Share
## https://sploitus.com/exploit?id=C5008E5F-0CED-5466-8F32-AFEE5F4A0D8B
Markdown

https://dev.to/rdin777/starknet-btc-staking-how-to-extract-rewards-with-zero-collateral-and-why-the-team-ignored-it-fo

# Starknet BTC Staking - Critical Vulnerability PoC ๐Ÿ›ก๏ธ

## Executive Summary
Technical analysis and Proof-of-Concept (PoC) for a **Critical Logic Bypass** in the BTC Staking Attestation module. This vulnerability allows for reward extraction without actual BTC collateral.

> **Status:** Unpatched / Public Disclosure due to lack of technical engagement from the team.

---

## ๐Ÿšจ The Vulnerability: Ghost Staking
The root cause is an insecure reliance on `get_block_hash_syscall` within `Attestation.cairo`. Since block hashes are public, any network participant can forge attestation data.

**Impact:**
* **Reward Theft:** Attackers can siphon up to 25% of rewards with zero BTC collateral.
* **Economic Manipulation:** Manipulation of the `MintingCurve` inflation metrics.

---

## ๐Ÿ› ๏ธ Proof of Concept (PoC)
The vulnerability is verified through local simulation using `snforge` and `exploit.js`.

### 1. Cairo Integration Test
Demonstrates reward allocation to an empty staker address.
```bash
cd ghost_staking_audit
snforge test tests/test_ghost_stake.cairo
2. External Exploit Script
Simulates the attestation forgery logic.

Bash
node scripts/exploit.js
๐Ÿ“… Disclosure Timeline
March 21, 2026: Submitted report to the team. Dismissed as "AI slop".

March 22-24, 2026: Requested technical review; offered private PoC access. No response.

March 24, 2026: Public disclosure to protect user funds and ecosystem integrity.

Researcher: rdin777