Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The MATIC token is the main token within the Polygon ecosystem. It's like Ether, but for Polygon. This token is used for voting, improvement proposals and many other things. The token itself is a smart contract on the network and is used for paying gas or transaction fees.

There is a special function that allows for gasless transactions to be made. The user who owns the token digitally signs several parameters, such as the operator, amount, none and expiration. The token is gasless since the operator pays for the gas.

There are two horrible bugs in this contract. The first one is that the sender balance is never validated to have enough money. As a result, an attacker with $0 can pose as having $2m dollars. Neat!

The second bug, which is shocking was not caught in the development process, is bad error handling. When validating a signature, there are many ways that it can fail. However, there is a major problem: the failure is not handled properly. Sometimes, the require block is used, which reverts the operation. Other times, however, it returns 0x0, which appears to be a valid operation.

As a result, of the bad error handling, an invalid signature of a bad length will return 0x0. The function doing the verifying call believes this is legitimate and continues on as normal. Error handling is hard and is something I always look for during code review.

The finder of this vulnerability was given 2.2 million dollars for his finding. A second finder got 1 million dollars. Finally, a single attacker found it and stole 1.8 million from it. You can't steal ALL of it otherwise the coin will not be worth anything. Damn, that's a big pay day for such a simple bug! Maybe I should hunt for smart contract vulnerabilities!

The resolution for this bug was simply removing the vulnerable function transferWithSig. I'm unsure if they removed the gas swapping functionality or what happened. It seems like the code quality for smart contracts is quite well, as BOTH of these bugs would not have survived a proper security review.