uups-checker 1.0.0

package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md

@@ -0,0 +1,771 @@
+# BlockSec Security Incident Knowledge Base
+## Comprehensive DeFi Attack Pattern Analysis (2026)
+
+**Source**: [BlockSec Security Incident Library](https://blocksec.com/security-incident)  
+**Coverage**: 259+ incidents with losses over $100K  
+**Total Losses Tracked**: $2.9B+  
+**Analysis Period**: January - March 2026
+
+---
+
+## Table of Contents
+
+1. [Attack Pattern Categories](#attack-pattern-categories)
+2. [Critical Incidents (March 2026)](#critical-incidents-march-2026)
+3. [Attack Mechanisms Deep Dive](#attack-mechanisms-deep-dive)
+4. [Mitigation Strategies](#mitigation-strategies)
+5. [Key Learnings](#key-learnings)
+
+---
+
+## Attack Pattern Categories
+
+### 1. **Empty Market / First Depositor Attacks**
+- **dTRINITY (dLEND)** - $257K - Precision Loss
+- Mechanism: Inflate liquidity index through repeated flash loan premiums when reserve is near-empty
+- Root cause: No minimum liquidity lock at reserve initialization
+
+### 2. **Oracle Manipulation & Misconfiguration**
+- **YieldBlox DAO** - $10M+ - Oracle price manipulation on shallow USTRY/USDC market
+- **AAVE** - $1M - Incorrect wstETH oracle configuration (snapshot ratio mismatch)
+- **Ploutos** - $390K - Oracle misconfigured to BTC/USD feed for USDC
+- **Venus** - $2.1M - Donation attack + market manipulation on THE token
+- **sDOLA Llamalend** - $239K - ERC4626 donate() price manipulation
+
+### 3. **Private Key Compromise**
+- **Resolv** - $50M - Compromised infrastructure key enabled unauthorized USR stablecoin minting
+- **IoTeX ioTube** - $4.4M - Bridge validator private key compromise
+- **Moonwell** - $1.78M - Oracle misconfiguration leading to bad debt
+
+### 4. **Business Logic Flaws**
+- **BCE Token** - $679K - Bypass buy/sell limits via malicious contracts + burn mechanism manipulation
+- **AM Token** - $131K - Deferred burn mechanism exploitation
+- **DBXen** - $149K - `_msgSender()` vs `msg.sender` inconsistency
+- **MT Token** - $242K - Flawed trading restrictions + deflationary token manipulation
+- **BitcoinReserveOffering** - $2.7M - Double-minting during full ERC-3525 SFT deposits
+
+### 5. **Access Control Failures**
+- **MoltEVM** - $127K - Trivially spoofed interface check for privileged minting
+- **Fun.xyz** - $85.7K - Missing access control on `bridge()` function
+- **ShiMama** - $35K - No access control on `executePairBurn()`
+- **V4 Router** - $42K - Hardcoded calldata offset bypass
+
+### 6. **Deflationary Token Exploits**
+- **LEDS** - $64K - Multiple unguarded burn mechanisms chained in single transaction
+- **BUBU2** - $19.7K - Time-accumulated deflationary mechanism with manipulable interval
+- **LAXO** - $137K - Flawed burn on transfer to pair
+- **STO** - $16.1K - Burn mechanism inflates price during sells
+
+### 7. **Accounting & State Management Errors**
+- **Keom** - $35K - `redeemFresh()` doesn't recompute `redeemAmount` after capping shares
+- **ACPRoute** - $58K - Job state loaded as memory copy instead of storage reference
+- **HedgePay** - $15.7K - `forceExit()` doesn't update staked balances
+- **Planet Finance** - $10K - Discount applied to principal instead of interest
+- **Alkemi** - $89K - Liquidation accounting overwrite (reduced balance overwritten by rewarded balance)
+- **Goose Finance** - $8K - Share pricing before reward settlement
+
+### 8. **Cryptographic & Verification Flaws**
+- **FOOMCASH** - $2.26M - Vulnerable Groth16 proof setup (gamma == delta == G2)
+- **CrossCurve** - $2.8M - Permissionless `expressExecute()` bypassed Axelar Gateway validation
+- **Unknown Contract** - $180K - Empty signature array bypass
+
+### 9. **Randomness & Game Theory Exploits**
+- **BlindBox** - $99K - Weak randomness (predictable after 256 blocks) + manipulable TWAP
