Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Browsing for Bugs: Finding and Reporting a $3M Bug in Premia Finance
Ayaz Mammadov - Zellic Posted 2 Years Ago- The author commonly browses through DeFiLlama looking for new things to audit. If it has a TVL of 5M and has a bug bounty program, they will take a quick look for some low hanging fruit.
- The low hanging fruit are the focus of the article. In DeFi, it's common for the code of a popular project to be forked over and over again with small changes, such as Aave and Uniswap. Once you know how these codebases work, non-standard functions or modifications to the underlying protocol become great targets.
- The function
sendFrom()appeared to be custom. This was used for allowing a user to transfer funds on behalf of another user. Essentially, it was atransferFrom()for cross-chain calls. - The function took in a
fromaddress. However, this was NOT used for the verification; only the use. Instead, the allowance check was performed on the sender for the mapping twice!allowances[msg.sender][msg.sender]ended up being performed, after removing from abstraction. So, by allowing yourself, you can steal tokens from another user. Yikes! - The bug is obvious; but the efficientcy of it is interesting. If you already know and have audited the top 10 most common codebases, then you can make quick work on a fork. Overall, a simple bug that led to a large payout.
