Welcome to the second challenge in our banking series! The bank developers fixed the critical withdrawal vulnerability you exploited in the previous level. But is the bank secure now?
Only the oversight from the previous level was fixed.
The bank supports a nice feature: anyone can deposit funds into anyone else's account. This sounds harmless and useful, right?
But wait... how exactly does such a transaction look like? Is this process validated properly? Play around with the construction of this transaction.
You start with no bank account while another user already has an account with funds deposited. Your goal is to gain control of their funds and withdraw them by using a slightly modified deposit to their account.
- Examine the validators to understand how deposits work when updating other accounts.
- Copy
scripts/player_template.tstoscripts/player.ts. - Implement your exploit in the interaction section of
player.ts. - Run your solution with
yarn task:bank01from the project root.
Good luck!