+- **EtherFreakers** - $25K - Double counting in NFT energy transfer hook
+
+### 10. **Reentrancy & Callback Exploits**
+- **Oiler** - Multiple vectors (LP proxy, approval, reentrancy)
+- **XFI Staking** - Arithmetic underflow in staking contracts
+
+---
+
+## Critical Incidents (March 2026)
+
+### Week of March 16-22, 2026
+**Total Losses**: ~$82.7M across 7 incidents
+
+#### 1. Resolv Protocol - $50M (Infrastructure Compromise)
+
+- **Date**: March 22, 2026
+- **Chain**: Ethereum
+- **Root Cause**: Compromised privileged key (SERVER_ROLE)
+- **Attack Vector**: 
+  - Attacker obtained control of infrastructure signing key
+  - Called `completeSwap()` without collateral backing
+  - Minted 80M+ uncollateralized USR tokens
+  - No on-chain mint preconditions enforced
+- **Impact**: $50M direct loss + cross-protocol contagion (USR used as collateral in lending markets)
+- **Key Lesson**: Stablecoin safety requires hard on-chain mint preconditions, not just trusted operator roles
+
+#### 2. dTRINITY (dLEND) - $257K (Empty Market Attack)
+- **Date**: March 17, 2026
+- **Chain**: Ethereum
+- **Root Cause**: Empty market vulnerability in Aave V3 fork
+- **Attack Mechanism**:
+  1. **Setup**: Deposit minimal cbBTC, withdraw to leave 1 scaled share
+  2. **Index Inflation**: Execute 150 flash loans with 0.05% premium each
+     - Each premium: `nextLiquidityIndex = ((amount / totalLiquidity) + 1) * reserve.liquidityIndex`
+     - With totalLiquidity ≈ 0, index grows exponentially
+     - Final index: 6,226,621,999,999,999,999,999,999,979,728,276 (from 1e27)
+  3. **Exploitation**: Deposit small amount → mints 1 share, withdraw large amount → burns 1 share
+  4. **Profit**: Rounding asymmetry allows overborrowing of dUSD
+- **Transactions**: 
+  - 0x8d33d6...40ae7139 (index manipulation)
+  - 0xbec4c8...4fc33260 (profit extraction)
+- **Mitigation**: Enforce minimum supply threshold at reserve initialization
+
+#### 3. Venus Protocol - $2.15M (Donation Attack + Market Manipulation)
+- **Date**: March 15, 2026
+- **Chain**: BNB Chain
+- **Root Cause**: Supply cap only applied to mint path, not direct donations
+- **Attack Flow**:
+  1. Built 12.2M THE position (84% of 14.5M supply cap)
+  2. Donated 36M THE directly to vTHE market contract
+  3. Inflated exchangeRate by 3.81x: `exchangeRate = (cash + borrows - reserves) / totalSupply`
+  4. Simultaneously manipulated THE spot price from $0.20 to $0.51
+  5. Borrowed $14.9M in liquid assets (3.67x supply cap)
+  6. Position liquidated across 8,048 transactions by 254 bots
+  7. Venus left with $2.15M bad debt
+- **Warning Signs**: On-chain signals visible for months before attack
+- **Key Lesson**: Each defense layer assumed others would hold; need automated circuit breakers
+
+#### 4. Fun.xyz - $85.7K (Access Control Failure)
+- **Date**: March 17, 2026
+- **Chain**: Polygon
+- **Root Cause**: Legacy CheckoutPool exposed `bridge()` without access control
+- **Vulnerability**:
+  - `bridge()` callable by anyone after `deposit()`
+  - No validation of bridgeParams.callData against intended recipient
+  - Legacy contract retained operator privileges in CheckoutPaymaster
+- **Attack**: Crafted bridgeParams to call CheckoutPaymaster.activateAndCall() → redirected funds
+- **Mitigation**: Strict access control + calldata-to-recipient binding + remove stale privileges
+
+#### 5. Keom Protocol - $35K (Accounting Error)
+- **Date**: March 18, 2026
+- **Chain**: Polygon zkEVM
+- **Root Cause**: `redeemFresh()` caps shares but doesn't recompute underlying amount
+- **Vulnerability**:
+  ```solidity
+  redeemAmount = redeemAmountIn; // User-controlled
+  redeemTokens = redeemAmount / exchangeRate;
+  if (redeemTokens > accountTokens[redeemer]) {
+      redeemTokens = accountTokens[redeemer]; // Capped
+      // BUG: redeemAmount NOT recomputed!
