Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Platypus Finance is an AMM protocol on the Avalanche blockchain. It has asset liability management and swapping capabilities. In February of 2023, they introduced USP, a new stablecoin.

MasterPlatypusV4 is the Masterchef-like orchestrator. The emergencyWithdraw() function allows for main contract to withdraw their LP tokens from a given pool without caring about rewards. The contract literal has "EMERGENCY ONLY" within the code lolz.

When performing this operation, the only check on the function is whether the user is solvent enough. What does this do? It validates that the user's debt is less than equal to the USP borrow limit. The better question is "what doesn't this do?"

The contract does not check if the user has taken out funds via a loan. Because of this, an attacker can withdraw their collateral and keep the funds from their loan. Yikes! In the real attack, $8.5M in assets was stolen.

To perform this attack, an attacker can take the out a flash loan. Once they do this, they deposit the funds into the Platypus pool for LP tokens. TODO....