Exploiting DOS Vulnerability in Smart Contracts

Here we are using Damn Vulnerable DeFi is an Ethereum smart contract wargame developed by @tinchoabbate from OpenZeppelin for Testing Purpose.

challenge 1

Prerequisite:

Smart Contracts and How it works ?

Understanding the code written in Solidity

https://learnxinyminutes.com/docs/solidity/

Smart contract Deployment and Testing

What are FlashLoans? 🙄

Understand DOS vulnerability in Smart Contract

Exploiting DOS Vulnerability in Smart Contract:

After reading given challenge #1, we understood that we have to stop the functionality of offering flash loans Simply, the challenge is to DOS the contract.

Step 1 :

First, we have to review the contract source code:

Pool’s Contract

How can we stop the Pool from Offering flash loans? 🤔

The function flashloan() includes an assert which requires variables poolBalance to be equal to balanceBefore.

assert(poolBalance==balanceBefore);

The BalanceBefore variable Keeps track of DVT (Damn Vulnerable Token) token balance and the code attempts to ensure that the poolBalance and the damnVulnerableToken balance is the same, indicating that the balance is matched 1:1 with user deposits.

If we were to get above (Line no:36 ) to fall out of sync, then we would successfully cause this contract to stop the pool from offering flash loans

Again the new question comes to mind :P

Is there any way to change the pool’s token balance without calling DepositTokens() function?

Yes !! by transferring a token directly to the pool we can increase the balance of PoolBalance Variable , we can cause the revert to fail, which is enough to stop the pool from offering flash loans

Reference :

Thanks for reading :)

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018