⚔️Stopping the Unstoppable Vault

The learning process will be more beneficial for you if you will avoid the hints.

However, if you are frustrated, open these by order of frustration:

Hint 1

The intended issue resides within the UnstoppableVault::flashLoan function.

Read the whole code, including documentation of functions and inner workings, until you properly understand the function.

Hint 2

Try to scrape clues from the success condition on the challenge's prepared test:

after(async function () {

    // It is no longer possible to execute flash loans
    await expect(
        receiverContract.executeFlashLoan(100n * 10n ** 18n)

The test expects the contract to be reverted upon call, what logic triggers the revert method under the UnstoppableVault::flashLoan function?

Although that in a real scenario the tests might not be as indicative of the flaws, they do provide an insight towards the contract developer's mindset.

Hint 3

The goal is to try to transfer funds to the contract directly, affecting the bad-practice balance check it does when calling UnstoppableVault::flashLoan.

You can see in the tests that these too lines are ready for you:

token = await(await ethers.getContractFactory('DamnValuableToken', deployer)).deploy();
vault = await(await ethers.getContractFactory('UnstoppableVault', deployer)).deploy(
    deployer.address, // owner
    deployer.address // fee recipient

You need to interact with the token contract through the token variable, and use ERC20 standard to transfer funds directly to the UnstoppableVault contract, accessible through the vault variable.

Last updated