Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Stacks is a Bitcoin L2 blockchain. It uses the Clarity (Cl) language, which has a LISP-like syntax, for executing smart contracts.

For some reason, the article says that it's more secure to use an interpreted language vs a compiled language, which makes zero sense to me. Neither of these is more or less secure, as shown by the bug.

The vulnerability is a really simple denial of service vulnerability found by bad error handling. When calling ft-get-supply with a non-existent address the Rust error handling doesn't consider the case where nothing is returned. So, the Clarity VM crashes in this case.

Fixing this is trivial; just make a call to Some/None in Rust. Overall, a really simple bug that paid out quite a bit. The more esoteric stuff you look, the lower the bugs will be on the tree.