Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Beanstalk uses a decentralized governance protocol. The smart contract contains a 2/3 vote emergancyCommit function that happens in 24 hours.

Voting in the Beanstalk protocol is determine based upon the donations to the contract itself. Right before the time for the vote was about to happen, they performed a flash loan or took out an insane loan for a short period of time.

This flash loan gave them 79% control of the protocols votes. With this power, they could approve their proposal with the emergancyCommit(). Since the proposal was just sending the money to the Ukraine and the attacker, the money was gone. At this point, the attacker used the money to pay back the Flash loan.

Flash loans are part of the eco-system and must be accounted for. Otherwise, attackers will steal all of the money then pay back their flash loan.

This contract was audited by a security firm, shockingly. However, they were not allowed to audit the governance functionality of Beanstalk.