Blog

Security research, vulnerability analysis, and product updates.

Allaccess-controlai-securityanchorannouncementsaptosauditbenchmarksbest-practicesbridgechecklistci-cdconfigurationcosmoscosmwasmdefidevopserc-3525evmexploit-teardownflash-loansgovernancelstmovemultisignorth-koreaoracleproductreentrancyresearchrustsecuritysocial-engineeringsolanasoliditysuisupply-chainsvmtestingtoolingupgradesvulnerability-class
Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong
|Odin Scan Team

Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong

On March 10, a snapshot parameter drifted against its timestamp on Aave's CAPO oracle. 34 users got liquidated for $27M against a capped wstETH rate that no longer reflected reality.

exploit-teardownevmoracle
LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses
|Odin Scan Team

LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses

The same misconfiguration pattern has drained protocols multiple times. LST and LRT price composition is not complicated, but getting it wrong is catastrophic.

oracleevmdefi
AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.
|Odin Scan Team

AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.

On February 15, Moonwell lost $1.78M to a cbETH oracle misconfiguration introduced in an AI-assisted PR. Odin Scan had flagged the exact vulnerability as Critical before it ever went live.

exploit-teardownevmoracle