About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight- 857

Eric BanisadrPosted 3 Years Ago
  • Somebody built a Ponzi scheme on Ethereum from 4chan (go figure). The ERC-20 allowed for an approved user to transfer token upon their behalf. Since this is a ponzi scheme, this makes total sense.
  • When this transfer functionality was happening, an integer underflow occurs. Since the value is unsigned, the should be negative value turns into an extremely large positive number.
  • This appears to be an edge case where some money is being taken by the contract for simply performing the services. This attack is only possible when an empty second account makes the transfer with only a single coin in the other account. Neat!
  • Once an attacker has the maximum amount of coin, they can easily exchange this for Ethereum. This attack ended up being 800K in a single attack.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed