This is a demo to replay the ApeCoin airdrop exploit happened on Mar-17-2022.
The target tx is https://etherscan.io/tx/0xeb8c3bebed11e2e4fcd30cbfc2fb3c55c4ca166003c7f7d319e78eaab9747098/advanced
npm install
npx hardhat run scripts/execute.jsNFTX is a nft marketplace that allow user to trade NFT fractionally with a dedicated ERC20 token. The protocol also support flash loan which is also the main result to make this exploit possible
- exploiter transfer 1 of his own BAYC to the contract
- exploiter flashloan 5.2 bayc token from a NFTX Vault. (it is 5.2 because redeeming a BAYC nft require extra fee which make it 1.04 bayc token for 1 BAYC nft)
- exploiter redeem 5 BAYC NFT with 5.2 bayc token
- exploiter claim 60564 ApeCoin with 6 BAYC
- exploiter mint 5.4 bayc token with 6 BAYC (it is 5.4 because there is 10% minting fee which make it 0.9 bayc token minted per BAYC nft)
- exploiter return the 5.2 flashloan amount and swap the remaining 0.2 bayc token to 14.15 ETH
The exploit final gain will be 60564 ApeCoin + 14.15 ETH - the cost of his own BAYC NFT - gas fee
This codebase is for demonstration purposes only