If you just want to browse a list of crazy attacks, Bad Things is a great place to start. Bad Things is a grand list of attacks and breakdowns on what went wrong and how.
If you want to make sure you don’t have these issues in your own code then check out Smart contract best practices – known attacks
Readings
Smart contract best practices – known attacks – an overview
Bad Things – a list of attacks, from Scott’s talk
(Optional) SWC Registry – Smart contract weakness classification and test cases
(Optional) Testing smart contracts – a talk I gave last year, might be a little outdated
Re-entrancy attack
https://github.com/austintgriffith/scaffold-eth/tree/reentrancy-example – by our own @Aayush Gupta
Critical update Re: DAO vulnerability
Front-running
How to Get Front-Run on Ethereum mainnet – Video
Honeypots in Ethereum And How to avoid them with Tenderly.co transaction simulation – Video
How the Opyn Ethereum Contract was hacked for $943,000 (Technical Review) – Video
(Optional) Uniswap pools doc – explains what burn does in the blog post above; e.g. when removing liquidity, [removeLiquidity](https://github.com/Uniswap/uniswap-v2-periphery/blob/4123f93278b60bcf617130629c69d4016f9e7584/contracts/UniswapV2Router02.sol) will call this burn.
How the winner got Fomo3D price – A detailed explanation – block stuffing
Flash loan
Borrow Millions in DeFi with no collateral? flash loans explained (avave, dYdX) – Video
(Optional) bZx trading & borrowing doc – helps you to understand the bZx attacks above
Flash Arbitrager Trader – A simple working example of a flash arbitrage smart contract
MakerDAO issues warning after a flash loan is used to pass a governance vote
DeFi flash loan attacks and the yAxis metavault
SushiSwap’s Vampire Scheme: Hours Away and With $1.3B at Stake