Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Feminist Metaverse (FM) is a DAO for women's rights. The contract had its own token - FM.

The smart contracts _transfer function had code for figuring out the dividends for the stakers of the token. This is done with two lines of code:

_balances[uniswapV2Pair] = \
     _balanceOf[uniswapV2Pair].add(contractTokenBalance);

_balances[address(this)] = \
     _balanceOf[uniswapV2Pair].sub(contractTokenBalance);

The key thing to note is that the amount of funds going to the uniswapV2Pair is done via setting the balance manually and not by an actual transfer. Why is this a problem? The normal logic and considerations for money does not apply to this!

The if statement to trigger this functionality is trivial to trigger every time. So, an attacker can send very little FM to increase the amount owned by the uniswapV2Pair contract. This is NOT the intended functionality.

The skim function is for making the balances match the reserves. Without the bug above, this wouldn't matter. But, since we can desync these trivially, an attacker can call this function to get the difference between the contracts.

The bug seems like something that should have been caught in testing. Additionally, the skim function being callable by anyone is very strange. Overall, an interesting exploit.