Skip to content

Latest commit

 

History

History
72 lines (47 loc) · 2.95 KB

File metadata and controls

72 lines (47 loc) · 2.95 KB

Exercise 5

Table of contents:

Join the team on Slack at: https://slack.empirehacking.nyc/ #ethereum

Setup

  1. Clone the repo: git clone https://github.com/crytic/damn-vulnerable-defi-echidna
  2. Install the dependencies by running yarn install.

Context

The challenge is described here: https://www.damnvulnerabledefi.xyz/challenges/2.html. It is assumed that the reader is familiar with the challenge.

Goals

  • Set up the testing environment with the correct contracts and necessary balances.
  • Analyze the "before" function in test/naive-receiver/naive-receiver.challenge.js to identify the required initial setup.
  • Add a property to check if the balance of the FlashLoanReceiver contract can change.
  • Create a config.yaml with the necessary configuration option(s).
  • Once Echidna finds the bug, fix the issue and re-test your property with Echidna.

The following contracts are relevant:

  • contracts/naive-receiver/FlashLoanReceiver.sol
  • contracts/naive-receiver/NaiveReceiverLenderPool.sol

Hints

It is recommended to first attempt without reading the hints. The hints can be found in the hints branch.

Solution

The solution can be found in the solutions branch.

Solution Explained (spoilers ahead)

The goal of the naive receiver challenge is to realize that any user can request a flash loan for FlashLoanReceiver, even if the user has no Ether.

Echidna discovers this by calling NaiveReceiverLenderPool.flashLoan() with the address of FlashLoanReceiver and any arbitrary amount.

See the example output from Echidna below:

echidna . --contract NaiveReceiverEchidna --config naivereceiver.yaml
...

echidna_test_contract_balance: failed!💥
  Call sequence:
    flashLoan(0x62d69f6867a0a084c6d313943dc22023bc263691,353073667)

...