Scary hackers can steal assets from your wallet
Heyo,
Jules here, from Cyfrin.
The future of crypto hinders on smart contract security. As the markets rise, we’re more focused than ever on building the web3 we dream of.
Through technical education, private and competitive audits, auditor tooling, and more - we are committed to making 2024 the best year of crypto yet!
TLDR
✍🏼 How did a hacker steal assets from people’s wallets?
📆 Cyfrin ecosystem updates
📚 Auditing tools, audits, and AI debuggers
How did a hacker steal assets directly from user’s wallets?
Exactly a week ago, the Seneca Protocol, a DeFi collateralized debt position protocol, was exploited for approximately $6 million.
🤷🏻♀️ How did it happen?
The attacker was able to transfer tokens from users' wallets to their own address by manipulating the Chamber::performOperations
function.
The
performOperations
function was set asexternal
without the right input validation, enabling the attacker to call any contract with any arbitrary data.The attacker set
callData
as atransferFrom()
function on a token, specifying theto
address to an attacker's EOA addressSince the
msg.sender
was theChamber
contract, the attacker transferred funds to themselves since theChamber
contract had an approval amount that exceeded the total amount of collateral deposited.
— Read more about the Seneca Hack and how to mitigate similar attacks here!
This week at Cyfrin
👩🏻💻 Cyfrin CodeHawks is the only competitive auditing platform in the market today enabling users to judge contests. Learn more about how that works here!
👩🏻🎓 Opcodes, Huff, Assembly, bytecode, Yul, EVM, we dive deep in our Smart Contract Security Course part 2. Check it out here!
🕵🏻♀️ Static analyzers are foundational to audits today - helping researchers uncover vulnerabilities in seconds. Check out Cyfrin Aderyn, a Rust-based analyzer which outputs the report in an easy-to-consume markdown from the get-go!
Related articles
🛠️ Check out the top 8 industry-leading smart contract auditing tools.
⚡️ Everything you need to know about smart contract audits.
👩🏻💻 Here are 7 steps to debug anything using AI.
Let us know what you think about our content here!
Sending lots of cyber love,
Jules 🤸🏻