# Threat Intelligence

Guardrail's security research team tracks DeFi exploits and attack patterns. Here are highlights from recent years showing how real-time monitoring could have prevented major losses.

## 2025 Highlights

**Cetus Protocol ($224M) — June 2025** A concentrated liquidity DEX on Sui exploited through price calculation manipulation. Attackers drained multiple pools by exploiting arithmetic in the swap logic. Guardrail's pool manipulation and balance anomaly guards detect this pattern by monitoring for abnormal price movements and liquidity changes within single transactions.

**Silo Finance ($500K+) — June 2025** An unreleased leverage feature was exploited during testing. Even test deployments need monitoring—Guardrail's event and function guards would have detected unexpected interactions with the vulnerable contracts.

## 2024 Highlights

**Radiant Capital ($50M) — October 2024** Not a code bug—compromised developer machines displayed fake transaction data to multisig signers. Guardrail's multisig threshold guard would have flagged the signing requirements, and admin event monitoring would have detected the ownership change before fund drainage.

**Penpie ($27M) — September 2024** Reentrancy attack on the reward calculation logic. The attacker used fake Pendle market contracts to manipulate deposits mid-transaction. Guardrail's reentrancy guard and function sequence validation detect this pattern.

**Ronin Bridge ($12M) — August 2024** A proxy upgrade without initialization allowed anyone to withdraw tokens. Guardrail's proxy uninitialized upgrade guard specifically detects when upgrades occur without accompanying initialization calls.

## Attack Pattern Coverage

| Pattern                 | Guardrail Detection                        |
| ----------------------- | ------------------------------------------ |
| Reentrancy              | Reentrancy Guard, Function Sequence Guard  |
| Flash Loan Manipulation | Flash Loan Guard, Pool Manipulation Guard  |
| Oracle Attacks          | Price Deviation Guard, Oracle Health Guard |
| Governance Exploits     | Multisig Threshold, Admin Event Guards     |
| Uninitialized Proxies   | Proxy Upgrade Guard                        |
| Private Key Compromise  | Balance Drop Guard, Admin Change Detection |

***