Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Cronos is a Cosmos based chain that uses Ethermint as the smart contract runtime platform. They have the largest TVL within the Cosmos system.

Within the TectonicStakingPoolV3, a user can call the function performConversionForTokens() with a path of different tokens. However, this doesn't contain an allowlist or checks for reentrancy.

Using the lack of protections, an attacker can stake their balance part way through the swap path. Why is this bad? Both before and after doing the swap, there is a call to balanceOf for TONIC on the current contract. The sent in amount of TONIC is thought to be amount that the user now has, crediting them all of this.

By calling stake() part way through the execution of this, an attacker can send in tokens as part of the stake. So, they get counted both as the stake and as part of the transfer, leading to a double use of the TONIC. By repeating this over and over again, it's possible to steal almost all of the funds from the protocol.

The response from Cronos is why this caught my attention. Cronos deemed that since this had a 10 day waiting period and they had sufficient monitoring in place that this wasn't a risk. So, instead of a large payout, they were going to give them 2K and move on. Immunefi rejected this, claimed it deserved a max payout then kicked Cronos off the platform when they refused.

To me, 2K is too low but a max payout is too high. Defense-in-depth measures need to be taken into consideration. The timelock is sufficient to me to lower the impact but should still be high high or a low critical.

I don't like the precedent of having private monitoring tools as a silver bullet. 1) they can't be audited and 2) how do we know that people will respond to it correctly? Regardless, good finding and it's a bummer that they didn't pay out for this.