Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Solana Wormhole is a communication enabling the transfer of tokenzied assets from different blockchains. Wormhole has a set of guardians that sign off on transfers between the different chains.

A bridge works by having two contracts: one on each chain. In this case, there was a contract on Solana and another on Ethereum. What was the attack? Simply put: the attacker submitted transaction showed that it contained valid signatures from the guardians. They created 120K ETH out of thin air!

In order to do things cross chain, the guardians must sign off on it. Or do they? Four functions down in the call stack, a change to use load_instruction_at_checked instead of load_instruction_at was made. One of them makes the assumption that the verification has been done while the other does not.

Once the attacker realized the mistake in the code (removed the signature check), they provided their own smart contact to be used for verification. At this point, it was trivial to mint their own tokens.

The validation was passed down several times. This is an excellent case where a unit test or integration test for security based issues would have helped a ton.