Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Fantasm Fianance Protocol had its own coin (just like everything else!). The code for minting (creating) these tokens had a brutal flaw in it.

In a require statement, there is a validation that the user deposits enough other tokens in order to mint the new token. However, we are dealing with FSM, FTM and ETH are input, all at the same time. These require statements must be on point in order for this to work.

The code compares ONLY the value of msg.value (ETH) and not the minimum amount of FTM tokens. As a result, an attacker could ONLY send ETH and FSM tokens but send NO FSM tokens. This error allowed an attacker to mint XFTM without depositing any FTM.

In this case, _minFtmIn variable contains ETH instead of FTM token minimum amount. Since this already passed, it was a major problem. The code is shown below:

require(_minFtmIn < ftmIn, "Pool::mint: Not enough FTM input");

As a result, an attacker could mint XFTM without ever entering in any FTM. So, here is how they stole 2 million dollars:

1. Mint XFTM token without entering in FTM tokens.
2. Collect XFTM token.
3. Sell XFTM token to FTM. Remember, we created these out of thin air.
4. Do this process over and over again with more and more money.

Overall, writing concise code for each edge case is hard. In this case, the check is there but not working properly. This would have passed a code review but failed dynamic testing. An additional link for this is at Halborn.