pull down to refresh

10 sats \ 2 replies \ @random_ 31 Jan \ parent \ on: BOUNTY: HACK ME! Steal sats from the Bitcoin Mastermind Quiz (If You Can 💀) bitdevs
Good catch! Never trust the client.
write
preview
10 sats \ 1 reply \ @Scroogey 31 Jan
The getBolt11 function also has an exploitable flaw:
It asks the external (!) Bolt11 server for parameters related to the user-provided address, and honors minSendable in a funny way:
$minAmount = $lnurlDetails->minSendable; $payAmount = ($amount * 1000 > $minAmount) ? $amount * 1000 : $minAmount;
An attacker can use an address that leads to an attacker-controlled Bolt11 resolver, which returns an absurdly high minimum. The logic above will then use that (instead of the amount due)!
reply
0 sats \ 0 replies \ @random_ 31 Jan
That's brutal.
reply