https://github.com/nomoixyz/universal-router-vuln-poc

https://github.com/nomoixyz/universal-router-vuln-poc

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/nomoixyz/universal-router-vuln-poc
• Owner: nomoixyz
• Created: 2023-02-13T23:43:18.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-03-31T18:38:10.000Z (over 2 years ago)
• Last Synced: 2025-01-23T22:16:09.294Z (6 months ago)
• Language: Solidity
• Size: 8.79 KB
• Stars: 12
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# PoC

The PoC code can be found in [`./test/Hack.t.sol`](./test/Hack.t.sol).

### Setup

```

$ forge install

```

Create an `.env` file with your Alchemy API key:

```

ALCHEMY_API_KEY=

```

### Running the tests

```

$ forge test --via-ir -vv

```

Output:

```

[PASS] testHack() (gas: 7593896)

Logs:

  Creating BAD / USDC pool

  Initial price is 1000 USDC per BAD token

  Victim wants to swap 0.01 BAD for at most 11 USDC

  Attacker frontruns and increases the price of BAD

  Price before swap (in USDC) 999

  ATTACKER SWAPS...

  Price after swap (in USDC) 990249

  Victim's USDC balance before swap 1000000

  VICTIM SWAPS...

  Victim's USDC balance after swap 8268

```