Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Armour DeFi has a insurance coverage-like functionality. A user with coverage can make a claim after suffering some event covered under the policy.

An ETH is worth 10^18 WEI. When dealing with money in Solidity, for functions such as msg.sender.transfer, the amount to specify should be in WEI.

When making a payout, the amount specified was in WEI. However, the developer thought that it was in ETH. Hence, they multiplied by 10^18, even though it was already in WEI. This results in a crazy large payout that should be possible.

This vulnerability was discovered a few hours after the bug bounty program amount increased, which means the program is working as intended! This bug had not been sent to production yet but would have resulted in a major hack if it would have been.

How was this not found in testing? This is basic functionality testing that should have test cases for it. Sometimes, all of these products just feel like scams.