forked from OpenZeppelin/damn-vulnerable-defi
/
climber.challenge.js
63 lines (52 loc) · 2.56 KB
/
climber.challenge.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
const { ethers, upgrades } = require('hardhat');
const { expect } = require('chai');
describe('[Challenge] Climber', function () {
let deployer, proposer, sweeper, attacker;
// Vault starts with 10 million tokens
const VAULT_TOKEN_BALANCE = ethers.utils.parseEther('10000000');
before(async function () {
/** SETUP SCENARIO - NO NEED TO CHANGE ANYTHING HERE */
[deployer, proposer, sweeper, attacker] = await ethers.getSigners();
await ethers.provider.send("hardhat_setBalance", [
attacker.address,
"0x16345785d8a0000", // 0.1 ETH
]);
expect(
await ethers.provider.getBalance(attacker.address)
).to.equal(ethers.utils.parseEther('0.1'));
// Deploy the vault behind a proxy using the UUPS pattern,
// passing the necessary addresses for the `ClimberVault::initialize(address,address,address)` function
this.vault = await upgrades.deployProxy(
await ethers.getContractFactory('ClimberVault', deployer),
[ deployer.address, proposer.address, sweeper.address ],
{ kind: 'uups' }
);
expect(await this.vault.getSweeper()).to.eq(sweeper.address);
expect(await this.vault.getLastWithdrawalTimestamp()).to.be.gt('0');
expect(await this.vault.owner()).to.not.eq(ethers.constants.AddressZero);
expect(await this.vault.owner()).to.not.eq(deployer.address);
// Instantiate timelock
let timelockAddress = await this.vault.owner();
this.timelock = await (
await ethers.getContractFactory('ClimberTimelock', deployer)
).attach(timelockAddress);
// Ensure timelock roles are correctly initialized
expect(
await this.timelock.hasRole(await this.timelock.PROPOSER_ROLE(), proposer.address)
).to.be.true;
expect(
await this.timelock.hasRole(await this.timelock.ADMIN_ROLE(), deployer.address)
).to.be.true;
// Deploy token and transfer initial token balance to the vault
this.token = await (await ethers.getContractFactory('DamnValuableToken', deployer)).deploy();
await this.token.transfer(this.vault.address, VAULT_TOKEN_BALANCE);
});
it('Exploit', async function () {
/** CODE YOUR EXPLOIT HERE */
});
after(async function () {
/** SUCCESS CONDITIONS */
expect(await this.token.balanceOf(this.vault.address)).to.eq('0');
expect(await this.token.balanceOf(attacker.address)).to.eq(VAULT_TOKEN_BALANCE);
});
});