About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

88mph Bug Awarded with $42,069 Bounty- 529

iosiroPosted 4 Years Ago
  • 88mph is a fixed rate lending protocol on the Blockchain. Security vulnerabilities on the blockchain are extremely serious, as they can result in millions of dollars in lost funds.
  • Smart contracts can have constructors that are used to initialize the contract. This is a special function that is only called at the initialization of the contract. What if somebody used a regular function for the initialization step? If this was not locked down, it would be a major issue.
  • The vulnerability is that the smart contract does not use a constructor to initialize and does not lock down the other initialization functions. Because of this, the owner of a contract could be changed via the initialization contract. Once somebody was the owner, they gained access to privileged functionality, such as the ability to burn or mint coins.
  • Once this was discovered, the team had to fix the protocol. They set up a warm room in order to handle this. They bricked the current contract, burned all of the coin then reminted it, giving it back to the original users. It should be noted they sent the money to Taichi in order to avoid frontrunning attacks.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed