Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Transient storage is a new type of EVM memory that stores data only for the length of the transaction. It is cheaper than storage but deletes itself at the end of the transaction. These are callable via TSTORE and TLOAD opcodes. A great use case for this is reentrancy flags. With new functionality comes new bugs!

The vulnerable contract was a Vault contract that interacted with UniswapV3 via callbacks. The smart contract is making a call to a UniSwapV3 pool. When the tokens are transferred back to the Vault, it must know who the intended caller is. This is done by specifying the UniswapPool address into storage slot 1.

On the swap callback function from UniswapV3, there is verification being done that it's indeed the proper pool. This is done from reading slot 1 of the transient storage. Later on, the amount that was minted is stored into this slot. The problem is that the amount is never cleaned up!

Both the amount and UniswapPool use slot 1 of transient storage. Since the amount being minted is a user controlled number, the attacker used this property to write an address they controlled with the amount value. Now that this was set, they were able to bypass the UniswapPool verification check to call the contract to steal all of the funds in the callback.

Don't reuse storage slots... this isn't 1980's video games. Good writeup!