Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Cream is a decentralized lending protocol (just like a ton of things on the blockchain). In the Cryptocurrency space, an Automated Market Maker (AMM) is used for calculating the cost of an asset algorithmically instead of users calculating the price. This sounds great for usability. However, there are problems with this.

What happens when the user has control over an insane amount of funds? When the creation of flash loans, a user can a large amount of funds for a very short amount of time (one transaction to be exact). If the algorithm does not take this type of control into consideration, then a malicious actor can use this to steal a lot of money.

In the case of Cream, there is an issue in the price calculation of wrappable tokens. The price oracle for yUSD tokens calculates the value of the crYUSD value shares based upon the total supply of yUSDVault tokens. The cost yUSD balance / totalSupply yUSDVault.

The attacker redeemed $500 million yUSD from the vault. Then, when they added 8 million into the vault that they owned. By dropping the amount of tokens in the vault to nearly zero, this doubled the perceived value of the shares owned by the attacker because of the algorithm used above to calculate the funds; it is based upon the percentage of funds in the vault. By taking out flash loans from AAVE and MakerDAO, the attacker made 130 million off of this.

On twitter, Cream claims that if the attacker gives all of the money back they will pay a bounty cost of %10 the stolen funds. This seems ridiculous to me... here's an additional link from Immunefi that came out years later.