About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Pods Finance Bugfix Review- 910

ImmunefiPosted 3 Years Ago
  • Pods Finance has a rewards system built into the protocol. If you decide to put issue options, then the contract will mint rewards for you.
  • The vulnerability, which was present in both rewards system, allowed a malicious attack to claim rewards for other users. If a user had minted at least one option in the pat, they could repeatedly call unmintWithRewards() in order to claim the same share over and over again. By doing this, all of the funds from the contract could be stolen.
  • The fix for this was calculating the reward based upon the options being unminted and NOT the shares that the user possesses. Even though this could steal all of the funds from the contract, it was rated as "high" instead of "critical" since just the theft of rewards was possible. Regardless, being able to drain the contract of all the money seems like a critical finding.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed