generated from PaulRBerg/hardhat-template
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathbackdoor.challenge.ts
60 lines (47 loc) · 2.35 KB
/
backdoor.challenge.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
const { ethers } = require("hardhat");
const { expect } = require("chai");
describe("[Challenge] Backdoor", function () {
let deployer, users, attacker, alice, bob, charlie, david;
const AMOUNT_TOKENS_DISTRIBUTED = ethers.utils.parseEther("40");
before(async function () {
/** SETUP SCENARIO - NO NEED TO CHANGE ANYTHING HERE */
[deployer, alice, bob, charlie, david, attacker] = await ethers.getSigners();
users = [alice.address, bob.address, charlie.address, david.address];
// Deploy Gnosis Safe master copy and factory contracts
this.masterCopy = await (await ethers.getContractFactory("GnosisSafe", deployer)).deploy();
this.walletFactory = await (await ethers.getContractFactory("GnosisSafeProxyFactory", deployer)).deploy();
this.token = await (await ethers.getContractFactory("DamnValuableToken", deployer)).deploy();
// Deploy the registry
this.walletRegistry = await (
await ethers.getContractFactory("WalletRegistry", deployer)
).deploy(this.masterCopy.address, this.walletFactory.address, this.token.address, users);
// Users are registered as beneficiaries
for (let i = 0; i < users.length; i++) {
expect(await this.walletRegistry.beneficiaries(users[i])).to.be.true;
}
// Transfer tokens to be distributed to the registry
await this.token.transfer(this.walletRegistry.address, AMOUNT_TOKENS_DISTRIBUTED);
});
it("Exploit", async function () {
/** CODE YOUR EXPLOIT HERE */
const attackerContract = await (
await ethers.getContractFactory("BackdoorAttacker", attacker)
).deploy(this.token.address);
const tx = await attackerContract
.connect(attacker)
.attack(this.walletFactory.address, this.masterCopy.address, this.walletRegistry.address, users);
await tx.wait();
});
after(async function () {
/** SUCCESS CONDITIONS */
for (let i = 0; i < users.length; i++) {
let wallet = await this.walletRegistry.wallets(users[i]);
// User must have registered a wallet
expect(wallet).to.not.eq(ethers.constants.AddressZero, "User did not register a wallet");
// User is no longer registered as a beneficiary
expect(await this.walletRegistry.beneficiaries(users[i])).to.be.false;
}
// Attacker must have taken all tokens
expect(await this.token.balanceOf(attacker.address)).to.eq(AMOUNT_TOKENS_DISTRIBUTED);
});
});