Damn Vulnerable DeFi Challenge #4 Solution — Side entrance

Challenge #4 — Side entrance

The attacker end goal

The endgoal of this challenge is to leverage the free (no fee) flashloans to drain the pool.

Study the contracts


Solution code

First we need to create a new Contract because as you can see, only a contract can execute and receive the flash loans.

  • Execute the flashloan
  • Receive the funds implementing a receive function
  • Deposit all the borrowed ETH into lending pool via the deposit function
  • Repay back 0 ETH to the Lending Pool
  • Withdraw all the deposited ETH from the Lending Pool
  • Send to the attacker account the withdrawn ETH


All Solidity code, practices and patterns in this repository are DAMN VULNERABLE and for educational purposes only.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


#web3 dev + auditor | @SpearbitDAO security researcher, @yAcademyDAO resident auditor, @developer_dao #459, @TheSecureum bootcamp-0, @code4rena warden