← All incidents

Munchables

A $62M loss on Blast in 2024, caused by an access control flaw. Here's what happened, the vulnerability class behind it, and where it stands in ProveWall's re-proof pipeline.

Loss$62M
Year2024
ChainBlast
Vulnerability classAccess control
Mechanisminsider malicious upgrade / storage slot
◷ In the ProveWall re-proof queue
We have not yet re-executed this exploit on a forked chain. When we do, this page will show a signed, independently replayable receipt — the exploit moving value, and the patched control resisting. Until then this is a factual incident summary, not a proof. No proof, no finding.

What this class of bug is

Access-control flaws let an unauthorized caller reach privileged logic — minting, upgrading, unlocking, or draining funds — because a permission check is missing, wrong, or can be bypassed.

How to read this page. The dollar figure is the publicly reported loss attributed to this incident. A ProveWall re-proof reproduces the vulnerability class/mechanism by execution on a forked chain, with a signed receipt — we say so explicitly only once that execution has passed.

Other access control exploits

Same vulnerability class, re-proven or queued on the wall: Poly Network · Parity multisig freeze

Want your own contract actually proven — not guessed?

Static tools and LLM auditors ask "is there a check here?" and miss the check that exists but is wrong. OmniGuard Labs runs the exploit on a forked chain and sends you a signed pass/fail receipt. Request a proof-backed audit →