About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Explained: The Superfluid Hack- 930

Rob Behnke - HalbornPosted 3 Years Ago
  • Superfluid.sol was the host contract of this whole infrastructure. Superfluid “agreements” are the rules that Super Tokens operate under. In order to have a trusted and shared state across agreements, a ctx for context was used. This contains all of the context for the agreement function, such as the sender of the call.
  • The usage of the ctx was not done securely though. Because it was user provided input that was being deseralized, it was likely this could be abused. Although they tried setting this up correctly, an attacker could inject their own malicious ctx when using multiple agreements at once. There is a hash check for the ctx, but this was forgotten about on the Host contract.
  • Since this context is trusted, an attacker could inject malicious calls and add other users as the pseudo msg.sender. By doing this, the attacker was able to steal money from the contract and all of its users. Overall, a obvious but interesting attack.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed