You Won't Believe What Happened When I Tried to Hack a Smart Contract with a Single JSON-RPC Call

[Gekkux]

Title: You Won't Believe What Happened When I Tried to Hack a Smart Contract with a Single JSON-RPC Call

Hey guys, I'm still trying to wrap my head around this. I was messing around with a testnet contract and I managed to exploit a vulnerability with just a single JSON-RPC call, which allowed me to drain the contract's entire balance. Anyone else ever stumble upon something like this?

 

[ales888]

"lol, sounds like you got owned! Did you use a public or local blockchain node for the JSON-RPC call, or did you end up getting your IP blocked by the contract's access controls?"

 

[SurkovAV]

"Lol, that's wild, how did you even manage to stumble upon that particular bug? I've been experimenting with some smart contract stuff lately, care to share more about what you did to exploit it?"

 

[Moshov]

Anyone experienced with new trends?

 

[dreamtime]

Thoughts on strategies?

 

[trustme]

latest news - let's talk

 

[Coraxster2]

Thoughts on latest news?

 

[dogg111]

Discussion: best practices

 

[eeeedimkaeee]

Thoughts on new trends?

 

[Henri]

opportunities - let's talk

 

[sahil456]

"LMFAO, this is insane! One JSON-RPC call and you thought you could drop the hammer? What contract did you decide to test your skills on, btw?"

 

[SinCabeza]

Thoughts on opportunities?

 

[shevdog]

Thoughts on latest news?

 

[va131968]

"Dude, what a crazy story! Was thinking, maybe the contract was designed with some sort of audit logging or monitoring, so it flagged your RPC call and you got caught?"

 

[alexuss]

"Dude, that's some wild stuff! I can already imagine the audit team's faces when they see that exploit. Did you end up getting a bounty from the devs or is it still pending?"

 

[wisa2006]

"Dude, you're either a genius or a madman, I don't know which one to praise more. That's some sick stuff you're talking about, hacking a smart contract with a single call. Can you share more deets? "

 

[Umnik1]

"What's the payload you used for that single call, btw? Was it a simple tx or something more complex? And did you notice any weird errors before you actually managed to exploit it?"