Uniswap/Lendf.Me Hacks: Root Cause and Loss Analysis

Figure 1: ERC777-Compatible transferFrom()

Root Cause Analysis

Figure 2: ERC777-Compatible tokensToSend() Hijacking
Figure 3: OpenZeppelin’s Exploit Demo (Hook Setup)
Figure 4: OpenZeppelin’s Exploit Demo (Hook Function)

Uniswap Hack

Figure 5: Uniswap Hack

Lendf.Me Hack

Figure 6: Lendf.Me Hack
Figure 7: Lendf.Me Hack Details

Mitigation

Aftermath

About us

--

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Participate in TomoFinance Airdrop Campaign and Get free TOMO

{UPDATE} Walk Virtual Reality 3D Joke Hack Free Resources Generator

Elon Flegenheimer of AerialSphere: 5 Things You Need To Know To Optimize Your Company’s Approach to

Maintaining Control within Incident Response Investigations — Part 3

Six Insights from the 2021 SANS Cloud Security Survey

Is Coding Important for Cyber Security?

FREE 2.000 MYSTERY BOXES. Value: $300/BOX

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PeckShield

PeckShield

A Blockchain Security Company (https://peckshield.com)

More from Medium

Anton Nell closes support for various DeFi networks — Alternative Rubyswap

BlockVision and Polygon Team Up to Help Developers Build for the Ecosystem

Development Update — What We Are Building Behind the Scenes

How and where to Buy Snowman DAO ($SNOWMAN) — An Easy Step by Step Guide