Skip to content

whitenois3/schnoodle

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Unhacked Challenge :: Schnoodle

ci license solidity

08/29/2022

Schnoodle?

schnoodle is a dao on ethereum mainnet, governed by the SNOOD token.

After running smoothly for its first ~year, on 6/18, the ETH-SNOOD uniswap pair was drained for over 100 ETH.

Review the code in this repo, find the exploit, and recover > 100 ETH.

(hint: the issue is in the token implementation, so focus on src/SchnoodleV9.sol and src/imports/SchnoodleV9Base.sol. no need to look at the other files)

How to play

  1. Fork this repo and clone it locally.

  2. Create an .env file with an environment variable for ETH_RPC_URL (or add the rpc url directly into the test file).

  3. Review the code in the src/ folder, which contains all the code at the time of the hack. you can explore the state of the contract before the hack using block 14983600. ex: cast call --rpc-url $ETH_RPC_URL --block 14983600 0xd45740ab9ec920bedbd9bab2e863519e59731941 "getFarmingFund()"

  4. When you find an exploit, code it up in SchnoodleHack.t.sol. run the test with forge test -vvv. the test will pass if you succeed.

  5. Post on twitter for bragging rights and tag @unhackedctf. no cheating.

Breaking Down The Exploit

// TODO

Source: src/SchnoodleV9.sol. Created using carbon.now.sh

Shilling @unhacked

For new weekly challenges and solutions, subscribe to the unhacked newsletter.

About

Unhacked CTF Schnoodle Challenge

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Solidity 100.0%