More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.

Currently the pool has 1 million DVT tokens in balance. And you have nothing.

But don't worry, you might be able to take them all from the pool. In a single transaction.

TrusterLenderPool.sol

IERC20 public immutable damnValuableToken

• IERC20 standard damnValuableToken used globally in this challenge is used for contract address management.

constructor(address tokenAddress)

• It has the token contract initialization process and instance allocation criteria.

function flashLoan(uint256 borrowAmount, address borrower, address target, byte calldata data) external nonReentrant

• This is the part responsible for the main logic of this contract. Let’s analyze the logic.

• The local variable balanceBefore receives the balance information of this contract by using the balance method of the damnValuableToken contract.

✅ The balanceBefore value must be greater than or equal to the borrowAmount value, and it must be greater than the value you want to borrow from the entire pool.

• Using the transfer method of the dammValuableToken contract, the parameter borrower is transferred as much as the borroAmount value.

• If the first condition is passed, you can ask for a quote that unconditionally transfer is possible.

• You can proceed with functionCall based on the parameter target address value and call it by passing bytes calldata data value as a parameter.

• After that, the logic proceeds to finalize the flash loan logic.

The vulnerability in this contract is that external users can construct and call any function they desire. If an attacker were to steal the balance information of the target contract, or if the attack vector used is capable of performing a service-level attack such as a DOS attack, it would be a very serious situation.

When executing the target.functionCall(data) line in the current code and manipulating each parameter to a desired value, it is possible to call a specific function and set its parameters. However, since the balance must remain unchanged before and after the function call, it is not possible to use this method to steal the balance value.

An attacker could construct a payload and use the functionCall function inside the vulnerable flashLoan function to steal the balance value of the corresponding token pool. In order to transfer tokens forcibly, the destination address must be approved before the transfer can take place, which is done through the ERC20 approve method. However, this can be easily bypassed by calling approve using functionCall, allowing the attacker to steal all funds in the pool by calling the transferFrom function.

Thank you for the @tinchoabbate that made a good wargame.

https://www.damnvulnerabledefi.xyz/

More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.

Currently the pool has 1 million DVT tokens in balance. And you have nothing.

But don't worry, you might be able to take them all from the pool. In a single transaction.

TrusterLenderPool.sol

IERC20 public immutable damnValuableToken

• IERC20 standard damnValuableToken used globally in this challenge is used for contract address management.

constructor(address tokenAddress)

• It has the token contract initialization process and instance allocation criteria.

function flashLoan(uint256 borrowAmount, address borrower, address target, byte calldata data) external nonReentrant

• This is the part responsible for the main logic of this contract. Let’s analyze the logic.

• The local variable balanceBefore receives the balance information of this contract by using the balance method of the damnValuableToken contract.

✅ The balanceBefore value must be greater than or equal to the borrowAmount value, and it must be greater than the value you want to borrow from the entire pool.

• Using the transfer method of the dammValuableToken contract, the parameter borrower is transferred as much as the borroAmount value.

• If the first condition is passed, you can ask for a quote that unconditionally transfer is possible.

• You can proceed with functionCall based on the parameter target address value and call it by passing bytes calldata data value as a parameter.

• After that, the logic proceeds to finalize the flash loan logic.

The vulnerability in this contract is that external users can construct and call any function they desire. If an attacker were to steal the balance information of the target contract, or if the attack vector used is capable of performing a service-level attack such as a DOS attack, it would be a very serious situation.

When executing the target.functionCall(data) line in the current code and manipulating each parameter to a desired value, it is possible to call a specific function and set its parameters. However, since the balance must remain unchanged before and after the function call, it is not possible to use this method to steal the balance value.

An attacker could construct a payload and use the functionCall function inside the vulnerable flashLoan function to steal the balance value of the corresponding token pool. In order to transfer tokens forcibly, the destination address must be approved before the transfer can take place, which is done through the ERC20 approve method. However, this can be easily bypassed by calling approve using functionCall, allowing the attacker to steal all funds in the pool by calling the transferFrom function.

Thank you for the @tinchoabbate that made a good wargame.

https://www.damnvulnerabledefi.xyz/