Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The tweet starts with an image of Solidity code: here. It's mostly Yul Assembly with two functions calls in it. The first function g(), which calls storeAndReturn().

Inside of storeAndReturn() is a Yul assembly block with assembly {return(0,0)}. In most languages, return exits the function. However, in Yul, (unlike standard Solidity), this stops execution of the contract at that moment instead of simply returning to the next function. I ran into this once and thought it was extremely weird.

The author just learned this. While looking at an Immunefi program, they noticed a function called functionCallWithValue within a library. This was calling return in Yul thinking that it was returning back to the function. Instead, it was completely ending execution.

What if additionally checks or calls need to be made? This could lead to a security issue. In the case of this program, they didn't find anything directly exploitable. Instead, a user using batchExecute() would have unexpected results because of this functionality. They got 5K for finding this bug.