Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Miner/Maximal Extractable Value (MEV) is the capability of gaining profit by reordering or adding transactions in a block. This leads to arbitrage, frontrunning and sandwich attacks.

There is a MEV bot (0xbaDc0dE) that gained a large profit from an arbitrage opportunity. The bot is written in Solidity (starts with 0x60806040) but there is no verified contract code. So, the author uses the Dedaub decompiler to see the contract byte code back to Solidity.

The contract is using a delegateCall to call other implementation contracts. Its public functions are flash loan callbacks, which makes sense since it will use these for arbitrage opportunities. The callback for dYdX is interesting to look at.

Validating whether a function can be called is complicated to do within this context. The flashloan callback is being called from dYdX, but who initiated it? This is the vulnerability in the MEV bot.

The callback function has a bunch of logic. Sadly, the decompilation tools cannot decompile everything. So, the author of the post, trying to reproduce the exploit, used the error messages to help them figure out what was going on.

The MEV bot has a mechanism to approve the caller of the contract for spending the functions if the allowance if currently 0. Since we (the attacker) just called it, the code will give our contract now has the ability to transfer funds on behalf of the contract.

It's interesting to see a MEV bot get hacked. It is complicated to see how things works, since the decompilation tools for Solidity are not perfect yet. I wonder if we will see more attacks like this in the future!