https://github.com/0xchin/goldenticket-poc

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/0xchin/goldenticket-poc
Owner: 0xChin
Created: 2023-01-14T17:12:23.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-01-16T13:57:22.000Z (over 2 years ago)
Last Synced: 2025-01-09T15:46:20.769Z (5 months ago)
Language: TypeScript
Size: 635 KB
Stars: 0
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # EOA Pseudorandomness exploit PoC

### Table of contents

- [About the project](#about-the-project)

- [Installation and usage](#installation-and-usage)

### About the project

This is a Proof of Concept of how a smart contract that relies on pseudorandom data such as block hash and block timestamp can be exploited. Although this is a [known vulnerability](https://solidity-by-example.org/hacks/randomness/), in this example, instead of exploiting it from a smart contract, it is exploited directly by an EOA using [Flashbots](https://docs.flashbots.net/flashbots-auction/searchers/quick-start).

### Installation and usage

##### .env

```bash

cp .env.example .env

```

 Fill your `.env` with:

- `GOERLI_RPC_URL`: A node endpoint, you can get it from [Chainlist](https://chainlist.org/)

- `PRIVATE_KEY`: The private key that will deploy + attack the contract

##### Test it

```bash

npx hardhat run scripts/exploit.ts

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/0xchin/goldenticket-poc

Awesome Lists containing this project

README