Juicebox V3

2021-07-01

Juicebox protocol V1 launched on Ethereum mainnet by pseudonymous developer Jango.

2021-08-18

Low-severity bug discovered in V1 affecting reserved rate calculations for projects that received payments with a reserved rate of 0% before later reconfiguring to a non-zero reserved rate.

2021-11-18

ConstitutionDAO raises approximately $46 million in ETH through Juicebox to bid on a copy of the U.S. Constitution at Sotheby's; bid is unsuccessful.

2022-02-01

AssangeDAO raises approximately 17,423 ETH (then roughly $53 million) via Juicebox, becoming the largest DAO fundraiser on the platform at the time.

2022-04-09

AssangeDAO multi-signature wallet transfers 583.755 ETH without community approval, triggering fraud allegations and calls for legal action against the founding team.

2022-03-29

Certik publishes security assessment of Juicebox V2 contracts, flagging project owner's ability to send ETH to arbitrary addresses and recommending multi-sig and timelock controls.

2022-05-24

Medium-severity bug in JBFundingCycleStore triggered by successive reconfigurations in rolled-over funding cycles; contracts redeployed May 25 and project migration completed by May 28.

2022-07-01

Code4rena V2 audit identifies honeypot vulnerability allowing project owners to trap contributor funds.

2022-09-20

Juicebox V3 deployed to Ethereum mainnet following audits by PeckShield, Certik, and Code4rena.

2022-10-23

Code4rena competitive audit of Juicebox V3 closes; 13 unique vulnerabilities identified including 5 HIGH severity findings covering fund loss, reserve token underflow, honeypot exploitability, and NFT redemption weight miscalculation.

2023-02-17

JuiceboxDAO approves JBP-341 to address high-severity bug discovered during V3 JBX migration contract deployment.

2023-02-21

Juicebox V3.1 deployed to Ethereum mainnet with JBETHPaymentTerminal3_1 and JBController3_1 to address the high-severity migration bug and additional security risks.

2023-05-22

Code4rena audit of Juicebox Buyback Delegate closes; 3 medium-severity issues found including partial Uniswap V3 swap execution and slippage protection gaps.

2023-06-30

Juicebox V3.1.1 deployed, fixing low-severity payout revert bug and adding gas optimizations.

2023-08-15

Juicebox V3.1.2 deployed, fixing critical fee accounting error where protocol miscalculated expected deposit amounts after payout returns, leaving projects financially underfunded.

2026-04-20

Juicebox V3 suffers alleged $52,000 loss via a borrowFrom spoof attack on Ethereum, classified by DeFiLlama as a Protocol Logic exploit.