Exploiting DOS Vulnerability in Smart Contracts
Here we are using Damn Vulnerable DeFi is an Ethereum smart contract wargame developed by @tinchoabbate from OpenZeppelin for Testing Purpose.
Prerequisite:
Smart Contracts and How it works ?
Understanding the code written in Solidity
https://learnxinyminutes.com/docs/solidity/
Smart contract Deployment and Testing
Understand DOS vulnerability in Smart Contract
Exploiting DOS Vulnerability in Smart Contract:
After reading given challenge #1, we understood that we have to stop the functionality of offering flash loans Simply, the challenge is to DOS the contract.
Step 1 :
First, we have to review the contract source code:
How can we stop the Pool from Offering flash loans? 🤔
The function flashloan() includes an assert which requires variables poolBalance to be equal to balanceBefore.
assert(poolBalance==balanceBefore);
The BalanceBefore variable Keeps track of DVT (Damn Vulnerable Token) token balance and the code attempts to ensure that the poolBalance and the damnVulnerableToken balance is the same, indicating that the balance is matched 1:1 with user deposits.
If we were to get above (Line no:36 ) to fall out of sync, then we would successfully cause this contract to stop the pool from offering flash loans
Again the new question comes to mind :P
Is there any way to change the pool’s token balance without calling DepositTokens() function?
Yes !! by transferring a token directly to the pool we can increase the balance of PoolBalance Variable , we can cause the revert to fail, which is enough to stop the pool from offering flash loans
Reference :
Thanks for reading :)
