Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Mt Pelerin is a financial intuition in Switzerland that leverages the blockchain to operate. The smart contract ComplianceRegistry is responsible for stores identity information linked to an address and the storage history of the address.

This Compliance Registry is managed by trusted intermediaries, such as KYC/AML providers. Based on the tokens used provider, the registry will return the compliance information of the token.

The function cancelOnHoldTransfer can be called to cancel transfers for a trusted intermediary to get their tokens back. This takes in a trusted intermediary and an array of transactions to cancel. There is a loop that verifies that the transfer.from is the same as msg.sender for the transaction to cancel.

While looping over the array, it does not check to see if the transaction has been cancelled. Since the cancelled funds are sent back to the user at the end of each transaction, infinite money can be stolen using this technique.

The transactions would be cancelled, but it's at the end of the loop. So, to exploit this, the same transaction needs to be added multiple times to steal all of the money. Overall, a good bug that seems to be common when looping over elements that own money.