Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Treasure DAO was the largest NFT marketplace Arbritrum. Recently, it was hacked. But how?

The function buyItem() can be used to purchase existing listings to be bought for no fee on the NFT platform. The function signature is buyItem(nftAddress, tokenId, owner, quantity).

There is no validation that the quantity parameter is NOT zero. When multiplying the per-item price with the quantity, providing a zero would result in a cost of zero.

From reading the source code of the application right before the bug fix at here, it appears that the NFT transfer was a full NFT. The quantity was NOT use on ERC721 but only used on ERC1155. The quantity item feels a little weird in this context.

Overall, interesting input validation finding!