GemPad: Reentrancy — Missing Guards on collectFees / Withdrawal Function
GemPad's LP lock contract — the mechanism that was supposed to secure other projects' liquidity — had no reentrancy guard on its withdrawal function, letting an attacker drain ~$1.9M across Ethereum, BNB Chain, and Base using malicious token callbacks.
Summary #
GemPad suffered a Token Launchpad / LP Lock Service on 2024-12-17, resulting in a loss of approximately $2M.
What happened #
GemPad's LP lock contract — the mechanism that was supposed to secure other projects' liquidity — had no reentrancy guard on its withdrawal function, letting an attacker drain ~$1.9M across Ethereum, BNB Chain, and Base using malicious token callbacks.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-008 — illustrative : Bug survived review (RD-F-008 = ignored disclosure; closest semantic match for audit-missed-bug) [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Audited (partially) — the vulnerability class (missing reentrancy guard) is a fundamental security check; its presence suggests the lock con...]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Unknown]