Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
cygaar Profile picture
@0xCygaar
Dec 16 15 tweets 5 min read Twitter logo Read on Twitter
An explanation of the NFTTrader hack that resulted in millions of dollars worth of NFTs stolen 🧵:

(TLDR; combination of reentrancy + old approvals that were never removed) Image
The attack starts by calling the NFTTrader contract and creating a new "swap intent" (createSwapIntent).

Normally two lists are provided - a list of tokens that the swapper wants to give up, and a list of tokens to be received.

For this attack, the former list was empty. Image
The attacker also created the swap so that the receiver of the swap is also the attacker's address. Normally this value (addressTwo) should be the counter party (someone else).

The result is that both of the swap's parties are the same address - it's a self-swap. Image
The last important piece of info to note is that the swap includes an arbitrary NFT (a UniswapV3 LP position) alongside the actual stolen NFT.

This might seem random, but it's used to conduct the reentrancy exploit. This random NFT is always the first NFT in the swap.
After the swap intent is created, the attacker calls closeSwapIntent to initiate the transfer of assets.

The first asset to be swapped is the UniV3 NFT. The source and destination addresses of the transfer are both the attacker's address here. Image
safeTransferFrom is dangerous because it has a callback that's triggered after the transfer is done. This is what can lead to reentrancy attacks.

In our specific case, the safeTransferFrom is also called with data - this is where the victim's address is embedded. Image
The safeTransferFrom function is executed, which calls back into the attacker's contract with the victim's address.

The malicious contract then calls the NFTTrader contract's editCounterPart function. Image
Remember how the swap was originally a self-swap?

The attacker uses editCounterPart to change the counter party to the victim's address.

This is the first phase of the attack. The swap is now a swap between the attacker and the victim.
Now we go back to the original call context. The UniV3 NFT was just self-transferred, and the counter party (addressTwo) has been switched to the victim.

We then go to the next NFT to be transferred - the BAYC in this case.
Previously, the "from" value was the attacker's address. Now it's the victim's address.

The second critical part of the attack is that the victim had an old approval that allows the NFTTrader contract to transfer around the victim's BAYC NFTs. Image
That's what allows the safeTransfer to work. Had the user revoked approval to the NFTTrader contract, this attack could not have happened.

Unfortunately, the combo of reentrancy + old approvals led to NFTs being stolen.
The easiest way for this attack to have been prevented is if NFTTrader had a reentrancy guard on the editCounterPart function.

This would've prevented the malicious contract from changing the counter party during a swap.
The NFTTrader contract can be found here: .

The attacker's contract is here: .

I used and tenderly to trace through the exploit flow: .etherscan.deth.net/address/0x13d8…
etherscan.io/address/0xc446…
evm.storage
evm.storage/eth/0x1aaff86a…
In terms of action items - I would revoke all approvals to NFTTrader if you can.

Although if you could've been exploited, you definitely would've been exploited by now.
Looks like it's fixed now:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with cygaar

cygaar Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @0xCygaar

cygaar Profile picture
Dec 18
Inscriptions have taken down multiple chains and caused huge gas spikes over the last couple of days.

However, very few people actually understand what's going on.

Here's a simple explanation of inscriptions - how they work and why they're being spammed everywhere 🧵: Image
The concept of Inscriptions started with Bitcoin's Ordinals. Ordinals allow data to be inscribed directly on chain - this can be text, images, videos, etc.

This is the only way for BTC to add support for NFTs and other tokens since it doesn't support smart contracts. Image
People then realized that they could do the same thing on Ethereum (and other EVM-based chains).

Instead of inscribing data on individual SATs, EVM inscriptions inscribe data in transaction calldata.

But what is calldata?
Read 15 tweets
cygaar Profile picture
Nov 2
Celestia, one of the pioneers of the modular blockchain model, is now live with their mainnet.

Celestia's data availability layer has the ability to reduce costs and increase throughput for rollups by orders of magnitude.

Here's a high level overview of what Celestia is 🧵: Image
Data availability refers to a blockchain's ability to supply data that enables anyone to verify the chain's state.

For rollups, this data is posted to another source (Ethereum calldata, another chain, or a DAC), from which the rollup inherits several security properties.
These include the DA layer's censorship and re-org resistance. The more secure the DA layer is, the more secure the rollup is. The DA layer also determines the rollups final txn order.

If this is confusing to you, I did a beginner's intro to DA here: .
Read 13 tweets
cygaar Profile picture
Sep 19
One of the benefits of using a rollup is the 1-2 second transaction confirmation time.

But how are rollups able to do this? Blockchain voodoo magic or some false sense of security?

Explaining the lifecycle of a rollup transaction 🧵: Image
Before continuing, I recommend reading my intro guide to rollups here: , and my post on bridging into a rollup here: .

These posts will build up the basics of rollups for you.
From a user's point of view, using a rollup is very similar to using mainnet - the main difference is you have a different network (RPC) for the rollup.

However, when you go to submit a txn, you'll see that it takes 1-2 seconds instead of 12 seconds like mainnet.
Read 19 tweets
cygaar Profile picture
Sep 5
A lot of people don't know this, but over 90% of the blocks in Ethereum are built by MEV block builders.

Sounds scary, but you shouldn't be worried.

An explanation of why this happens, and how it keeps Ethereum decentralized🧵: Image
The mental model a lot of people have for an Ethereum txn looks like this:

user wallet -> full node -> public mempool -> validator -> consensus

However, the step between the public mempool and the validator is actually drastically different in most cases.
This is due to something called "proposer builder separation", or PBS.

PBS is important in preventing centralization at the validator level. Let's imagine a world where validators are both building blocks and proposing them to the rest of the network.
Read 17 tweets
cygaar Profile picture
Aug 31
I just deployed a smart contract in Rust 🦀.

No, that isn't a typo.

Arbitrum just launched Stylus, a project that allows developers to deploy more efficient smart contracts written in Rust, C, and C++.

A quick overview on how Stylus completely changes contract development 🧵: Image
Here's the official announcement: .

It's been a year since Arbitrum Nitro, which was v2 of their rollup technology. A year later, they've changed the game with Stylus.
Normally, smart contracts are written in Solidity, Vyper, or Huff because these languages have compilers that compile the human-readable code down to instructions that the Ethereum Virtual Machine (EVM) can read.

Languages like JS, Rust, and Go don't have EVM compilers.
Read 14 tweets
cygaar Profile picture
Aug 24
Here's what happens when you bridge funds to a rollup (and why you need to stare at your screen for minutes before the funds arrive) 🧵: Image
Previously I went over how rollups work: .

This is a good starting point if you still think a rollup is an artificially flavored fruit candy that 10 year olds eat at recess.
What's the point of bridging anyways?

Remember that rollups are just blockchains at their core. And in order to use a blockchain, you need some funds to pay for gas fees. Most Ethereum rollups will use ETH as the native gas token. You need to acquire ETH on the rollup somehow.
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(