A simple template to perform whitehacks safely in a single tx, leveraging Foundry and Flashbots.
Provided AS-IS as educational content only, disclaim any liability for using it.
Whitehacks are hard and should be execute by professionals. If you are unsure reach-out ETHSecurity tg channel. Reach-out anyway.
This repo offers a guide to prepare them.
They must be executed in 1 shot and privately, hence one single transaction and the private mempool by Flashbots.
You prepare, you test in a fork, you don't change, you execute.
- Fork the repo
- Install Foundry
- Edit Whitehack.sol
- Adapt Whitehack.s.sol
- Unset
$ETH_RPC_URL
unset $ETH_RPC_URL
- Check no RPC port open on your computer, if so kill the processes
netstat -an | grep LISTEN | grep 8545
- Run Anvil fork with
anvil --fork-url https://eth.llamarpc.com
- Impersonate your account
0xYOUR_WALLET_ADDRESS
cast rpc \
anvil_impersonateAccount "0xYOUR_WALLET_ADDRESS" \
--rpc-url "http://localhost:8545"
- Run the script
forge script \
script/Whitehack.s.sol:WhitehackScript \
--rpc-url "http://localhost:8545" \
--sender "0xYOUR_WALLET_ADDRESS" \
-vvv \
--broadcast
Do not change your script and contract after the test
forge script \
script/Whitehack.s.sol:WhitehackScript \
--rpc-url "https://rpc.flashbots.net?hint=hash" \
--sender "0xYOUR_WALLET_ADDRESS" \
--interactives 1 \
-vvv \
--broadcast
The rpc url is set for Full Privacy on Flashbots