Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Zenon Network (ZNN) is some sort of blockchain network that interfaces with the BNB chain.

Their ERC20 contract for wrapped ZNN (wZNN) had a public burn function. Since the price of the coin is dedicated by the amount of coins in circulation, this is horrible. A link to this is on Twitter from Peckshield.

The attacker took out a very large loan (commonly referred to as a flash loan) to invest in a massive amount of wZNN tokens. They called the burn function to destroy 26K wZNN tokens. Since this decreased the amount of available tokens, the price skyrocketed.

Since the price of the token was so high, the selling back of the tokens (wZNN) to the contract made them way more valuable than they actually were. As a result, they drained the entire contract of WBNB tokens to use for other purposes.

This was caused by a very simple access control bug. A public function like this is completely unacceptable.