Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Automated Market Makers are great! Well, until you manipulate the algorithmic part of it. It was audited by WhitehatDAO who cleared missed some things.

In Hundred Finance, hTokens are liquidity provider tokens. These are interest bearing tokenized representations of user deposits. This is denoted with an h in front of the token name, such as hBTC.

The exchange rate formula for the contract was based upon the amount wrapped Bitcoin (WBTC) that the hBTC the contract has inside of it. Using this knowledge and the lack of protection, this can be abused. First, the attacker donated 200 hWBTC from 200 WBTC.

By donating a large amount of hWBTC to the contract, the exchange rate went up dramatically. Using the inflated exchange rate, they took out large loans from other platforms. Why is this bad?

If we borrow 1M of assets at but provide something worth 1.5M, that's fine. However, the liquidation point is where the collateral becomes worth less than the borrowed funds. The attacker used the high exchange rate to trick protocols in accepting way less collateral than they should. Once they put the exchange rate back by redeeming the hWBTC, they kept the loan and left the useless collateral.

Algorithms are hard when using have access to infinite money with flash loans. Overall, another DeFi hack on Hundred Finance. It should be mentioned that this a fork of Compound... the flaw is partially in the design of Compound.