08/29/2022
schnoodle is a dao on ethereum mainnet, governed by the SNOOD token.
After running smoothly for its first ~year, on 6/18, the ETH-SNOOD uniswap pair was drained for over 100 ETH.
- token (proxy): 0xd45740ab9ec920bedbd9bab2e863519e59731941
- token (implementation): 0xeac2a259f3ebb8fd1097aeccaa62e73b6e43d5bf
- uniswap pair 0x0f6b0960d2569f505126341085ed7f0342b67dae
Review the code in this repo, find the exploit, and recover > 100 ETH.
(hint: the issue is in the token implementation, so focus on src/SchnoodleV9.sol
and src/imports/SchnoodleV9Base.sol
. no need to look at the other files)
-
Fork this repo and clone it locally.
-
Create an .env file with an environment variable for ETH_RPC_URL (or add the rpc url directly into the test file).
-
Review the code in the
src/
folder, which contains all the code at the time of the hack. you can explore the state of the contract before the hack using block 14983600. ex:cast call --rpc-url $ETH_RPC_URL --block 14983600 0xd45740ab9ec920bedbd9bab2e863519e59731941 "getFarmingFund()"
-
When you find an exploit, code it up in
SchnoodleHack.t.sol
. run the test withforge test -vvv
. the test will pass if you succeed. -
Post on twitter for bragging rights and tag @unhackedctf. no cheating.
// TODO
Source:
src/SchnoodleV9.sol
. Created using carbon.now.sh
For new weekly challenges and solutions, subscribe to the unhacked newsletter.