About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Osmosis Zone Draining of Liquidity Pool Vuln- 1141

TheJunonautPosted 2 Years Ago
  • Osmosis Zone is a decentralized exchange built in the Cosmos ecosystem.
  • A reddit user made a comment that a bug in the liquidity pool allowed a gain of 50% for simply adding and removing liquidity from the pool. Naturally, people did not take the person seriously... until they tried it. This was taken advantage of to still money instantly.
  • Eventually, this led to a stoppage of the blockchain to allow for a fix before it was too late. How easy was this exploit? Put money in, take it out... do it again. Eventually, the various hackers stole 5M from the dex, prior to the stoppage. It's pretty clear looking at transactions that money is simply being duplicated.
  • Overall, a really simple vulnerability that is unreal it wasn't found during testing. To me, taking out when you put in seems like a pretty sane thing to test.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed