Very soon there are going to be more AI agents than humans making transactions.
They can’t open a bank account, but they can own a crypto wallet. Think about it.
4. User B deposits 100 tokens and receives 100 / 101 ≈ 0.99 shares.
5. User A withdraws their 1 share and receives ≈101 tokens, extracting most of User B’s deposit.
Vault Inflation Attack (Share Price Manipulation):
The value per share is artificially inflated by directly transferring tokens to the vault without minting new shares.
Steps:
Steps:
1. User A deposits 1 token into the vault and receives 1 share.
2. User A donates 100 tokens directly to the vault using token.transfer(address(vault), 100) (no shares are minted).
3. The vault now holds 101 tokens with only 1 share, so the share price becomes 101 tokens per share.
🧵 Read-Only Reentrancy Attack (Exploit Walkthrough)
This repo demonstrates a read-only reentrancy attack using a stETH–ETH Curve pool and a vulnerable reward contract, based on learnings from the Hack Solidity playlist by Smart Contract Programmer.
🎯 Result
Reward calculation uses an artificially high LP price
Attacker receives excess rewards
No storage corruption, no balance drain
Just bad assumptions.
SLOAD reads contract storage from the transaction’s state view
SSTORE writes only to transaction-local state not the world state
If the transaction succeeds, changes are committed in the block
If it reverts, everything is discarded
Consensus happens at block level, not per opcode
Today I learned about the zero code size contract from the Hack Solidity playlist.
What I understood:
1. Some contracts try to restrict function calls so that only EOAs can call them, not other contracts.
4. This check can be bypassed by calling the target contract from a constructor in the same transaction (deploy + call).
constructor(address _addr) {
target = ITarget(_addr);
target.pwn();
}