Skip to content

fifikobayashi/EMN-Exploit-study

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
build/contracts
build/contracts
 
 
contracts
contracts
 
 
migrations
migrations
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
truffle-config.js
truffle-config.js
 
 

Repository files navigation

EMN-Exploit-study

For purely educational purposes, I've put together what I think was in the smart contract that drained $15M out of $EMN. The swap rates are a bit skewered on testnet which kills the arb exploit but the flash loan sequence is the same.

Great explanation of the $EMN exploit here

Note: All my stuff is unaudited. You should always assume there's malicious code in here until proven otherwise. Don't test this in prod.

Project setup

  1. Clone this repo
git clone https://github.com/fifikobayashi/EMN-Exploit-study
  1. Install dependencies
npm i --save @uniswap/v2-core
npm i --save @uniswap/v2-periphery
npm install dotenv
npm install --save truffle-hdwallet-provider
  1. Setup your .env with your PKs and end points to match truffle-config.js
  2. Setup your .gitignore to hide your .env (Important)
  3. Adjust truffle-config.js to point to your desired environment for deployment

Contract setup

  1. Deploy /contracts/BondingCurve.sol manually
  2. Adjust the BondingCurve and IERC20 DAI addresses in /contracts/EminenceCurrencyEMN.sol
BondingCurve constant public CURVE = BondingCurve(0x8a8709cfB1b00D88F9F61eaa4a5e3aDC118E5Fc4);
...
IERC20 constant public DAI = IERC20(0xc7AD46e0b8a400Bb3C915120d284AafbA8fc4735);
  1. Deploy /contracts/EminenceCurrencyEMN.sol manually
  2. Adjust the BondingCurve and EMN token addresses in /contracts/EminenceCurrencyEaave.sol
BondingCurve constant public CURVE = BondingCurve(0x8a8709cfB1b00D88F9F61eaa4a5e3aDC118E5Fc4);
...
EminenceCurrencyEaave constant public EMN = EminenceCurrencyEaave(0xbf17593c6B3Bf351cb8C33be6e753aF8eD41Fe01);
  1. Deploy /contracts/EminenceCurrencyEaave.sol manually

Exploit setup

  1. Adjust the execute() function in /contracts/EmnExploitStudy.sol to reference the deployed EMN and eAAVE contracts
// change the two addresses below with your own deployed EMN and eAAVE contracts
address EmnAddress = address(0xbf17593c6B3Bf351cb8C33be6e753aF8eD41Fe01);
address eAaveAddress = address(0xf9325bD4B7249fA70ce37fa8d80426a27675a49e);
  1. Compile and deploy /contracts/EmnExploitStudy.sol via this truffle project
truffle migrate --network rinkeby --skipDryRun
  1. Send some Rinkeby DAI to this the EmnExploitStudy contract you just deployed to cover UniswapV2's 0.3% flash swap fee.

Execute exploit

  1. Jump on console and execute:
truffle console --network rinkeby

EmnExploitStudy.deployed().then(function(instance){return instance.flashSwap()});

Rugpull

  1. Pull all tokens from contract to you.
EmnExploitStudy.deployed().then(function(instance){return instance.rugPull()});

Result

Successful execution on Rinkeby testnet



If you found this useful and would like to send me some gas money:

0xef03254aBC88C81Cb822b5E4DCDf22D55645bCe6

Thanks, @fifikobayashi.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

51 stars

Watchers

4 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages