Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Team Finance, a crypto token launchpad, was hacked. They were attempting to migrate from the Uniswap v2 to v3. This whole project was a safe keeping for funds will some sort of migration was happening.

The migrate function for the smart contract had a faulty locking mechanism. The validation checked to see if the address belonged to a ERC20 token. Since this can be controlled by an attacker, they were able to lock their own ERC20 token in it and make the call themselves.

Once the bypass on the call was found, they could perform a liquidity transfer to a new attacker controlled Uniswap v3 pair. Then, the leftover liquidity that wasn't transferred was considered the profit of the swap. Alongside the bypass of the caller verification, an attacker could set the initial price of the token in the pool.

Now, the transfer was performed with a skewed price, giving the attacker a massive refund as profit. This finding was missed by Zokyo security. A good reference of this issue was on Rekt.news as well.

Defense in depth of not letting any token be used in the contract would have solved this problem. The security of the migration function relied upon this. Further analysis was done by Slowmist.

Overall, good audits don't solve everything (unfortunately) and migration code should be considered for the security of an eco-system. An interesting bug that allowed the hacker to get a major payout from specifying a bad initial price.