Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Dynamic is a money market aggregator built that helps to enhance the DeFi lending experience.

DYNA is the token of the ecosystem. When staking this token, a user can earn interest on it. The amount of interest is directly correlated to the length of time the token has been staked.

If the more funds are added, then the portion should be changed. For instance, if I stake 5 DYNA then wait a month, I should get that interest. However, if I add funds to the contract after this point, the rewards of the new tokens should start from that point on.

The code was not updating the information related to time. As a result, an attacker could stake a little amount of funds to rake up some time. Then, stake a HUGE amount of funds to make the contract believe we had staked these funds for a while. With this, we could extract wayyyy more value from the contract than we should be able to.

In the real world, the attacker has a flash loan to make the amount of tokens much larger. Interesting hack when the time is not properly updated.