Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

SafeMoon is a blockchain company that trades on the BNB chain. They are trying to put crytocurrency into the future, such as a debit card and some other products.

SafeMoon was just hacked for 8.9M dollars. The contract has a burn function, which is used for removing tokens from the total supply in circulation.

Since the cost is commonly associated with the total supply of tokens, being able to make or destroy tokens at will has effects in other places. In this case, the attacker used this to remove the SFM (SafeMoon) tokens from the Safemoon-WBNB Liquidity Pool to raise the price of SFM. They then sold SFM into the LP at a very overpriced rate to steal money.

What's interesting about this bug, it that the security issue was deployed only hours before being exploited. It is super crazy how this code was published without being audited first.

Public burns are bad. Being able to burn arbitrary tokens from users accounts is a massive access control issue. Somebody plugged this into ChatGPT, which even found the bug!