What is Oasys?

The bugs sometimes hide in interesting places. Hybrid attacks are very interesting things, where projects rely on on-chain data that may be actually modified.

This is a bug which made me to dive deep into Solidity code. It was accepted and I even got paid, but waaay lower than I expected - I honestly considered it as a critical. However, it was marked as out of scope, as it was partially related to deployment configuration, not source code itself.

2 bugs are covered within this article. I reported high (as I considered) bug last December, but project told they already fixed several things, including this issue, after another bug report, and their actual addresses are handling all of cases properly.