+  }
+  // Withdraws full redeemAmount but only burns capped redeemTokens
+  ```
+- **Bypass**: Call `exitMarket()` first to skip liquidity check
+- **Mitigation**: Recompute all dependent values after any cap/adjustment
+
+#### 6. ShiMama - $35K (Deflationary Token Exploit)
+- **Date**: March 18, 2026
+- **Chain**: BNB Chain
+- **Root Cause**: No access control on `executePairBurn()`
+- **Attack**: 
+  - Called `executePairBurn()` with large `referenceIn`
+  - Pulled 1.3B ShiMama from pair and burned
+  - Inflated price 200x
+  - Sold pre-acquired tokens at inflated price
+- **Mitigation**: Access control on reserve-mutating functions + bind inputs to protocol-derived values
+
+#### 7. BlindBox - $99K (Weak Randomness + Price Manipulation)
+- **Date**: March 19, 2026
+- **Chain**: BNB Chain
+- **Root Causes**:
+  1. **Weak Randomness**: After 256 blocks, `blockhash()` returns 0, fallback uses predictable `block.prevrandao`
+  2. **Fake TWAP**: `getTwapPrice()` reads spot price, not time-weighted average
+- **Attack**: 
+  - Manipulate ATM/USDT pool to inflate bet size limit
+  - Wait >256 blocks, simulate outcomes off-chain
+  - Call `settle()` only when favorable result predicted
+  - Achieved 100% win rate
+- **Mitigation**: Remove predictable randomness paths + use manipulation-resistant price feeds
+
+---
+
+### Week of March 9-15, 2026
+**Total Losses**: ~$1.66M across 8 incidents
+
+#### 8. AAVE Liquidation - $1.01M (Oracle Misconfiguration)
+- **Date**: March 11, 2026
+- **Chain**: Ethereum
+- **Root Cause**: CAPO oracle snapshot ratio set below true wstETH/ETH ratio
+- **Mechanism**:
+  ```
+  maxRatio = snapshotRatio + maxGrowthPerSecond × (currentTime - snapshotTimestamp)
+  if (currentRatio > maxRatio) use maxRatio  // Clamps downward
+  ```
+- **Impact**: Systematically undervalued wstETH collateral → healthy positions liquidated
+- **Total**: $21M in incorrect liquidations, $1.01M net loss
+- **Mitigation**: Validate parameters before updates + add sanity checks in implementation
+
+#### 9. MT Token - $242K (Trading Restriction Bypass)
+- **Date**: March 10, 2026
+- **Chain**: BNB Chain
+- **Root Causes**:
+  1. Transfer of exactly 2e17 MT treated as referral binding, not buy
+  2. "Pair to Router" path bypasses buy restriction (both whitelisted)
+  3. Incomplete `isBuy` detection
+- **Attack**: Acquired seed capital → added liquidity → bought to Router → removed liquidity → manipulated burn
+- **Mitigation**: Strict separation of transfer semantics and trading logic
+
+#### 10. DBXen - $149K (_msgSender vs msg.sender Inconsistency)
+- **Date**: March 12, 2026
+- **Chains**: Ethereum + BNB Chain
+- **Root Cause**: `burnBatch()` burns from `msg.sender` but records under `_msgSender()`
+- **Attack via Forwarder**:
+  1. Call `burnBatch()` through forwarder
+  2. Burns XEN from forwarder, updates forwarder's cycle records
+  3. Burned amount recorded under attacker's `_msgSender()` address
+  4. Attacker's cycle records remain at 0
+  5. `claimFees()` calculates fees from cycle 0 (entire protocol history)
+- **Mitigation**: Use `_msgSender()` consistently or ensure both reference same address
+
+#### 11. AM Token - $131K (Deferred Burn Exploitation)
+- **Date**: March 12, 2026
+- **Chain**: BNB Chain
+- **Root Cause**: Sell records `toBurnAmount`, burn executes on next sell
+- **Attack**:
+  1. Sell to record `toBurnAmount = 4,303e18`
+  2. Buy to shrink pool's AM reserve to 4,303e18
+  3. Trigger next sell → burns entire AM reserve to 0
+  4. Transfer USDT + 1 wei AM → treated as addLiquidity
+  5. Sell remaining AM at artificially inflated price
+- **Mitigation**: Limit max burn per transaction + rate limiting
+
+#### 12. Alkemi - $89K (Liquidation Accounting Overwrite)
+- **Date**: March 10, 2026
+- **Chain**: Ethereum
+- **Root Causes**:
+  1. `calculateDiscountedRepayToEvenAmount()` uses `closeFactorMantissa` instead of `accountShortfall`
+  2. When liquidator == borrower, reduced balance overwritten by rewarded balance
+- **Attack**: Borrow → immediately self-liquidate → profit from accounting error
+- **Mitigation**: Operate on storage variables directly, not memory copies
+
+---
+
+### Week of March 2-8, 2026
+**Total Losses**: ~$3.25M across 7 incidents
+
+#### 13. BitcoinReserveOffering - $2.7M (Double-Minting)
+- **Date**: March 5, 2026
+- **Chain**: Ethereum
+- **Root Cause**: Full ERC-3525 SFT deposit triggers mint twice
+- **Vulnerability**:
+  1. `mint()` calls `doSafeTransferIn()` → triggers `onERC721Received()` callback → mints BRO
+  2. After callback returns, `mint()` continues → mints BRO again
+- **Attack**: Loop burn-and-mint 22 times → exponentially inflate balance
+  - Start: 135e18 BRO
+  - After 22 loops: 567,758,816e18 BRO
+  - Redeem for 38e18 SolvBTC profit
+- **Mitigation**: Ensure asset accounting occurs only once per deposit
+
+#### 14. sDOLA Llamalend - $239K (Price Manipulation)
+- **Date**: March 2, 2026
+- **Chain**: Ethereum
+- **Root Cause**: sDOLA (ERC4626) price manipulable via `donate()`
+- **LLAMMA Mechanism**: Health computed via round-trip conversion through two price anchors
+  - Dynamic anchor: moves with oracle (manipulated)
+  - Static anchor: fixed at position creation
+  - Gap between anchors creates haircut on recoverable value
+- **Attack**: Donate to inflate sDOLA price → positions become liquidatable even as price rises
+- **Mitigation**: Use delayed or TWAP collateral prices for liquidation
+
+#### 15. MoltEVM - $127K (Spoofed Interface Check)
+- **Date**: March 7, 2026
+- **Chain**: Base
+- **Root Cause**: `onlySpawnerToken` modifier only checks `msg.sender.initialized() == true`
+- **Attack**: Deploy contract with `initialized()` returning true → call `mintFromSpawner()` freely
+- **Mitigation**: Explicit whitelists or trusted contract registries
+
+#### 16. LEDS - $64K (Chained Burn Mechanisms)
+- **Date**: March 8, 2026
+- **Chain**: BNB Chain
+- **Root Cause**: Multiple independent burn mechanisms chainable in single transaction
+- **Attack**: 
+  1. `triggerDailyBurnAndMint()` → burns from pair
+  2. Sell → accumulates `stor_18`
+  3. Buy to Router → burns from pair
+  4. Call `0x17a06174()` → burns entire `stor_18` from pair
+  5. Pair's LEDS reserve collapses to 2 wei
+  6. Reverse swap drains WBNB
+- **Mitigation**: Access control + rate limiting + cooldowns on burn functions
+
+#### 17. ACPRoute - $58K (State Persistence Flaw)
+- **Date**: March 2, 2026
+- **Chain**: Base
+- **Root Cause**: `releasePayment()` loads job as memory copy, not storage reference
+- **Vulnerability**:
+  ```solidity
+  Job memory job = jobs[jobId]; // Memory copy!
