The most expensive DeFi bugs often aren't textbook vulnerabilities like reentrancy or overflow. They're logic errors — flawed economic assumptions, miscalculated accounting, or overlooked edge cases in protocol-specific code. Euler Finance lost $197M to a donation attack that broke their health factor calculation. Compound accidentally distributed $90M in extra COMP tokens due to a governance parameter misconfiguration.
Categories of Logic Bugs
1. Accounting Errors
Mismatch between internal balances and actual token holdings. Donation attacks, rounding errors, and share inflation can desynchronize accounting.
// VULNERABLE: Share-based vault susceptible to donation attack
function deposit(uint256 assets) external returns (uint256 shares) {
shares = totalShares == 0
? assets
: assets * totalShares / totalAssets();
// Attacker: deposit 1 wei, donate 1M tokens directly
// Next depositor gets 0 shares (rounds to zero)
_mint(msg.sender, shares);
}
// SECURE: Virtual offset (ERC-4626 mitigation)
function deposit(uint256 assets) external returns (uint256 shares) {
shares = assets * (totalShares + 1) / (totalAssets() + 1);
_mint(msg.sender, shares);
}2. Incorrect State Transitions
Protocol enters an invalid state because transitions between states aren't properly validated. A liquidation function that can be called on healthy positions, or a withdrawal that doesn't update accounting.
3. Economic Model Failures
The protocol's economic design has flaws that are profitable to exploit — interest rate calculation errors, reward distribution bugs, or incentive misalignment.
4. Missing Edge Cases
Zero-amount transactions, first-depositor attacks, empty pool operations, and dust-amount exploits.
Major Protocol Logic Exploits
| Protocol | Year | Loss | Logic Error |
|---|---|---|---|
| Euler Finance | 2023 | $197M | Donation attack broke health factor |
| Compound | 2021 | $90M | COMP distribution parameter error |
| Cover Protocol | 2020 | $4M | Infinite mint via shield mining logic |
| Yearn Finance | 2021 | $11M | DAI vault share price manipulation |
Finding Logic Bugs: The Hardest Challenge
Logic bugs are the hardest to detect with automated tools because the code is "correct" from a syntax and security-pattern perspective — it just doesn't do what the protocol intended. Finding them requires:
- ✅ Understanding the protocol's economic model completely
- ✅ Testing with extreme values (0, 1, MAX, first deposit, last withdrawal)
- ✅ Invariant testing — define what should ALWAYS be true, test continuously
- ✅ Formal verification of critical accounting logic
- ✅ Economic modeling and simulation of adversarial scenarios
- ✅ First-depositor attack mitigation (virtual offset or minimum deposit)
How Vultbase Detects Logic Issues
- Pattern DB — 74 DeFi protocol logic patterns covering donation attacks, share inflation, reward distribution bugs, and accounting mismatches
- DeFi Protocol Challenge — Simulates adversarial economic scenarios against your contracts
- Multi-Challenge Correlation — Cross-references logic findings with access control and arithmetic checks
Logic bugs don't trigger warning bells — they silently drain millions. Get your protocol logic audited by experts who understand DeFi economics.