Install dependencies and run the challenge to verify it works:
yarninstallyarntruster
A correct output at this part would be:
[Challenge] Truster✔Execution1) "after all" hook for"Execution"1passing (2s)1failing1) [Challenge] Truster"after all"hookfor"Execution": AssertionError: expected 0 to equal 1000000000000000000000000. The numerical values of the given "ethers.BigNumber" and "bigint" inputs were compared, and they differed.
+expected-actual-0+1000000000000000000000000
Understanding the challenge objective
In our truster.challenge.js we can inspect the conditions to complete the challenge:
after(asyncfunction () {/** SUCCESS CONDITIONS - NO NEED TO CHANGE ANYTHING HERE */// Player has taken all tokens from the poolexpect(awaittoken.balanceOf(player.address) ).to.equal(TOKENS_IN_POOL);expect(awaittoken.balanceOf(pool.address) ).to.equal(0);});
At least the objective is simple on this one - steal all the tokens from the Truster Lender Pool.
Fake Product Landing Page / Info
In a proper audit, rather than a challenge, you'd have some marketing data / protocol RFC / whitepapers to research about before diving into the code.
Imagine the following as public information found about the solution.
Most Trusted Lending Pool in DeFi! 💫
💫 Explore the pinnacle of DeFi lending with TrusterLenderPool!
Our Ethereum-based lending pool redefines secure and efficient borrowing, with 1 million DVT tokens !!
Where else will you find an innovative fee-free borrowing solution??
You were called for a quick scoped audit on the NaiveReceiver protocol.
In the scoping call, the client had described the product is especially reliant on these token contracts standards:
The client mentioned that since the pool contains 1 million tokens, they are the most afraid from an attacker being able to steal the money from the pool.
Please review the code and let us know if you discover any risks!