Oddbean new post about | logout
 why people put their bitcoin into this hell machine will never make sense to me https://i.nostr.build/0jPZ9.jpg  
 you had me at hell machine 
 I don't know why people would do it. Mental illness! Ahem defi. 
 greed 
 Wth is tx poisoning? 
 A way to have 68m worth of bitcoin stored on eth stolen from you apparently 
 It’s what happens when you don’t stack sats. 
 ...or stay humble 
 A nice donation for all of us.  
 If @semisol is right it was stolen rather than lost
nostr:nevent1qqsgm8asw7e4p34hnvczyhrxu6l8npww78xsgq5dlfhwkr532dd3epcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygzjkjs8d09mhhp6rth6xu6czm8hfxfmrwxmyq4srjyrck9707kch5psgqqqqqqs50awdd 
 Why? Someone else has it. 
 MuH yIeLd! MYyyyy YyyyIEeeeeeLD! Gaaahh...😵 
 https://image.nostr.build/51ae03c9d1a3ccf413d9ad28380792f9bb88b64fcfb4b16fa03763f1b6f07027.png
  
This is what i dug up about poisoned transactions: 

Transaction poisoning refers to an attack on the Ethereum network where a malicious actor manipulates data within a transaction to cause unintended consequences. This can include altering the recipient address or changing the value of the transaction, effectively stealing funds or causing other disruptions. 

Let's consider a vulnerable smart contract that uses an unsafe method for transferring funds:
pragma solidity ^0.6.0;

contract VulnerableContract {
    function sendEth(address payable recipient) public {
        // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
        recipient.transfer(msg.value);
    }
}

In this example, the 'sendEth' function of the 'VulnerableContract' is susceptible to a transaction poisoning attack. If an attacker were to modify the recipient address and send a poisoned transaction with a large amount, the contract would unknowingly transfer funds to the wrong address, leaving users like you at risk of losing their funds.


Here's an example of how an attacker could exploit the vulnerable 'sendEth' function in our previous example:
pragma solidity ^0.6.0; // Exploit Code
contract ExploitContract { 
    address public hacker; // Store the hacker's address as a public variable
    
    constructor() public {
        hacker = 0xabcdef123; // Set the hacker's address to the contract when it's deployed
    }
    
    function sendEth(address payable recipient) public {
         // Unsafe method: directly sending Ether without validating the recipient's balance or safeTransfer logic
        recipient.transfer(msg.value); 
        // Poisoned transaction with modified recipient and amount
        ExploitContract(hacker).sendEth(0xfakeaddress456); 
    }
}
In this example, an attacker could deploy their own contract (ExploitContract) and pass it as a parameter when deploying the vulnerable 'VulnerableContract'. By doing so, the hacker can manipulate the 'sendEth' function within the 'VulnerableContract', effectively stealing funds from legitimate users. 

am not a solidity guy but this is what I found on quick dig 
 tldr: FAFO 😂 
 yah, kinda seems that way. 
 Nice post thanks for digging this up ! 
 oh look. rotating blades. I think I’ll stick my tongue in it. 
 Don't worry it's ETH maybe the transaction could be reversed  
 'smart contracts' ladies and gentlemen 
 This makes me happy, beyond words! 🧡 
 Can happen on BTC main chain also. Be careful with copy and paste. Check the entire address before hitting send on any substantial transactions. If you receive anonymous small transactions from anybody, check the address and delete from your transactions list. 
 Well deserved tbh
Play stupid games win stupid prize. 
 “If at first you don’t succeed, fork fork again.” - Vitalik maybe 
 I dont understand. What do you mean? 
 maybe you have a bad day today. 

but imagine losing $68M due "transaction poisoning"  🥴  
 Best decision I've made since being involved with BTC was dumping me ETH and going into BTC  
 Hell machine as in WBTC?

And I’ve never heard of address poisoning. I assume it’s when you trick end user to send to non BTC address? 
 Putting btc into wbtc is extremely careless to begin with, this is applicable to bitcoin as well but this is why we stress over not complicating things and HWWs that can check this for you. 
 Are you suggesting BTC only HWW are resilient to such methods? 
 To be fair tho. I didn’t realize how hellish it was until i started understanding the primitives; the underlying tech. I can see how newbies talk themselves into this hell fuck. 
 Aren’t the fundamentals of transaction poisoning applicable to btc? 
 nostr:nevent1qqsvltjv7f688qhztpsvucmc36ykdc6r435pykw4ud7xgxz0qf99qqgpz3mhxue69uhkummnw3ezummcw3ezuer9wcq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7qghwaehxw309ahx7um5wghxvmt59emkj73wvf5h5qgcwaen5te0d4hkucty9e4xydf49e3k7mf68qcrsvqjkh905 
 oops 😬 
 Wait what? What is more convenient than picking a new address from your wallet?

Oh that's right, ACCOUNTS, there are no new addresses, so you just copy paste from whereever you want because its all the same man.

🙈 
 This can and will happen with Bitcoin 
 This can and will happen with Bitcoin 
 These fucking idiots 
 wow thats pretty smart 
 Although any decent hww will tell you if you’re sending it to your own or someone else’s address. Who tf would not check a tx that large. 
 Wow. Is this illegal tho? It obv is ethically wrong, but would a judge consider it stealing?