Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Mint function is used to create tokens. The Burn is a function used to destroy tokens. Both of these are standards with ERC20 tokens. This is the case with cryptoBurgers (BURG). BURG is a token based on the Binance Smartchain.

The Mintand Burn functions should not be publicly callable. Normally, these are called internally once some operations has been performed, such as sending ETH to the platform in exchange for the token.

The Burn function is external in the source code. This can be seen here. This allows the number of tokens in the pool to be arbitrary decreased. Why is this bad? This breaks the prices of AMMs and tokens pairs.

Hospo token had the same exact vulnerability. This was exploited by doing a major burn on the token, syncing the price then performing a swap. Naturally, the price had been drastically manipulated upon doing this, giving them a major profit.

The tool ethtx.info is used to make the transactions look real nice here! Overall, two really simple bugs; it's amazing this made it through an audit...