TEAL Audit

I discovered and disclosed a vulnerability in the Updog and FAME DAO contracts. Then I hacked them. This story is not boring. Background: The DAOs Updog offered a fully featured DAO platform. In a nutshell: Each DAO instance has a governance token that can be staked and withdrawn. The DAO contracts could control assets and ALGO. Payments of both types could be executed trustlessly after a proposal passed with enough votes. Voting power is proportional to the staked amount of governance tokens in the DAO. ...

I discovered and disclosed a vulnerability in the Hone NFT shuffle contracts. They responded well. This story is almost boring. The backstory I was curious about the mechanics of the Hone NFT shuffle, as it utilizes VRF, in which I have a keen interest. Reading TEAL is a bit like reading assembly, but with enough determination and a bit of practice you can figure out what a contract is doing. Occasionally you can also spot a combination of transactions or parameters that breaks the assumptions of the contract developer. The dopamine rush from finding and verifying a vulnerability in a smart contract is probably equivalent to snorting 1,000 ground-up sudoku puzzles. ...