Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

PancakeSwap uses Crowdin for localization management. This is making the website available in many different languages.

The API key on the website for Crowdin had bad permissions though. Instead of only having read only permissions it had writable permissions as well. This means a user could have changed the localization, such as English, to change the content of the website. This could have allowed phishing to take place to steal a bunch of money from the platform.

Web bug in a cryptocurrency project that was quite bad. Good find!