+  job.amountClaimed += amount;  // Never persisted
+  ```
+- **Attack**: Phase transition auto-calls `releasePayment()` → manually call `claimBudget()` again
+- **Mitigation**: Use storage references for critical state variables
+
+---
+
+### Week of February 23 - March 1, 2026
+**Total Losses**: ~$13M across 7 incidents
+
+#### 18. YieldBlox DAO - $10M+ (Oracle Manipulation)
+- **Date**: February 22, 2026
+- **Chain**: Stellar (Blend V2)
+- **Root Cause**: Reflector oracle sourced from shallow USTRY/USDC SDEX market
+- **Attack**:
+  1. Manipulated USTRY price from $1.06 to $107 on SDEX
+  2. Reflector oracle updated with manipulated price
+  3. Borrowed 1,000,196e7 USDC + 6,124,927,810e7 XLM with overvalued USTRY collateral
+  4. Bridged assets to Base, BSC, Ethereum
+- **Key Lesson**: Price dependency for lending must be manipulation-resistant
+
+#### 19. FOOMCASH - $2.26M (Groth16 Proof Vulnerability)
+- **Date**: February 26, 2026
+- **Chains**: Base + Ethereum
+- **Root Cause**: Vulnerable Groth16 setup with gamma (γ) == delta (δ) == G₂
+- **Attack**: Forged valid proofs with arbitrary inputs → drained 19,695,576,757,802e18 FOOM
+- **Mitigation**: Thorough review and audit of cryptographic setups
+
+#### 20. Ploutos - $390K (Oracle Misconfiguration)
+- **Date**: February 26, 2026
+- **Chain**: Ethereum (Aave v3.0.2 fork)
+- **Root Cause**: USDC oracle set to Chainlink BTC/USD feed
+- **Attack**: Borrowed 187.3 ETH by collateralizing 8.88 USDC
+- **Mitigation**: Multisig or timelock for sensitive oracle operations
+
+---
+
+## Attack Mechanisms Deep Dive
+
+### Empty Market Attack Pattern (Aave V3 Forks)
+
+**Affected Protocols**: dTRINITY, multiple Aave forks
+
+**Core Vulnerability**:
+```solidity
+function cumulateToLiquidityIndex(reserve, amount) {
+    nextLiquidityIndex = ((amount / totalLiquidity) + 1) * reserve.liquidityIndex;
+}
+```
+
+**Attack Phases**:
+
+1. **Reserve Compression**
+   - Deposit minimal amount (e.g., 100 units)
+   - Withdraw 99 units → leaves 1 scaled share
+   - totalLiquidity ≈ 0
+
+2. **Index Inflation**
+   - Execute repeated flash loans (e.g., 150 iterations)
+   - Each flash loan premium (0.05%) accrues to reserve
+   - With totalLiquidity ≈ 0, each premium multiplies index dramatically
+   - Example: 1e27 → 6.2e27 after 150 flash loans
+
+3. **Rounding Exploitation**
+   - Deposit small amount → mints 1 share (rounds up)
+   - Withdraw large amount → burns 1 share (rounds down)
+   - Asymmetry allows extracting more value than deposited
+
+4. **Profit Realization**
+   - Use overstated collateral to borrow from other reserves
+   - Extract borrowed assets
+   - Net profit from rounding imbalances
+
+**Mathematical Analysis**:
+```
+Initial state: liquidityIndex = 1e27, totalLiquidity = 1 unit
+
+After flash loan with 0.05% premium:
+nextIndex = ((premium / 1) + 1) * 1e27
+         = (0.0005 + 1) * 1e27
+         = 1.0005e27
+
+After 150 iterations:
+finalIndex ≈ 1.0005^150 * 1e27 ≈ 6.2e27
+```
+
+**Mitigation**:
+- Enforce minimum liquidity lock at reserve initialization (e.g., 1000 units)
+- Prevents totalLiquidity from approaching zero
+- Makes index inflation economically infeasible
+
+---
+
+### Donation Attack Pattern (Compound V2 Forks)
+
+**Affected Protocols**: Venus, multiple Compound forks
+
+**Core Vulnerability**:
+```solidity
+exchangeRate = (cash + borrows - reserves) / totalSupply
+cash = underlyingToken.balanceOf(address(this))  // Direct balance read!
+```
+
+**Attack Mechanism**:
+1. Build initial position via normal mint
+2. Transfer underlying tokens directly to market contract
+3. `cash` increases without `totalSupply` increasing
+4. `exchangeRate` inflates
+5. Existing shares now represent more underlying value
+6. Use inflated collateral to overborrow
+
+**Venus THE Market Example**:
+- Initial position: 12.2M THE (84% of supply cap)
+- Donated: 36M THE directly to vTHE contract
+- exchangeRate inflated 3.81x
+- Combined with spot price manipulation ($0.20 → $0.51)
+- Final borrow: $14.9M (3.67x supply cap)
+
+**Mitigation**:
+- Track deposits explicitly, don't rely on balance reads
+- Implement donation protection (e.g., virtual shares)
+- Set exchange rate limits
+- Automated circuit breakers for rapid collateral value changes
+
+---
+
+### Deflationary Token Exploit Pattern
+
+**Common Vulnerability**: Burn mechanisms that directly modify AMM pair reserves
+
+**Attack Template**:
+1. **Trigger Burn**: Execute action that burns tokens from pair
+2. **Manipulate Reserves**: Reduce token reserve while WETH/USDT reserve unchanged
+3. **Price Inflation**: Token price artificially inflated
+4. **Profit**: Sell pre-acquired tokens at inflated price
+
+**Variants**:
+
+**A. Direct Burn on Transfer** (LAXO, STO)
+```solidity
+function _transfer(from, to, amount) {
+    if (to == pair) {
+        pair.burn(amount * 0.94);  // Burns from pair!
+        pair.sync();
+    }
+}
+```
+
+**B. Deferred Burn** (AM Token)
+```solidity
+// Sell 1: Records burn amount
+toBurnAmount = sellAmount;
+
+// Buy: Shrink reserves to toBurnAmount
+
+// Sell 2: Executes burn
+pair.burn(toBurnAmount);  // Wipes out entire reserve!
+```
+
+**C. Multiple Burn Paths** (LEDS)
+- `triggerDailyBurnAndMint()`
+- `stor_18` accumulation
+- Router transfer burn
+- All chainable in single transaction
+
+**Mitigation**:
+- Never burn directly from pair without access control
+- Implement burn caps per transaction
+- Add cooldown periods between burns
+- Rate limit burn frequency
+
+---
+
+### Oracle Manipulation Patterns
+
+**Type 1: Shallow Liquidity Manipulation** (YieldBlox)
+- Target: Low-liquidity DEX markets
+- Method: Consume normal orders + place abnormal orders
+- Impact: USTRY $1.06 → $107 (100x)
+- Propagation: Manipulated price fed to oracle → lending protocol
+
+**Type 2: Donate-Based Manipulation** (sDOLA)
+- Target: ERC4626 vaults with `donate()` function
+- Method: Donate assets to inflate share price
+- Impact: Collateral overvalued → positions liquidatable
+
+**Type 3: Misconfiguration** (AAVE, Ploutos)
+- AAVE: Snapshot ratio below true ratio → systematic undervaluation
+- Ploutos: Wrong feed (BTC/USD for USDC) → 100,000x overvaluation
+
+**Mitigation**:
+- Use manipulation-resistant oracles (Chainlink, Pyth)
+- Implement TWAP with sufficient window
+- Add sanity checks and deviation limits
+- Multisig + timelock for oracle configuration
+- Monitor liquidity depth of price sources
+
+---
+
+### Access Control Failure Patterns
+
+**Type 1: Missing Modifiers** (Fun.xyz, ShiMama)
+```solidity
+function bridge() external {  // No onlyOperator!
+    _bridgeToRecipient(bridgeParams);
+}
+```
+
+**Type 2: Trivially Spoofed Checks** (MoltEVM)
+```solidity
+modifier onlySpawnerToken() {
+    require(msg.sender.code.length > 0);  // Is contract?
+    require(ISpawner(msg.sender).initialized());  // Returns true?
+    _;
+}
+// Attacker: Deploy contract with initialized() { return true; }
+```
+
+**Type 3: Hardcoded Offset Bypass** (V4 Router)
+```solidity
+assembly {
+    let payer := calldataload(164)  // Assumes fixed offset!
+    if iszero(eq(payer, caller())) { revert(0, 0) }
+}
+// Attacker: Craft non-standard ABI encoding with different offset
+```
+
+**Mitigation**:
+- Explicit access control on all privileged functions
+- Use established patterns (OpenZeppelin AccessControl)
+- Never rely on easily spoofed checks
+- Decode structured inputs canonically, not via hardcoded offsets
+
+---
+
+### Accounting Error Patterns
+
+**Type 1: Memory vs Storage** (ACPRoute, Alkemi)
+```solidity
+Job memory job = jobs[jobId];  // Memory copy!
+job.amountClaimed += amount;   // Not persisted
+// Storage never updated
+```
+
+**Type 2: Incomplete State Updates** (HedgePay, Keom)
+```solidity
+function forceExit() {
+    token.transfer(msg.sender, _balances[msg.sender]);
+    // BUG: _balances[msg.sender] not reset!
+}
+```
+
+**Type 3: Order-Dependent Calculations** (Goose Finance)
+```solidity
+shares = deposit * sharesTotal / wantLockedTotal;  // Calculated first
+_farm();  // Updates wantLockedTotal second
+// Shares priced against stale denominator
+```
+
+**Mitigation**:
+- Use storage references for critical state
+- Update all dependent state atomically
+- Settle rewards before share calculations
+- Add invariant tests for state consistency
+
+---
+
+## Mitigation Strategies
+
+### For Lending Protocols
+
+1. **Empty Market Protection**
+   - Lock minimum liquidity at reserve initialization
+   - Prevent totalSupply from approaching zero
+   - Example: Lock 1000 units permanently
+
+2. **Donation Protection**
+   - Don't rely on `balanceOf()` for accounting
+   - Track deposits explicitly
+   - Implement virtual shares (ERC4626 style)
+
+3. **Oracle Hardening**
+   - Use manipulation-resistant price feeds
+   - Implement TWAP with sufficient window
+   - Add deviation limits and sanity checks
+   - Monitor source liquidity depth
+
+4. **Liquidation Safety**
+   - Validate oracle configuration before updates
+   - Add timelock for sensitive parameter changes
+   - Implement automated circuit breakers
+   - Monitor for rapid collateral value changes
+
+### For Token Contracts
+
+1. **Deflationary Mechanisms**
+   - Never burn directly from pair without access control
+   - Implement per-transaction burn caps
+   - Add cooldown periods between burns
+   - Rate limit burn frequency
+
+2. **Trading Restrictions**
+   - Strict separation of transfer semantics and trading logic
+   - Cover all swap paths in restriction logic
+   - Don't rely on whitelist short-circuits
+
+3. **Fee-on-Transfer**
+   - Ensure fee logic covers all transfer paths
+   - Test with various router configurations
+   - Consider impact on AMM accounting
+
+### For Bridge & Cross-Chain Protocols
+
+1. **Key Management**
+   - Use multisig for privileged operations
+   - Implement timelock for critical functions
+   - Rotate keys regularly
+   - Monitor for unauthorized access
+
+2. **Validation**
+   - Enforce on-chain preconditions for minting
+   - Don't rely solely on off-chain authorization
+   - Validate all cross-chain messages
+   - Implement rate limits
+
+### For DeFi Protocols (General)
+
+1. **Access Control**
+   - Use established patterns (OpenZeppelin)
+   - Explicit modifiers on all privileged functions
+   - Never rely on easily spoofed checks
+   - Regular access control audits
+
+2. **State Management**
+   - Use storage references for critical state
+   - Update all dependent state atomically
+   - Add invariant tests
+   - Avoid order-dependent calculations
+
+3. **Input Validation**
+   - Validate all user inputs
+   - Check for empty arrays/zero values
+   - Decode structured inputs canonically
+   - Don't use hardcoded offsets
+
+4. **Monitoring & Response**
+   - Real-time attack detection
+   - Automated circuit breakers
+   - Emergency pause mechanisms
+   - Incident response procedures
+
+---
+
+## Key Learnings
+
+### 1. Defense in Depth Fails When Each Layer Assumes Others Will Hold
+**Venus Incident**: Supply caps, collateral valuation, and liquidation all had gaps. Warning signals visible for months but unacted upon.
+
+**Lesson**: Implement automated monitoring and circuit breakers, not just static limits.
+
+### 2. Stablecoin Safety Requires Hard On-Chain Preconditions
+**Resolv Incident**: $50M unauthorized minting because `completeSwap()` relied on off-chain authorization only.
+
+**Lesson**: Enforce collateral checks on-chain, not just via trusted roles.
+
+### 3. Empty Market Attacks Are Well-Known But Still Exploited
+**dTRINITY Incident**: Classic Aave V3 fork vulnerability, well-documented, still not mitigated.
+
+**Lesson**: Treat reserve bootstrapping as critical operation. Lock minimum liquidity at deployment.
+
+### 4. Oracle Configuration Is As Critical As Oracle Implementation
+**AAVE, Ploutos Incidents**: Correct oracle implementation, wrong configuration.
