I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in August

Hours worked on side-projects in August

I worked 68 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in July

Hours worked on side-projects in July

I worked 106 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

  • I…

I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in June

Hours worked on side-projects in June

I worked 101 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

  • I participated in all C4…

I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in May

Hours worked on side-projects in May

I worked 102 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

  • I participated in all C4 contests again. Results for some of the old ones are in and I’m glad to…


On May 19th 2021, PancakeBunny was exploited by an attacker abusing a wrong PancakeSwap LP price computation in Bunny’s PriceCalculatorBSCV1 contract to mint 6.97M BUNNY tokens which were then exchanged for a profit of 114,631 WBNB (~30M USD).

PancakeBunny is a yield aggregator accepting a variety of tokens, among them LP tokens from PancakeSwap. Stakers need to pay a 30% performance fee on the profits when withdrawing/claiming. However, they also receive BUNNY tokens in return — for every 1 BNB in fees collected, 3 BUNNY is rewarded to the depositor.

There’s an official post mortem but it lacks depth making…


The vaults.sx contract on EOS mainnet has been exploited through a re-entrancy attack. 1,180,142.5653 EOS (~13M USD) and 461,796.8968 USDT were stolen making this the biggest hack on EOS.

Vaults.sx is a yield aggregator where users can deposit EOS or USDT in return for interest-bearing SXEOS/SXUSDT tokens. The deposited tokens are then available in the flash.sx contract for flashloans and aggregate fees. Finally, SX tokens can be redeemed for a pro-rata share of the underlying funds + aggregated fees again.

To understand the attack one first needs to understand the execution order of notifications (require_recipient) and normal inline actions (send_inline).


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in April

Hours worked on side-projects in April

I worked 55 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

You should be…


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in March

Hours worked on side-projects in March

I worked 71 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

Mostly client work, but I also did some bug…


In this part of the Replaying Ethereum Hacks series, we will look at a vulnerability that is common among yield aggregators. Many of these protocols disclose a function to automatically convert the profits to a different token by trading on a decentralized exchange like Uniswap. This in and of itself already opens the protocol up to a potential sandwich attack. The profitability of such an attack can be dramatically improved if the attacker can force the protocol to trade in an illiquid pool.

A recent example of such an arbitrage attack could be observed in BadgerDAO’s DIGG <> WBTC Sushiswap…


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

Productive Hours in February

Hours worked on side-projects in February

I worked 104 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

Christoph Michel

Full Stack Software Engineer #javascript #EOS. Into Recreational Math / CS 🤯 Just message me about anything, my mind is open.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store