Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Two parameters are used in order to prevent validators from holding onto transactions until it's convenient for them to spend. First, there is slippage. This is used in order to prevent a frontrunner giving you a bad price. In particular, you choose the minimum amount of tokens out that you're okay with.

The second is the deadline. The transaction could wait in the mempool for a long time when trading is intense. Setting the maximum amount of time it waits in the transaction pool is important in order to prevent bad positions for users.

In this report, both of these parameters were messed up. The time was set with block.timestamp instead of setting a real timestamp. This vulnerability ended up being a bad interaction with Uniswap if the transaction is left in the pool for a super long time.