naddison36/README.md

Last active February 25, 2021 01:05

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/naddison36/8eaec14ab553a9340662b6f12674a512.js"></script>
Save naddison36/8eaec14ab553a9340662b6f12674a512 to your computer and use it in GitHub Desktop.

Download ZIP

Punk #1737

Raw

Punk 1737 Hack

https://www.larvalabs.com/cryptopunks/details/1737

Punk #1737 received a legitimate 26.25 bid and accepted, but before his tx hit the chain, a contract flashloaned 26.25 eth + 1 wei and bid himself. The owner got 1 wei in return for his sale, and the contract now owns the punk. https://twitter.com/aradtski/status/1364714105525964811

The attacker entered 2 bids for #1,737:

enterBidForPunk(1737, 26.25 ETH)
withdrawBidForPunk(1737)
enterBidForPunk(1737, 0 ETH)

https://etherscan.io/tx/0x8cc3c4774cf08f17c87a1815871ea935fc030d511d002e4fbc521b3c69d82ad8

Then acceptBidForPunk https://etherscan.io/tx/0x65ab81ab49c09a695bdd768e44e635e14212064871a96902dc94fdc2746d78f6

Raw

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

Raw

punk1737.jpg

Raw

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment