Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 457,878.
- chain
- optimism
- protocol
- Clipper DEX
- bug_class
- logic
- date_occurred
- 2024-12-01
- loss_usd
- $457,878
- source_id
- sm:clipper-dex::2024-12-01