⚔️Stopping the Unstoppable Vault
The learning process will be more beneficial for you if you will avoid the hints.
However, if you are frustrated, open these by order of frustration:
Hint 1
The intended issue resides within the UnstoppableVault::flashLoan
function.
Read the whole code, including documentation of functions and inner workings, until you properly understand the function.
Hint 2
Try to scrape clues from the success condition on the challenge's prepared test:
after(async function () {
/** SUCCESS CONDITIONS - NO NEED TO CHANGE ANYTHING HERE */
// It is no longer possible to execute flash loans
await expect(
receiverContract.executeFlashLoan(100n * 10n ** 18n)
).to.be.reverted;
});
The test expects the contract to be reverted upon call, what logic triggers the revert
method under the UnstoppableVault::flashLoan
function?
Although that in a real scenario the tests might not be as indicative of the flaws, they do provide an insight towards the contract developer's mindset.
Hint 3
The goal is to try to transfer funds to the contract directly, affecting the bad-practice balance check it does when calling UnstoppableVault::flashLoan
.
You can see in the tests that these too lines are ready for you:
token = await(await ethers.getContractFactory('DamnValuableToken', deployer)).deploy();
vault = await(await ethers.getContractFactory('UnstoppableVault', deployer)).deploy(
token.address,
deployer.address, // owner
deployer.address // fee recipient
);
You need to interact with the token contract through the token
variable, and use ERC20 standard to transfer funds directly to the UnstoppableVault
contract, accessible through the vault
variable.
Last updated