Creamed Cream – Learn the Secret Recipe (Cream Hack Analysis)

Cream Finance was hacked again on 27th October 2021. Likely for the final time. The attacker stole $130m+ worth of assets from Cream’s lending protocol. The attack was executed over multiple transactions due to block gas limits, but the bulk of it happened in this transaction. This was one of the most sophisticated and cleanly

Creamed Cream – Learn the Secret Recipe (Cream Hack Analysis) Read More »

A peek inside the MISO war room – $350m incident response story

The Bug The DutchAuction smart contract inherits the BoringBatchable utility contract that allows callers to batch different calls together. There is a commitEth function in the auction contract that uses msg.value to know the amount of ETH commited by the user. If the user commits more ETH than the contract’s capacity, the contract refunds the

A peek inside the MISO war room – $350m incident response story Read More »

Poly Network Hack Analysis – Largest Crypto Hack

On 10th August 2021, Poly Network suffered from a hack that caused a loss of over 600 million dollars. The hack happened across multiple blockchains including Ethereum, Binance Smart Chain, and Polygon. This is the largest crypto hack yet. Poly Network is a Blockchain interoperability project that allows people to send transactions across blockchains. One

Poly Network Hack Analysis – Largest Crypto Hack Read More »

Cover protocol hack analysis: Infinite Cover tokens minted via an exploit

A bug was exploited in the Cover protocol’s liquidity mining/farming contract called Blacksmith. Multiple hackers used the bug to mint practically infinite tokens. The biggest hacker burned most of the hacked tokens and returned 4350 ether but there still are around 70 thousand Cover tokens in circulation that were created using this exploit and shouldn’t exist. The original hacker has cashed out about 1400 ether, 1 million DAI, 3k LINK, and 90 WBTC, about $4.4 million in total already.

Cover protocol hack analysis: Infinite Cover tokens minted via an exploit Read More »

Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime

This is the story of a simple bug in the FRAME runtime of Parity’s Substrate blockchain framework. The bug allowed attackers to do infinitely large transactions without paying any extra fees. The vulnerability was the result of a buggy implementation of fee calculation in the FRAME runtime of Substrate. By exploiting this vulnerability, an attacker

Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime Read More »