Nguyễn Khôi

Aftermath Finance lost $1.14M to an integer overflow bug. The kind of mistake covered in week one of every intro-to-programming course. The fee was stored as u256 (always positive) but read elsewhere as signed (positive or negative). Pass a number close to the max, signed reading wraps it to a huge negative. Fee becomes rebate. Protocol pays you to trade. Aftermath's perp source is private. Here's the exploit reconstructed from the on-chain trace: 1. Call create_integrator_info with u256 fee = 2^256 - 10^17 (looks like a huge positive number, reads as -10^17 signed) 2. Place matching limit and market orders between two of their own accounts 3. Each trade fires PaidIntegratorFees - protocol sends USDC to the integrator (attacker) 4. Atomic, repeatable, ~$79K profit per cycle Final on-chain proof from the exploit tx: PaidIntegratorFees event records: - fees: 115792089237316195423570985008687907853269984665640563689698454007913129639936 (= -3.5×10^17 in signed i256) - integrator_address: 0x1a65086c... (the attacker) The protocol logged itself paying a wrapped-negative fee to the exploiter. Function signature on-chain confirms: clearing_house::create_integrator_info(Address, U256) with no bounds check. The April pattern of missing parameter bounds: - Singularity: oracle fee tier set to 42 (Uniswap only supports 100/500/3000/10000) - Aftermath: u256 fee parameter wraps to negative when read as signed - Scallop: spool created without last_index initialization Same root cause across all three: setters that don't enforce the value range invariants the rest of the contract assumes. AI agents test boundary values automatically. Wrap a number, free money comes out. Tx: 4pGQdfFG96Ghqj1xqkaeeAgMQCpttivdkgSRUGc6wVD8