개발 코어 강화 일지

문제 Selfie A new cool lending pool has launched! It’s now offering flash loans of DVT tokens. It even includes a fancy governance mechanism to control it. What could go wrong, right ? You start with no DVT tokens in balance, and the pool has 1.5 million. Your goal www.damnvulnerabledefi.xyz 취약점 렌딩 풀이 가지고 있는 거버넌스 토큰을 탈취해야 합니다. 우선 렌딩 풀부터 살펴봅시다. 이번 렌딩 풀의 특이사항은 거버넌스 컨트랙트와 상호작용한다는 것입니다. 거버넌스 컨트랙트에서 dr..

문제 The Rewarder There’s a pool offering rewards in tokens every 5 days for those who deposit their DVT tokens into it. Alice, Bob, Charlie and David have already deposited some DVT tokens, and have won their rewards! You don’t have any DVT tokens. But in the upcoming www.damnvulnerabledefi.xyz 취약점 TheRewardPool의 deposit 함수가 호출되면 amountToDeposit 만큼의 지분 토큰을 msg.sender에게 민팅하고 distributeRewards 함수를 ..

1. 문제 The Ethernaut The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players. ethernaut.openzeppelin.com Nowadays, paying for DeFi operations is impossible, fact. A group of friends discovered how to slightly decrease the cost..

1. 문제 The Ethernaut The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players. ethernaut.openzeppelin.com This level features a `CryptoVault` with special functionality, the `sweepToken` function. This is a common function used..

1. 문제 The EthernautThe Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players.ethernaut.openzeppelin.comEthernaut's motorbike has a brand new upgradeable engine design.Would you be able to selfdestruct its engine and make the mo..

Truster 문제 Truster More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free. The pool holds 1 million DVT tokens. You have nothing. To pass this challenge, take all tokens out of the pool. www.damnvulnerabledefi.xyz 취약점 파라미터로 받은 target 주소로 data와 함께 call 함수를 호출합니다. 어떤 주소의 어떤 함수든 호출할 수 있으므로 함수 실행의 결과가 예측이 어렵습니다...

안녕하세요, piatoss입니다. Ethernaut도 거의 다 풀었고 하니, 새로운 워게임을 시작해보려고 합니다. 이름하야 'Damn Vunerable DeFi'. 직역하면 'ㅈ나 취약한 DeFi'쯤 되겠네요. DeFi 컨트랙트의 취약점을 공격해 보고 '이런 식으로 코드를 짜면 안 되겠구나!' 하는 교훈을 얻는 게임입니다. 그런데 문제가 있습니다. 이 게임의 경우는 시나리오에 맞게 자바스크립트 테스트 코드를 작성해야 합니다. 이게 왜 문제냐고요? 제가 자바스크립트 알레르기가 있어서 그렇습니다. 자바스크립트만 보면 의욕이 뚝뚝 떨어지더라고요. 그래서 대체재가 없나 찾아보다가 foundry를 사용해 개정해 놓은 버전을 찾았습니다. 저는 이걸 사용해서 문제를 풀어보도록 하겠습니다. GitHub - piatos..

1. 문제 The Ethernaut The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players. ethernaut.openzeppelin.com To solve this level, you only need to provide the Ethernaut with a Solver, a contract that responds to whatIsTheMeaningOf..

1. 문제 The Ethernaut The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players. ethernaut.openzeppelin.com Just have to flip the switch. Can't be that hard, right? Things that might help: Understanding how CALLDATA is encoded. /..

1. 문제 The Ethernaut The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players. ethernaut.openzeppelin.com Cope with gates and become an entrant. Things that might help: - Recall return values of low-level functions. - Be attent..