from Hacker News

Technical Analysis of the Poly Network Hack

by w4llstr33t on 8/11/21, 2:29 PM with 32 comments

  • by 3pt14159 on 8/11/21, 5:32 PM

    It will never cease to amaze me that someone with the technical chops to pull off an attack worth this much hasn't done the minimum pre-work necessary to get away with the cash or at least some non-trivial amount of it.

  • by yonixw on 8/11/21, 6:21 PM

    What was missing for me in the article is the fact that they don't call a function by name AND by validation of hash.

    Instead, only by hash(<method name string> + "(bytes,bytes,uint64)").slice(0,10) which is brute-force-able.

    Still, this sounds just like one of my worst nightmares. A code in production having bugs that will lose all my money to an untraceable environment (the tornado chain).

  • by hamburgerwah on 8/11/21, 10:17 PM

    This doesn't even sound like a hack. The beneficiaries executed the digital contract in way that was explicitly permissible by the contract. It was perhaps contrary to the original intent of the contracts creator but that intent needs to be irrelevant for digital contracts to serve any useful purpose more than just traditional non-digital contracts.

  • by cwkoss on 8/11/21, 4:55 PM

    Great write up.

    I wonder if Coinbase has flagged the USDC that was stolen. Are those currently less-fungible USDCs?