HACK REPLAY LIBRARY

12 famous exploits. Encoded as patterns.

For each famous exploit below, Elytra has a static-analysis pattern that fires on related code. We do not claim we would have prevented these hacks — that's unprovable. What we claim is that if your code has the same shape, the playground will flag it before you ship.

Encoded · live

Partial · heuristic

Combined losses

$3.04B

PATTERN ENCODEDSupply chain· Feb 2025

Bybit

Stolen

$1.46B

What went wrong

Safe{Wallet}'s S3-hosted frontend bundle was tampered to display a legit tx while signing a malicious one to Ledger hardware wallets. The vulnerability was in the deploy pipeline, not in any Solidity contract.

What Elytra checks

Workflow files (.github/workflows/*) using actions pinned to mutable refs (@main, @master, version tags) instead of full commit SHAs.

cp-hack-bybit-unpinned-action-checkout

Demo receipt →

PARTIAL · REVIEWValidator concentration· Mar 2022

Ronin Bridge

Stolen

$625M

What went wrong

5-of-9 validator set where 4 were operated by Sky Mavis and 1 was a 'temporarily' delegated key never revoked. Single team compromise reached the threshold.

What Elytra checks

Bridge contracts with hardcoded signature thresholds in the 4-6 range — flagged as concentration risk relative to common deployments.

cp-hack-ronin-low-validator-threshold

PARTIAL · REVIEWFlash loan + donation· Mar 2023

Euler Finance

Stolen

$197M

What went wrong

donateToReserves() let an attacker artificially push their own account into an unhealthy state, then self-liquidate at a discount.

What Elytra checks

Donate-shaped functions in lending/vault contexts. Real exploit requires checking the health-calc + liquidation path, which a regex cannot reason about — flagged for manual review.

cp-hack-euler-donate-self-liquidation

PATTERN ENCODEDGovernance flash loan· Apr 2022

Beanstalk

Stolen

$182M

What went wrong

Governance proposals could be executed in the same block they passed. Attacker flash-loaned BEAN, voted yes on a self-draining proposal, executed atomically.

What Elytra checks

execute / propose-and-execute functions without timelock keywords or block.timestamp checks in the immediate context.

cp-hack-beanstalk-instant-governance

Demo receipt →

PATTERN ENCODEDBridge admin compromise· Jul 2023

Multichain

Stolen

$126M

What went wrong

Bridge admin keys controlled by a single person (the CEO). When detained, attackers (or insiders) drained MPC-controlled addresses.

What Elytra checks

Bridge withdraw / unlock / mint functions gated only by onlyOwner/onlyAdmin with no multisig or threshold keywords nearby.

cp-hack-multichain-single-admin-bridge

PATTERN ENCODEDCompiler bug· Jul 2023

Curve Finance

Stolen

$73M

What went wrong

Vyper 0.2.15 – 0.3.0 generated broken reentrancy locks. Multiple pools were exploitable even though source code used @nonreentrant correctly.

What Elytra checks

Vyper @version directives pinned to 0.2.15, 0.2.16, or 0.3.0. Deterministic check on the version string — no ambiguity.

cp-hack-curve-vyper-version

PATTERN ENCODEDMultisig social engineering· Oct 2024

Radiant Capital

Stolen

$53M

What went wrong

INLETDRIFT malware on a developer machine intercepted the Gnosis Safe UI mid-signature. Three multisig members signed a malicious tx believing it was legit.

What Elytra checks

transferOwnership functions with no two-step / Ownable2Step pattern and no timelock in adjacent context.

cp-hack-radiant-immediate-ownership-transfer

PATTERN ENCODEDPrivileged sweep· Apr 2025

zkSync Airdrop

Stolen

$5M

What went wrong

An admin key was compromised. The attacker called sweepUnclaimed() to mint 111M tokens in a single transaction. No timelock or multisig was required.

What Elytra checks

Functions named sweep* / drain* / rescue* / emergencyWithdraw* / forceMint* gated only by onlyOwner or onlyAdmin.

cp-hack-zksync-admin-sweep-no-timelock

PARTIAL · REVIEWOracle manipulation· Oct 2021

Cream Finance

Stolen

$130M

What went wrong

Collateral price computed from spot vault share supply. Attacker flash-loaned to inflate share supply, the oracle reported the manipulated value, and the attacker borrowed against fictitious collateral.

What Elytra checks

Pricing functions that compute totalSupply × X or balanceOf × X without TWAP or Chainlink fallback nearby.

cp-hack-cream-spot-share-pricing

PARTIAL · REVIEWSignature verification· Feb 2022

Wormhole

Stolen

$325M

What went wrong

Guardian signature verification path used a stub set lookup with no strict hash check. Forged signatures against an empty / default set were accepted.

What Elytra checks

ecrecover usage in signature verification paths without an adjacent setHash / guardianSet equality check.

cp-hack-wormhole-unchecked-signature-set

PARTIAL · REVIEWTrusted-root init bug· Aug 2022

Nomad Bridge

Stolen

$190M

What went wrong

An upgrade initialised the trusted-root mapping to 0x00. Any message with a zero-bytes proof became 'valid'. 300+ copy-paste attackers drained the bridge within hours.

What Elytra checks

Trusted-root / merkle-root lookups that don't explicitly reject the zero hash before treating it as a valid proof anchor.

cp-hack-nomad-zero-root-acceptance

PARTIAL · REVIEWOracle manipulation· Oct 2022

Mango Markets

Stolen

$114M

What went wrong

Mango used a thin spot-AMM oracle for MNGO collateral. The attacker pumped MNGO price ~10× via CEX wash trades, the oracle reported it, and they borrowed $114M.

What Elytra checks

Borrowing / liquidation functions reading getPrice / latestAnswer with no TWAP, deviation, or staleness check in the immediate context.

cp-hack-mango-single-source-oracle

The honest version: Pattern matching is fast, cheap, and useful. It is not symbolic execution. It will not catch business-logic bugs. A finding labelled partial means the rule fires on the shape of the vulnerability but cannot verify the full exploit chain — treat each as “manual review needed.”

Check your contract against all 12

Drop a Base address. Free, no signup. Receipt page generated for every scan.

Run preflight scan →