Assertions give users the ability to express additional invariants on the state of the contract. A change of the implementation address could be prevented by analyzing the state changes within a transaction.

In December 2024, VestraDAO was hacked. The hacker exploited a vulnerability in the unStake function which allowed users to stake and unstake without waiting for the maturity period. For an in-depth analysis of the hack, you can read this post.

In October 2024, Radiant Capital was hacked. You can read more about the hack on Rekt. In short, the attacker managed to gain control over 3 signers of the Radiant Capital multisig, which allowed the attacker to change ownership of the lending pools and ultimately drain the pools. Had there been an assertion in place that checked that the ownership of the lending pools didn’t change, the hack would have been prevented.