Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Paraluni is a financial project in the metaverse. The function depositByAddLiquidity contains a reentrancy vulnerability in it.

When calling depositByAddLiquidity, an internal call is made that transfers the caller deposit into a new pool. However, the pool contract can be controlled by an attacker. Once the flow is sent to the attacker contract, we can reenter this contract again.

The funds have already been transferred to the other pool put the internal state has not been updated. As a result, an additional call to this contract to deposit can allow for moving the money TWICE. This can be repeated indefinitely to drain the contract of money. A twitter thread showing the code is at here from PeckShield.

Typically these reentrancy bugs are only within the fallback functions. So, it was cool to see this vulnerability happen in a place that is impossible to fully fix in Solidity. Cool bug!

Another write up, from Slowmist, has good analysis on it as well. The main new insight is that the incoming array of tokens was not validated to against the pool. This resulted in the controlling of our own ERC20 token.