Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The TempleDAO project was hacked, involving an amount of approximately $2.36 million. According to the analysis of the SlowMist security team, in this incident, because the migrateStake function did not check the oldStaking, the attacker could forge the oldStaking contract to add the balance arbitrarily. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 2,360,000.
- chain
- —
- protocol
- TempleDAO
- bug_class
- logic
- date_occurred
- 2022-10-11
- loss_usd
- $2,360,000
- source_id
- sm:templedao::2022-10-11