Getting started with smart contract in Bug Bounty
ID: cb35d3d8-c482-5758-9027-b24cee4688bd
STIX ID: report--cb35d3d8-c482-5758-9027-b24cee4688bd
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
This guest blog post explains smart contract security fundamentals and walks through a real-world bug hunting session where an overridden ERC20 transferFrom in AxonsToken lacked proper authorization checks, allowing an attacker to move arbitrary user balances into the auctionHouse and then to an attacker-controlled address; the author demonstrates a working PoC on a Rinkeby mainnet fork and recommends enforcing sender/msg.sender checks or explicit auctionHouse authorization as the fix.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
