Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Maximal/Miner Extractable Value (MEV) is a measure of the profit that a miner can make by ordering the blocks they produce. For an attacker, this can be includes, excluding or reordering the transactions altogether.

Mushroom Finance has built in protections in place that make flash loans attacks not possible; only externally owned accounts (EOA) cannot make a call to the contract. However, the concept of the arbitrary ordering of blocks is still important here.

A sandwich attack is when a miner orders their transaction, a victim transaction then another controlled transaction. This bundle of transaction within a block could make the miner block very profitable, given the proper sequence of events. Sandwich attacks are are version of frontrunning.

In the case of the Mushroom Finance contract, there is a function called harvest(). When this is triggered, the yields for the earned funds will be distributed pro-rata (based upon the amount of inserted funds.

The attacker can manipulate the harvest function call but sandwiching two other transactions. First, an attacker would need to use their own funds in order to distort the price of the Uniswap pool. Then, in the sandwich, the put the harvest() call. The final transaction has the the Uniswap pool go back to its undistorted state, taking some of the harvest funds.

To fix this problem, which had been exploited by several bots in the past, the fix is calling harvest more frequently. If there's no money to be gained, then there's no attack.

The malicious ordering of transactions within a block is a fascinating attack. I wonder if it's possible to simulate this on a local fork for demonstration purposes?