Everyday I’ve get a ton of people ask where to go to learn more about solidity, and I love pointing people who are a little more advanced over to Ethernaut, since it shows a lot of the security issues with solidity as well.
One thing I didn’t see were some levels related to defi and security. So I made an Ethernaut level showing how price manipulation can be done on a dex to steal a token.
I was hoping to get some feedback on it and would love to be an addition to the repo. Looking forward to feedback!
First of all thank you for creating this level. I learned a lot from Ethernaut and I’m happy to see that this project is still active.
Secondly, I think difficulty of DEX should be increased. I spend few hours on it and still have no idea how to hack it haha
Is flash loan needed to solve this level or there just are something in the contract itself that I’m missing?
@PatrickAlphaC, What do you think about my proposed "evil token attack" for the Dex level?
I still like the idea of adding: require((from == token1 && to == token2) || (from == token2 && to == token1 )
to Dex.swap and having a separate level without that check.
Hi Patrick!
On both of the DEX levels I get a metamask freeze while trying to do the contract.approve. Metamask just gets stuck with the loading wheel and nothing happens, it won't let me confirm the operation. I really want to complete the level, I think it's awesome
Could you please look into it?
Well, if anyone encounters the same problem, there is an easy workaround - just calling the SwappableToken.approve(...) function individually on each token works. I think this might be a gas estimation error, so there are probably more solutions to this