learn-evm-attacks icon indicating copy to clipboard operation
learn-evm-attacks copied to clipboard
verified publisher icon coinspect

[WIP] curve read-only reentrancy

Open joaquinlpereyra opened this issue 3 years ago • 0 comments

Worked on Curve read-only re-entrancy problems with a focus on the attack on Qi specifically.

  • I wrote the meat of the README, missing sources and graphs. Sources should mention issue #43 which brought this to our attention
  • I have a semi-finished implementation of the attack, with the reentrancy to the evil contract working. Missing asking for a borrow with the mispriced LP-tokens.

The (trace transaction)[https://tx.eth.samczsun.com/polygon/0xb8efe839da0c89daa763f39f30577dc21937ae351c6f99336a0017e63d387558] is very big but should be helpful if anyone wants to take a look.

joaquinlpereyra avatar Dec 14 '22 20:12 joaquinlpereyra