Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Price oracles are being in used to calculate how much a token costs. This is similar to exchanging currencies at the airport for USD to Euros. How is this cost set?

In the land of crypto, this is commonly done based upon algorithms from the amount of assets in circulation. If there are more coins in circulation, then they cost less. If there was less coins, then they cost more.

If the users of the token are not careful, then the cost of the token can be manipulated. For instance, an attacker could buy a ton of tokens to make the token cheap. Then, buy something using this new cheaper price. Finally, return all of the tokens to make the price stable again. This is known as oracle manipulation.

In the case of Inverse Finance, it was a bit more complicated. The attacker took out a flash loan then put collateral in a pool. By performing a swap with the flash loan, the price of their collateral rose drastically!

Because of the rise in price, they were able to take out a large loan from the pool. After performing some conversions, they were able to pay off the flash loan as well. This resulted in 150 million being stolen from the contract.

This token manipulation required a deep understanding of how the system worked in order to exploit. If there is any calculation going on then it must be carefully vetted.