Skip to content

Instantly share code, notes, and snippets.

@vyorkin

vyorkin/TheRewarderDiagram.md

Last active August 17, 2022 09:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save vyorkin/89b3d301e49990041a933068034fc7e6 to your computer and use it in GitHub Desktop.
Save vyorkin/89b3d301e49990041a933068034fc7e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
TheRewarderDiagram.md 
sequenceDiagram
    actor A as Attacker
    participant E as Exploit
    participant F as FlashLoaner
    participant R as TheRewarder
    participant rTKN
    participant DVT
    participant RWT
    Note left of E: wait 5 days for the next round
    A->>E: new(theRewarder, flashLoaner)
    activate E
    A->>E: run()
    E->>DVT: balanceOf(address(flashLoaner))
    DVT-->>E: 1000000 DVT's
    E->>F: flashLoan(1000000)
    F->>DVT: transfer(address(exploit), 1000000)
    F->>E: receiveFlashLoan(1000000)
    E->>DVT: approve(address(rewarder), 1000000)
    E->>R: deposit(1000000)
    R->>rTKN: mint(address(exploit), 1000000)
    Note right of R: mint 100000 rTKN to Exploit
    R->>R: distributeRewards()
    R->>R: _recordSnapshot()
    Note right of R: rewards = (amountDeposited * 100 * 10**18) / totalDeposits
    R->>RWT: mint(address(exploit), 99+)
    Note right of R: mint 100000 RWT to Exploit
    E->>R: withdraw(1000000)
    E->>DVT: transfer(address(flashLoaner), 1000000)
    E->>RWT: balanceOf(address(this))
    RWT-->>E: 99+ RWT's
    E->>RWT: transfer(owner, 99+)
    deactivate E
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment