Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Lever is a AMM-Based trading protocol built on Ethereum. Luckily for us, the Github repo is public and online, including the contracts.

The bug is a logic vulnerability coming down to how collateral's (down payment assets for loans) are handled. When making a loan to Lever for BNB, they deposited xBNB. However, these same tokens could still be SPENT on the vault to pay back a different loan with the repay function.

Essentially, the collateral was not validated to be used for the loan and for paying back a separate loan. As a result, once the first loan was paid off, the collateral from the previous loan could be paid back as well. This creates a double spend issue with the tokens.

According to Halborn, this had seen three professional reviews. From looking at these audits, only minor issues (except a single medium severity finding) and non-security related things were called out. I'm unsure of the quality of these auditors.

The one medium severity finding was interesting though! When performing a liquidation (selling everything from pool of assets) the slippage (price difference between decision and actual execution) is not accounted for. This could lead to arbitrage techniques to steal small amounts of money.

Overall, a set of interesting logic bugs. It does matter who is auditing your code!