Evil jars deployed during the attack and passed in the swapExactJarForJar, investigating more on this



The are sensible ops executed in that method (e.g. approve, withdraw etc).
In addition in the second invocation for swapExactJarForJar there were passed a target and doing a delegate call to CurveProxyPool 😢

Really complex and is not using at all FlashLoans!

Getting some food and continuing, seems really well studied and not easy.
Definitely very similar to what we call Remote Code Execution in traditional envs.
Closed the war room with @picklefinance team

Soon there will be (good) updates 💪

h/t @bneiluj @bantg @samczsun

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Emiliano Bonassi | emiliano.eth

Emiliano Bonassi | emiliano.eth Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @emilianobonassi

7 Aug
I'm proud to release Gas Saver Gnosis Safe Module


a user smart-contract module for @gnosisSafe wallets which let you interact with

*ANY* protocol

and save tons of gas leveraging @1inchExchange $CHI and $GST2

Below how to use it and examples 👇
1/ Follow the instruction in the Readme and deploy your version (proxy) of the module. Then add it!

As you see in these txs, you can save up to 50% when interacting with @compoundfinance and @AaveAave

ANY protocol is supported immediately! Use in your @AragonProject DAO!
2/ With this release, I'm proud also to announce the version v1.2.1 of Gas Saver, a library for builders to enable saving in their smart-contracts!

Added support for traditional GST2 tokens!

This module is based on this work 😉

Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!