About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The New Free DAO Hack- 953

Rob Behnke - HalbornPosted 3 Years Ago
  • New Free DAO is a DeFi project hosted by the Binance Smart Chain (BSC). The New Free DAO contracts are not open source, making them hard to audit but a determined attacker could hit it still.
  • The New Free DAO contract reward calculation is based solely on the balance of the user in the contract.A user earns rewards based on the amount of time that value has been deposited and based on the size of the deposit. In both cases, the deposited amount is multiplied by a set value to determine the reward amount.
  • An attacker can make a massive deposit using a flash loan. From there, they can extract the rewards from the balance and withdraw the deposit. Doing this process over and over again leads to a ton of money being taken out.
  • To remediate flash loan attacks, mechanisms need to be timed out. You shouldn't be able to quickly put in and take out money. Standard flash loan attack!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed