Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Float is a currency that tracks digit assets instead of pegging to the dollar. The pool for FLOAT was using Uniswap V3.
- The price of a pool is calculated based upon the proportional amount of tokens within the pool. For instance, if there are 50 of token A and 10 of token B, then the trading of token A for B would 5:1.
- In Uniswap V3, there is a TWAP (Time Waited Average Price) for the pricing. This means it's not trivial to manipulate the pool, since the time is a factor.
- In the previous week, 1M in assets had been taken, leaving 550K total left. Additionally, the price of FLOAT had gone up considerably.
- The attacker bought 77.5k float using 47ETH. The pool now contains 250K USDC and 5 FLOAT. After waiting a few minutes, the TWAP caught up and the price had drastically changed.
- The attacker then deposited their overvalued FLOAT to get other assets. Since the FLOAT was overvalued, they were able to make a profit off of this.
