Skip to content

emilianobonassi/curve-whitehack-example

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Curve Whitehack example 30/07/2023

Based on Whitehacks Kit, adapted from SunWeb3Sec (thanks!)

Disclaimer

Provided AS-IS as educational content only, disclaim any liability for using it.

Usage

Whitehacks are hard and should be execute by professionals. If you are unsure reach-out ETHSecurity tg channel. Reach-out anyway.

This repo offers a guide to prepare them.

They must be executed in 1 shot and privately, hence one single transaction and the private mempool by Flashbots.

You prepare, you test in a fork, you don't change, you execute.

Setup

  1. Fork the repo
  2. Install Foundry
  3. Edit Whitehack.sol
  4. Adapt Whitehack.s.sol

Preparation

  1. Unset $RPC_URL
unset $RPC_URL
  1. Check no RPC port open on your computer, if so kill the processes
netstat -an | grep LISTEN | grep 8545

Test

  1. Run Anvil fork with
anvil --fork-url https://eth.llamarpc.com --fork-block-number 17806055
  1. Impersonate your account 0xYOUR_WALLET_ADDRESS
cast rpc \
    anvil_impersonateAccount "0xYOUR_WALLET_ADDRESS" \
    --rpc-url "http://localhost:8545"
  1. Run the script
forge script \
  script/Whitehack.s.sol:WhitehackScript \
  --rpc-url "http://localhost:8545" \
  --sender "0xYOUR_WALLET_ADDRESS" \
  -vvv \
  --broadcast

About

Example of the whitehack for Curve exploit 30/07/23

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published