi Incidents
 
 40 incidents included.
-
 [20211221 Visor Finance](#20211221-visor-finance---reentrancy)
 
 [20211218 Grim Finance](#20211218-grim-finance---flashloan--reentrancy)
@@ -34,6 +33,8 @@
 
 [20210804 WaultFinance](#20210804-waultfinace---flashloan-price-manipulation)
 
+[20210803 Popsicle](#20210803-popsicle---repeated-reward-claim---logic-flaw)
+
 [20210728 Levyathan Finance](#20210728-levyathan-finance---i-lost-keys-and-minting-ii-vulnerable-emergencywithdraw)
 
 [20210710 Chainswap](#20210710-chainswap---bridge-logic-flaw)
@@ -84,6 +85,25 @@
 
 [20171106 Parity - 'Accidentally Killed It'](#20171106-parity---accidentally-killed-it)
 
+
+
+### 20210803 Popsicle - Repeated Reward Claim - Logic Flaw
+
+### Lost: 20M
+
+
+```sh
+forge test --contracts ./src/test/Popsicle_exp.sol -vvv
+```
+#### Contract
+[Popsicle_exp.sol](src/test/Popsicle_exp.sol)
+### Link reference
+
+https://blocksecteam.medium.com/the-analysis-of-the-popsicle-finance-security-incident-9d9d5a3045c1
+
+---
+
+
 ### 20211221 Visor Finance - Reentrancy
 
 #### Lost: $8.2 million

diff --git a/src/test/Popsicle_exp.sol b/src/test/Popsicle_exp.sol
@@ -328,7 +328,20 @@ contract TokenVault {
         (succ,) = target.call(dataTocall);
     }
 }
-//Note most of the vault attacks are in profit excent for wbtc and dai balances,something to check later,overall the poc is correct
+
+// @KeyInfo - Total Lost : 20M
+// Attacker : https://etherscan.io/address/0xf9E3D08196F76f5078882d98941b71C0884BEa52
+// Attack Contract : https://etherscan.io/address/0xdFb6faB7f4bc9512d5620e679E90D1C91C4EAdE6
+// Vulnerable Contract : https://etherscan.io/address/0xc4ff55a4329f84f9Bf0F5619998aB570481EBB48
+// Attack Tx : https://etherscan.io/tx/0xcd7dae143a4c0223349c16237ce4cd7696b1638d116a72755231ede872ab70fc
+
+// @Info
+// Vulnerable Contract Code : https://etherscan.io/address/0xc4ff55a4329f84f9Bf0F5619998aB570481EBB48#code
+
+// @Analysis
+// Post-mortem : https://blocksecteam.medium.com/the-analysis-of-the-popsicle-finance-security-incident-9d9d5a3045c1
+// Twitter Guy : https://twitter.com/BlockSecTeam/status/1422786223156776968
+// Hacking God : https://twitter.com/BlockSecTeam/status/1422786223156776968
 
 contract PopsicleExp is Test {
     using SafeERC20 for IERC20;