Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yuichiroaoki/inverse-finance-exploit

Oracle Manipulation Attack on Inverse Finance
https://github.com/yuichiroaoki/inverse-finance-exploit

aave blockchain ethereum ethersjs hardhat solidity typescript

Last synced: about 1 month ago
JSON representation

Oracle Manipulation Attack on Inverse Finance

Host: GitHub
URL: https://github.com/yuichiroaoki/inverse-finance-exploit
Owner: yuichiroaoki
License: mit
Created: 2022-08-10T02:52:20.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-08-12T07:49:39.000Z (over 2 years ago)
Last Synced: 2023-03-03T22:44:14.479Z (over 1 year ago)
Topics: aave, blockchain, ethereum, ethersjs, hardhat, solidity, typescript
Language: Solidity
Homepage: https://medium.com/coinmonks/how-the-oracle-manipulation-attack-happened-to-inverse-finance-cb95e5343034
Size: 973 KB
Stars: 7
Watchers: 1
Forks: 3
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Inverse Finance Exploit

This repo reproduces the oracle manipulation attack happened to Inverse Finance on June 16, 2022.

Transaction detail: https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

## Installation and Setup

### 1. Install [Node.js](https://nodejs.org/en/) & [yarn](https://classic.yarnpkg.com/en/docs/install/#windows-stable), if you haven't already.

### 2. Clone This Repo

Run the following command.

```console
git clone https://github.com/yuichiroaoki/inverse-finance-exploit.git
```

## Demo

### 1. Setup Environment Variables

You'll need an ALCHEMY_MAINNET_RPC_URL environment variable. You can get one from [Alchemy website](https://alchemy.com/?r=33851811-6ecf-40c3-a36d-d0452dda8634) for free.

Then, you can create a .env file with the following.

```
ALCHEMY_MAINNET_RPC_URL=''
```

### 2. Install Dependencies

Run the following command.

```console
yarn install
```

### 3. Compile Smart Contracts

Run the following command.

```console
yarn compile
```

### 4. Simulate the Attack on the Ethereum Mainnet Fork

Run the following command.

```console
yarn attack
```

Expected Outputs

```
$ yarn attack
latest answer 979943357748941122174
latest answer 2831510989152831182521
Earned: 53.24504921 WBTC
Earned: 99976.294967 USDC
Transaction Fee: 0.08769064026344821 ETH
```

## References

https://blocksecteam.medium.com/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91

https://tools.blocksec.com/tx/eth/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

https://twitter.com/peckshield/status/1537382891230883841