naive question: is this all possible because there is no real server side valida... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		snickmy on May 5, 2023 \| parent \| context \| favorite \| on: Heisting $20M of Magic: The Gathering Cards in a S... naive question: is this all possible because there is no real server side validation of the entire transaction ? This seems a very basic architectural overlook, or am I missing something ?

nurettin on May 5, 2023 | [–]

Second try gets stopped by the server side validation. Third try was to overflow the integer, for which there was no check on the client or the server side.

seritools on May 5, 2023 | [–]

You missed that they engineered the request so that the validation on the server side also overflows in the same way, thereby passing validation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact