Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/level-finance

Name: level-finance
Author: apegurus

skills/case-studies/level-finance/SKILL.md

npx skillsauth add apegurus/solidity-argus level-finance

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Level Finance (2023)

Overview

In May 2023, Level Finance, a decentralized perpetual exchange on BNB Chain, was exploited for approximately $1.1 million. The attacker exploited a reentrancy vulnerability in the protocol's referral contract, specifically within the claimMultiple function, allowing them to claim referral rewards multiple times in a single transaction.

Root Cause

The vulnerability was in the LevelReferralController contract. The claimMultiple function allowed users to claim rewards for multiple referral epochs. However, the function did not follow the Checks-Effects-Interactions pattern and lacked a reentrancy guard. The contract sent rewards to the user before updating the isClaimed status for the epoch, allowing the attacker to re-enter the function and claim the same rewards repeatedly.

Attack Flow

Attacker created multiple referral accounts and generated referral rewards.
Attacker called the claimMultiple function with a list of epoch IDs.
The contract calculated the rewards and sent them to the attacker's malicious contract.
The attacker's fallback function triggered another call to claimMultiple with the same epoch IDs.
Because the isClaimed status was only updated after the loop finished, the second call (and subsequent recursive calls) succeeded.
Attacker drained approximately 214,000 LVL tokens and swapped them for 3,345 BNB.

Impact

Loss: ~$1.1M
Protocol: Level Finance
Chain: BNB Chain
Date: 2023-05-01

Key Transactions

Attack tx: 0xe18396571315154179da08573f38039c50f8c46653302f9c449e10ba575606f5

Detection Heuristics

Pattern 1: Reward claiming functions that iterate over a list and make external calls within the loop before updating the "claimed" status.
Pattern 2: Lack of reentrancy guards on functions that handle token transfers or sensitive state updates.

Remediation

Fix 1: Implement a reentrancy guard (nonReentrant modifier) on the claimMultiple function.
Fix 2: Use the Checks-Effects-Interactions pattern. Update the isClaimed status for each epoch before sending the rewards.

References

rekt.news/level-finance-rekt/
twitter.com/Level__Finance/status/1653035345610817536

apegurus/level-finance

skills/case-studies/level-finance/SKILL.md

Case study of the 2023 Level Finance exploit: referral code reentrancy draining ~$1.1M

development

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus level-finance

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:20 AM164.9s1 file scanned

SKILL.md

name:: level-finance
description:: Detects functions that allow multiple claims in a single transaction. Must be checked for reentrancy if they involve external calls.
category:: reference
source_url:: https://rekt.news/level-finance-rekt/
source_license:: CC0
imported_at:: 2025-02-20T00:00:00Z
- regex:: claimMultiple
severity:: High

Level Finance (2023)

Overview

Root Cause

Attack Flow

Attacker created multiple referral accounts and generated referral rewards.
Attacker called the claimMultiple function with a list of epoch IDs.
The contract calculated the rewards and sent them to the attacker's malicious contract.
The attacker's fallback function triggered another call to claimMultiple with the same epoch IDs.
Because the isClaimed status was only updated after the loop finished, the second call (and subsequent recursive calls) succeeded.
Attacker drained approximately 214,000 LVL tokens and swapped them for 3,345 BNB.

Impact

Loss: ~$1.1M
Protocol: Level Finance
Chain: BNB Chain
Date: 2023-05-01

Key Transactions

Attack tx: 0xe18396571315154179da08573f38039c50f8c46653302f9c449e10ba575606f5

Detection Heuristics

Pattern 1: Reward claiming functions that iterate over a list and make external calls within the loop before updating the "claimed" status.
Pattern 2: Lack of reentrancy guards on functions that handle token transfers or sensitive state updates.

Remediation

Fix 1: Implement a reentrancy guard (nonReentrant modifier) on the claimMultiple function.
Fix 2: Use the Checks-Effects-Interactions pattern. Update the isClaimed status for each epoch before sending the rewards.

References

rekt.news/level-finance-rekt/
twitter.com/Level__Finance/status/1653035345610817536

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/case-studies/level-finance ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT