The Foom Heist Challenge is ON
Hack our Protocol and grab the $500,000 Prize.
Hey everyone,
We are Foom, and we’re working on a decentralized, anonymous lottery system that uses ZK-proofs. We think our code is solid, but we’d much rather have this community put it to the test than just take our word for it.
So, we’re backing it up with some real cash. We’ve got a live smart contract on the Base L2 network that holds about $500,000 in our $FOOM tokens.
The deal is straightforward: If you can exploit it and empty the contract, that cash is yours.
This isn’t just some theoretical bounty. It’s a legit, liquid prize you can verify.
The Prize & Liquidity
We know you’re probably wondering about the actual value of this prize. Let’s be upfront.
The Prize: Roughly $500,000 in $FOOM tokens.
Proof of Value: We’ve got a $5,000,000+ USD liquidity pool on Ethereum Mainnet. You can check the pool’s status yourself on DEXTools.
Cashing Out: The $FOOM token can be fully bridged from Base to Mainnet. It’s easy: Hack the contract on Base, bridge the tokens to ETH, and swap them out.
Rules of Engagement
THE ONLY RULE IS THE CODE.
No sign-ups, no KYC, no unnecessary red tape. If you can take the funds with your code, you’re a winner. We do ask that you share a post-mortem about how you did it after you grab the prize.
Technical Details & Resources
Everything you need is out there. Do your research.
Official Challenge Page: foom.cash/hack
Target Contract (Basescan): Source Code (GitHub): github.com/Terrestrials/foomlottery
Proof of Liquidity (DEXTools): check it out.
Hack Our Smart Contract and Claim a $500,000 Prize | The Foom Heist
5 replies 458 views
Hi, I did it. Where could I send the report?
BTW, I'd like to thank DK27ss! This is an excellent analysis: https://github.com/DK27ss/FoomClub-1.6M-PoC . I dont think any further explanation is needed, as its already clear.
You are two newbie accounts and haophd seemingly resolved the heist Do you have the address to which you sent the funds, haophd?
Hi henry_of_skalitz,
The funds have been swapped to ETH and are currently held at this address: https://etherscan.io/address/haophd.eth.
People still believe this was a malicious exploit on social medias, so I hope there will be a correction to help protect the protocols reputation
can you transfer 1 ETH from it to somewhere?