Prerequisites
This article will introduce a bear market technical idea, how to let hackers work for us. The labor of free-for-all hackers is successful. Technical details will not be released for the time being. Interested friends can join our channel at the end of the article.
What is hexadecimal
You need to explain to you what hexadecimal data is.
When you interact with any contract, you will enter certain data for it. The contract receives this part of the data for processing. This data defines which interface function you want to interact with the contract, what parameters to pass to this interface function, etc. These The data will be compressed in the form of hexadecimal.
You open etherscan, randomly find a transaction record of yours, click to enter the details, and then keep pulling down, you will see input data at the bottom, and there is a long string of characters on the right, which is the data you entered when interacting with the function of this contract Converted to hexadecimal.
![[Pasted image 20220704110226.png]]
Cases before hexadecimal transaction copy
This problem is mainly caused by two situations:
1.用户绕开官网,直接通过matemask用别人已经产生的16进制Input Data与合约直接交互。
2.合约对于mint的白名单校验存在漏洞。
This NBA loophole does not require you to understand the hexadecimal system to use it directly. The loophole in the NBA project is that it does not verify the address of msg.sender. So I can find Zhang San's transaction records first, and then copy and paste his hexadecimal number into the wallet to execute the transaction. At this time, Zhang San's address is used when verifying the white list, so the verification will pass, but Mint uses my address because I am interacting with the contract.
To do this, you need to use Metamask to call the smart contract, first open Advanced gas controls (for manually setting the gas limit) and Show Hex Data (for entering input data) in the advanced settings of Metamask, and the payee selects the smart contract address (Refer to other transactions of the same type to extract the corresponding address), enter the input data in Hex Data, and remember to add "0x" at the front, and click the Confirm button
![![[Pasted image 20220704111834.png]]](https://img-blog.csdnimg.cn/59908b65b7014621a61562dd325e9b7c.png)
After sending this transaction, although we are not on the whitelist, we can still buy an NFT for nothing.
If you really don't understand it, refer to the link below:
https://twitter.com/gm365/status/1519897349598093312
https://mp.weixin.qq.com/s/WTmegfvWEs5ws9FuEbls8Q
Whoring Hacker's Wool
With the above pre-knowledge, we know that if we can understand the data in the input and manipulate it. We can copy arbitrary transaction data.
For the purpose of maximizing utilization. Let's think about it, who is the master of empty gloves and white wolves in the blockchain? Of course it is a hacker!
Top 10 blockchain hacks in the past month. cause the following losses.
Think about it, if we can follow the hacker to eat meat and copy his transaction immediately after he launches the attack. Isn't it possible to make money in a bear market? It is equivalent to hackers working hard to dig holes, and we prostitute their labor success for nothing. After all, blockchain transactions are open and transparent. It depends on who is the first to discover and who is the first to act. If you look at it this way. It is equivalent to hackers working for us.
Roughly introduce the transaction copy process:
1. Detect hacker attack
2. Analyze input data
3. Replace hacker address with your own address
4. Detect profit that can be arbitraged
4. Fork block for arbitrage simulation
1. Hacking detected
Most of the attacks on the blockchain use flashloan as the start-up capital. Who is serious about using flashloan? So our idea is to monitor all flashloan events. The technical details involved here will not be discussed. Basically, it is to monitor all events on the blockchain. Filter out flashloan. The technology stack needs EVM. The effect is as follows:
2. Analysis input data
The technology stack here is still EVM, here are a few maps, other content will not be made public
3. Replace the hacker address with your own address
After the above operations, we can roughly understand what the hacker has done. What we want is to change the hacker’s wallet address to our address. The following is the data content after decrypting the input.
4. Detection of arbitrageable profits
There is another detail to consider here, that is, after the hacker attacks. The amount of funds in the pool is not as much as before the initial stage. All we also need to modify the funds we can arbitrage. Different situations need to be analyzed here. Get the current pool's reserve.
5. Fork block for arbitrage simulation
After the details of the above attacks are clarified, we will see the effect. But it cannot be directly linked to the chain, after all, it is not very mature yet. So we need to fork the main chain and conduct a simulation test on arbitrage. If there is indeed a profit after the attack. Then we can actually go on the chain.
The final effect is as follows:
This is an arbitrage modeled on the fswap vulnerability. The details of the vulnerability will not be mentioned here, you can learn about it here
https://www.defidaonews.com/media/6758710
Following the hacker's record, we arbitraged 3100U. not bad.
Discussion channel:
https://t.me/+I5Jo_3_FKhpmZWQx