Title: A silly "smart" contract bug
Date: 2024-02-16 13:30

I was idling on a [friend](https://github.com/stypr)'s Discord server,
when he posted a small snippet of code, taken from a [smart contract](https://app.sentio.xyz/tx/1/0x4b9de8c56c8919e8598181449a3cc02df40435eb641eaec08ecce12d2342237f/contracts)
apparently swapping [WETH](https://academy.binance.com/en/articles/what-is-wrapped-ether-weth-and-how-to-wrap-it) to [MINER](https://miner.build/), but who cares, what's 
interesting here is the bug, can you spot it?

```solidity
function _update(address from, address to, uint256 value, bool mint) internal virtual {
        uint256 fromBalance = _balances[from];
        uint256 toBalance = _balances[to];
        if (fromBalance < value) {
            revert ERC20InsufficientBalance(from, fromBalance, value);
        }

        unchecked {
            // Overflow not possible: value <= fromBalance <= totalSupply.
            _balances[from] = fromBalance - value;

            // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
            _balances[to] = toBalance + value;
        }
```

As a hint, look at [this transaction]( https://app.sentio.xyz/tx/1/0x4b9de8c56c8919e8598181449a3cc02df40435eb641eaec08ecce12d2342237f ).
Isn't it a cute bugdoor?

The snippet is taken from [this tweet](https://twitter.com/shoucccc/status/1757777764646859121),
giving the issue away. Thanks to [Jinseo Kim](https://github.com/kjsman) for holding my hand
understanding what was going on there.