Table of contents:
Join the team on Slack at: https://slack.empirehacking.nyc/ #ethereum
- Clone the repo:
git clone https://github.com/crytic/damn-vulnerable-defi-echidna
- Install the dependencies by running
The challenge is described here: https://www.damnvulnerabledefi.xyz/challenges/2.html. It is assumed that the reader is familiar with the challenge.
- Set up the testing environment with the correct contracts and necessary balances.
- Analyze the "before" function in test/naive-receiver/naive-receiver.challenge.js to identify the required initial setup.
- Add a property to check if the balance of the
FlashLoanReceivercontract can change.
- Create a
config.yamlwith the necessary configuration option(s).
- Once Echidna finds the bug, fix the issue and re-test your property with Echidna.
The following contracts are relevant:
It is recommended to first attempt without reading the hints. The hints can be found in the
- Remember that you might need to supply the test contract with Ether. Read more in the Echidna wiki and check the default config setup.
- The invariant to look for is that "the balance of the receiver contract cannot decrease."
- Learn about the allContracts optio.
- A template is provided in contracts/naive-receiver/NaiveReceiverEchidna.sol.
- A config file is provided in naivereceiver.yaml.
The solution can be found in the
Solution Explained (spoilers ahead)
The goal of the naive receiver challenge is to realize that any user can request a flash loan for
FlashLoanReceiver, even if the user has no Ether.
Echidna discovers this by calling
NaiveReceiverLenderPool.flashLoan() with the address of
FlashLoanReceiver and any arbitrary amount.
See the example output from Echidna below:
echidna . --contract NaiveReceiverEchidna --config naivereceiver.yaml ... echidna_test_contract_balance: failed!💥 Call sequence: flashLoan(0x62d69f6867a0a084c6d313943dc22023bc263691,353073667) ...