1. Unstoppable
https://www.damnvulnerabledefi.xyz/challenges/unstoppable/
Objective
Vault is offering flash loans for free. To pass the challenge, make the vault stop offering flash loans.
Approach
First we examine the flashloan function.

poolBalance
a state variable tracking internal balances of the vault contract; it is updated when users deposit tokens via depositTokens()
.
function depositTokens(uint256 amount) external nonReentrant {
if (amount == 0) revert MustDepositOneTokenMinimum();
// Transfer token from sender. Sender must have first approved them.
damnValuableToken.transferFrom(msg.sender, address(this), amount);
poolBalance = poolBalance + amount;
}
However, users can transfer DVT tokens directly to the lending contract without calling depositTokens
. If that is done, poolBalance != balanceBefore
, this will trigger revert on AssertionViolated()
and jam the flashloan function.
Exploit

Last updated