Overview#
Damn Vulnerable DeFi is a CTF game for learning Ethereum DeFi smart contract security.
The game covers various DeFi scenarios, including flash loans, price oracles, governance, non-fungible tokens (NFTs), decentralized exchanges (DEXs), lending pools, smart contract wallets, time locks, etc.
This CTF-like game is very suitable for beginners to learn solidity/ethers.js development.
Challenge description website: https://www.damnvulnerabledefi.xyz/
Challenge source code address: https://github.com/tinchoabbate/damn-vulnerable-defi
Unstoppable#
Challenge description:
There’s a tokenized vault with a million DVT tokens deposited. It’s offering flash loans for free, until the grace period ends.
To pass the challenge, make the vault stop offering flash loans.
You start with 10 DVT tokens in balance.
Analysis#
From the given description, we know that our goal is to disrupt the contract and make the flash loan service of the contract stop.
With this goal in mind, let's take a look at how the contract implements flash loans.
One strange condition that can be observed is this line:
if (convertToShares(totalSupply) != balanceBefore) revert InvalidBalance(); // enforce ERC4626 requirement
It can be observed that the variable balanceBefore is the ERC20 token balance of the address
Instead of the TotalSupply controlled by mint burn in the ERC20 standard.
Therefore, attacking this contract only requires adding a line of transfer token code to make totalSupply != balanceBefore, thereby stopping the flash loan.
Solution#
it('Execution', async function () {
await token.connect(player).transfer(vault.address, 1);
});
Complete solution address: https://github.com/fenghaojiang/damn-vulnerable-defi/tree/master/test/unstoppable