/whitehacks-kit

A simple template to perform whitehacks safely

Primary LanguageSolidity

Whitehacks Kit

A simple template to perform whitehacks safely in a single tx, leveraging Foundry and Flashbots.

Disclaimer

Provided AS-IS as educational content only, disclaim any liability for using it.

Usage

Whitehacks are hard and should be execute by professionals. If you are unsure reach-out ETHSecurity tg channel. Reach-out anyway.

This repo offers a guide to prepare them.

They must be executed in 1 shot and privately, hence one single transaction and the private mempool by Flashbots.

You prepare, you test in a fork, you don't change, you execute.

Setup

  1. Fork the repo
  2. Install Foundry
  3. Edit Whitehack.sol
  4. Adapt Whitehack.s.sol

Preparation

  1. Unset $ETH_RPC_URL
unset $ETH_RPC_URL
  1. Check no RPC port open on your computer, if so kill the processes
netstat -an | grep LISTEN | grep 8545

Test

  1. Run Anvil fork with
anvil --fork-url https://eth.llamarpc.com
  1. Impersonate your account 0xYOUR_WALLET_ADDRESS
cast rpc \
    anvil_impersonateAccount "0xYOUR_WALLET_ADDRESS" \
    --rpc-url "http://localhost:8545"
  1. Run the script
forge script \
  script/Whitehack.s.sol:WhitehackScript \
  --rpc-url "http://localhost:8545" \
  --sender "0xYOUR_WALLET_ADDRESS" \
  -vvv \
  --broadcast

Run

Do not change your script and contract after the test

forge script \
  script/Whitehack.s.sol:WhitehackScript \
  --rpc-url "https://rpc.flashbots.net?hint=hash" \
  --sender "0xYOUR_WALLET_ADDRESS" \
  --interactives 1 \
  -vvv \
  --broadcast

The rpc url is set for Full Privacy on Flashbots

Examples