+
+**Lesson**: Multisig + timelock for oracle config. Add validation checks in implementation.
+
+### 5. Deflationary Mechanisms Are High-Risk Design Patterns
+**Multiple Incidents**: LEDS, BUBU2, LAXO, STO, AM, MT - all deflationary tokens exploited.
+
+**Lesson**: Any mechanism that modifies pair reserves is economically sensitive. Requires strict access control and rate limiting.
+
+### 6. Cross-Protocol Contagion Amplifies Single-Point Failures
+**Resolv Incident**: $50M direct loss → millions more in bad debt across lending protocols using USR as collateral.
+
+**Lesson**: Risk management must account for cross-protocol dependencies. Real-time risk controls needed.
+
+### 7. Accounting Errors Often Stem From Memory vs Storage Confusion
+**ACPRoute, Alkemi, HedgePay**: All involved state updates to memory copies instead of storage.
+
+**Lesson**: Use storage references for critical state. Add invariant tests.
+
+### 8. Access Control Failures Often Involve Trivially Spoofed Checks
+**MoltEVM, V4 Router**: Checks that appear secure but are easily bypassed.
+
+**Lesson**: Use explicit whitelists or established access control patterns. Never rely on interface checks alone.
+
+### 9. Cryptographic Setups Require Expert Review
+**FOOMCASH Incident**: $2.26M loss from vulnerable Groth16 setup (γ == δ == G₂).
+
+**Lesson**: Complex cryptographic implementations must be thoroughly audited by specialists.
+
+### 10. Monitoring Gaps Leave Protocols Vulnerable Despite Visible Signals
+**Venus Incident**: Warning signals on-chain for months before attack.
+
+**Lesson**: Bridge gap between detection and intervention. Automated monitoring + response critical.
+
+---
+
+## Attack Pattern Statistics (March 2026)
+
+### By Root Cause
+- Business Logic Flaws: 35%
+- Oracle Issues: 20%
+- Access Control: 15%
+- Accounting Errors: 12%
+- Private Key Compromise: 8%
+- Cryptographic Flaws: 5%
+- Other: 5%
+
+### By Chain
+- Ethereum: 40%
+- BNB Chain: 35%
+- Base: 10%
+- Polygon: 8%
+- Other: 7%
+
+### By Protocol Type
+- Lending: 30%
+- DEX/AMM: 25%
+- Token Contracts: 20%
+- Staking: 10%
+- Bridge: 8%
+- GameFi: 7%
+
+### Loss Distribution
+- $10M+: 3 incidents (Resolv, YieldBlox, AAVE liquidations)
+- $1M-$10M: 5 incidents
+- $100K-$1M: 15 incidents
+- <$100K: 236+ incidents
+
+---
+
+## Conclusion
+
+The March 2026 incident data reveals several critical patterns:
+
+1. **Known vulnerabilities continue to be exploited** - Empty market attacks, donation attacks, and deflationary token exploits are well-documented but still prevalent.
+
+2. **Configuration errors rival implementation bugs** - Oracle misconfigurations, access control oversights, and parameter errors cause as many losses as code vulnerabilities.
+
+3. **Cross-protocol risk is underestimated** - Single-point failures cascade across DeFi ecosystem, amplifying losses.
+
+4. **Monitoring gaps are critical** - Many attacks had visible on-chain warning signals that went unacted upon.
+
+5. **Defense in depth requires automation** - Static limits and manual monitoring insufficient; need automated circuit breakers and real-time response.
+
+**For auditors and developers**: This knowledge base provides attack patterns to test against. Every protocol should be evaluated for susceptibility to these known attack vectors before deployment.
+
+**For security researchers**: These patterns represent the current threat landscape. Novel attacks often combine multiple known patterns in unexpected ways.
+
+---
+
+## References
+
+- [BlockSec Security Incident Library](https://blocksec.com/security-incident)
+- [BlockSec Blog - Weekly Roundups](https://blocksec.com/blog)
+- [Phalcon Security APP](https://blocksec.com/phalcon/security)
+- [BlockSec 2025 Crypto Crime Report](https://blocksec.com/crypto-crime-report)
+
+**Last Updated**: March 27, 2026  
+**Total Incidents Analyzed**: 30+ detailed cases from 259+ total incidents  
+**Coverage Period**: January - March 2026