Inverse Finance Exploit

This repo reproduces the oracle manipulation attack happened to Inverse Finance on June 16, 2022.

Transaction detail: https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

Installation and Setup

1. Install Node.js & yarn, if you haven't already.

2. Clone This Repo

Run the following command.

git clone https://github.com/yuichiroaoki/inverse-finance-exploit.git

Demo

1. Setup Environment Variables

You'll need an ALCHEMY_MAINNET_RPC_URL environment variable. You can get one from Alchemy website for free.

Then, you can create a .env file with the following.

ALCHEMY_MAINNET_RPC_URL='<your-own-alchemy-mainnet-rpc-url>'

2. Install Dependencies

Run the following command.

yarn install

3. Compile Smart Contracts

Run the following command.

yarn compile

4. Simulate the Attack on the Ethereum Mainnet Fork

Run the following command.

yarn attack

Expected Outputs

$ yarn attack
latest answer 979943357748941122174
latest answer 2831510989152831182521
Earned:  53.24504921 WBTC
Earned:  99976.294967 USDC
Transaction Fee:  0.08769064026344821 ETH

References

https://blocksecteam.medium.com/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91

https://tools.blocksec.com/tx/eth/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

https://twitter.com/peckshield/status/1537382891230883841

Rooutt/inverse-finance-exploit

Inverse Finance Exploit

Installation and Setup

1. Install Node.js & yarn, if you haven't already.

2. Clone This Repo

Demo

1. Setup Environment Variables

2. Install Dependencies

3. Compile Smart Contracts

4. Simulate the Attack on the Ethereum Mainnet Fork

References