Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Bunker Finance is a borrow and lend platform specifically for getting money for NFTs as collateral. Essentially, you can fund loans by using NFTs.

When depositing NFTs as collateral on Bunker, the users receive a bNFT or cNFT. This is a wrapper around the underlying NFT type (ERC-1155, ERC-721 or CryptoPunk). This demonstrates ownership over a specific NFT.

When minting a cNFT for ERC-721 or Cryptopunks, the parameter amounts is NOT checked. This means multiple ownership tokens can be minted, while the NFT itself is still in the contract. Instead of a 1 to 1 relationship there is a 1 to many relationship, which is real bad for unique objects.

Now, an attacker can use ONE cNFT to redeem there original NFT while still having leftover cNFT. Practically, since this is a unique token, if an attacker sold the NFT on this platform, they would simply be able to redeem it using the extra cNFT token! This steals the token from the other user.

Overall, neat bug with a new proof of concept included in the blog that uses hardhat and a forked network.