Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Solution for trading tokens that have already been collateralized. This includes synthetics, NFT shards and many other things. This attack stole $31M in assets from Ethereum to Polygon.

The smart contract has the ability to swap one token for another. In this case, a token being sold and a token being bought are specified. What bug can exist here?

What if you specify the same token. By setting the in and out tokens to be the same, the price would be updated on the tokenIn, resulting in the tokenOut being worth more! This caused a massive inflation on the price of the MONO token, which is native to the platform.

The attackers executed this attack via a script to steal $31 million in assets by continuing jumping up the price of the token without ever losing the token. They are insured for only a million dollars. So, some of this will be distributed back to the people who lost their money.

The source code for this bug is showed at here. Mainly put, it shows that there is no validation that the two tokens are the same. This is so sad since this company went through several security audits.

To deal with this, a few things were done. Stop wallet exchanges for any addresses linked to the attack, pause the contract until a serious fix is made, chat with security advisors and try to find the attackers. Decentralized is great until something like this happens. Don't you wish the government could just give you the money back? If only FDIC was on cryptocurrency. Just let the banks manage the money or things like this will keep happening!