tinchoabbate / damn-vulnerable-defi Goto Github PK

OpenZeppelin got rid of their ERC20Snapshot.sol contract in the v5.0.0 upgrades, so I am having trouble compiling challenge 5 The Rewarder with the AccountingToken.sol. I am using Foundry. Perhaps it is specific to Foundry.

I tried to place the missing dependencies into my v5.0.0 lib. The ERC20Snapshot.sol from v4.9.3, along with its missing dependency Counters.sol from v4.9.3. Arrays.sol is already in v5.0.0. But this did not work and I was getting errors regarding functions not being correct and stuff like that. I'm unsure how to contend with a missing OZ dependency. Would installing the entire v4.9.3 OZ library maybe work? Or another version? I would prefer not to if possible since I'm trying to house all the challenges in one repo.

See the 2 pictures for specific errors. The first picture says ERC20 was not found because AccountingToken.sol doesn't have ERC20 import. Therefore I tried importing ERC20 as well, but then it complained about the ERC20Snapshot functions.

*Edit: Challenge 6 Selfie and potentially any others that use DamnValuableTokenSnapshot.sol or ERC20Snapshot.sol dependency from Open Zeppelin will need a remedy?

I am updating all my solutions to the new v3 implementation (nice job by the way!). I am making my way through and am stuck on the new requirement of the puppet problem. Specifically the requirement for the entire solution to be solved in 1 transaction.

I think this was introduced due to this PR.

I am not sure if I am just dumb and can't work it out but as far as I can tell, at least 2 transactions are required and if you use a contract to do this all for you then you will need to transfer tokens to the contract as well as create the contract.

Maybe it will be better to change DEPOSIT_ADDRESS

to the correct checksummed address: const DEPOSIT_ADDRESS = '0x9B6fb606A9f5789444c17768c6dFCF2f83563801';?
Otherwise if (proxyAddress === DEPOSIT_ADDRESS) {...} doesn't work, because Solidity returns proxyAddress as a checksummed address.

Challenge 8 Puppet, Uniswap V1 ABI missing stateMutability fields error. Using Foundry.

In Puppet.t.sol:

function setUp() {
...
        uniswapV1Factory = UniswapV1Factory(deployCode("./build-uniswap-v1/UniswapV1Factory.json"));
        uniswapV1ExchangeTemplate = UniswapV1Exchange(deployCode("./build-uniswap-v1/UniswapV1Exchange.json"));
...
}

In root I have build-uniswap-v1 directory containing those two ABI's. deployCode can take in a string that returns an address.
function deployCode(string memory what) public returns (address);.

docs: https://book.getfoundry.sh/reference/forge-std/deployCode

Note: Foundry requires foundry.toml to include fs_permissions = [{ access = "read", path = "./" }] for read access.
Note: I tried other kinds of ABI and syntax for Foundry too:
https://www.ctfwriteup.com/web3-security-research/damn-vulnerable-defi/puppet
https://github.com/zach030/damnvulnerabledefi-foundry/tree/main

Is this a foundry issue or ABI issue atm? Or smth weird?

user@DESKTOP-L5QDJ01:~/projects/damn-vulnerable-defi-ctfs$ forge test --match-path test/Puppet.t.sol -vv
[⠔] Compiling...
[⠆] Compiling 1 files with 0.8.23
[⠰] Solc 0.8.23 finished in 1.65s
Compiler run successful with warnings:
Warning (9302): Return value of low-level calls not used.
  --> src/puppet/Attacker.sol:21:9:
   |
21 |         _uniswapPair.call(abi.encodeWithSignature(
   |         ^ (Relevant source part starts here and spans across multiple lines).

Warning (9302): Return value of low-level calls not used.
  --> src/puppet/Attacker.sol:33:9:
   |
33 |         _uniswapPair.call{value: 10 ether}(
   |         ^ (Relevant source part starts here and spans across multiple lines).

2023-11-23T03:06:32.399557Z ERROR forge::runner: setUp failed reason=missing field `stateMutability` at line 21 column 4 contract=0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496

Running 1 test for test/Puppet.t.sol:PuppetTest
[FAIL. Reason: setup failed: missing field `stateMutability` at line 21 column 4] setUp() (gas: 0)
Test result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 703.80µs
 
Ran 1 test suites: 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:
Encountered 1 failing test in test/Puppet.t.sol:PuppetTest
[FAIL. Reason: setup failed: missing field `stateMutability` at line 21 column 4] setUp() (gas: 0)

Encountered a total of 1 failing tests, 0 tests succeeded

It seems that like big part of the test file (free-rider.challenge.js) in free rider exercise is not used.
This code can be removed:

// Deploy WETH
weth = await (await ethers.getContractFactory('WETH', deployer)).deploy();

// Deploy token to be traded against WETH in Uniswap v2
token = await (await ethers.getContractFactory('DamnValuableToken', deployer)).deploy();

// Deploy Uniswap Factory and Router
uniswapFactory = await (new ethers.ContractFactory(factoryJson.abi, factoryJson.bytecode, deployer)).deploy(
    ethers.constants.AddressZero // _feeToSetter
);
uniswapRouter = await (new ethers.ContractFactory(routerJson.abi, routerJson.bytecode, deployer)).deploy(
    uniswapFactory.address,
    weth.address
);

// Approve tokens, and then create Uniswap v2 pair against WETH and add liquidity
// The function takes care of deploying the pair automatically
await token.approve(
    uniswapRouter.address,
    UNISWAP_INITIAL_TOKEN_RESERVE
);
await uniswapRouter.addLiquidityETH(
    token.address,                                              // token to be traded against WETH
    UNISWAP_INITIAL_TOKEN_RESERVE,                              // amountTokenDesired
    0,                                                          // amountTokenMin
    0,                                                          // amountETHMin
    deployer.address,                                           // to
    (await ethers.provider.getBlock('latest')).timestamp * 2,   // deadline
    { value: UNISWAP_INITIAL_WETH_RESERVE }
);

// Get a reference to the created Uniswap pair
uniswapPair = await (new ethers.ContractFactory(pairJson.abi, pairJson.bytecode, deployer)).attach(
    await uniswapFactory.getPair(token.address, weth.address)
);
expect(await uniswapPair.token0()).to.eq(weth.address);
expect(await uniswapPair.token1()).to.eq(token.address);
expect(await uniswapPair.balanceOf(deployer.address)).to.be.gt(0);

WETH and DVT are being deployed, then a Uniswap Factory and router and then we're adding liquidity to uniswap, even though the exercise has nothing to do with WETH, DVT, and Uniswap.

The exercise is about an NFT marketplace and the payments are in native ETH.

Hi,

I think in challenge #8 the first test condition

expect(await ethers.provider.getTransactionCount(player.address)).to.eq(1);

is not possible. The player needs to either approve spending or send their tokens for a contract before the actual exploit can be run (which then is consisting of multiple steps). So the minimum number of transactions the player can get away with is 2 here.