About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

DuxDoge (DDC) Pool Arbitrary Burn- 1086

Beosin AlertPosted 3 Years Ago
  • The function handleDeductFee() has no fee for incoming checks for who calls it and the amount. There were some other values that were controllable on this as well.
  • The attacker transferred almost all of the DDC tokens into the victim fees pool. This effectively turns into an infinite burn security problem from the pool as a result.
  • The trading value is pinned to the other token. For instance, if USDC is $1 and ETH is 15K, then the pool should have a 15K:1 ratio. So, when $DDC is mostly removed from the pool, the other token (USD) is significantly raised. The attacker can then swap very few DDC to get a large amount of USD.
  • Overall, an interesting bug that have devastating consequences. These finance manipulation vulnerabilities are complicated and subtle.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed