DEX pricing level in Ethernaut

Hi all!

I’m Patrick, and I work on the Chainlink project.

Everyday I’ve get a ton of people ask where to go to learn more about solidity, and I love pointing people who are a little more advanced over to Ethernaut, since it shows a lot of the security issues with solidity as well.

One thing I didn’t see were some levels related to defi and security. So I made an Ethernaut level showing how price manipulation can be done on a dex to steal a token.

I was hoping to get some feedback on it and would love to be an addition to the repo. Looking forward to feedback!

4 Likes

Hi @PatrickAlphaC,

Welcome to the community :wave:

Thanks for proposing a new Ethernaut level. Hopefully we can get some people in the community to review the PR and provide feedback.

Hello!

First of all thank you for creating this level. I learned a lot from Ethernaut and I’m happy to see that this project is still active.

Secondly, I think difficulty of DEX should be increased. I spend few hours on it and still have no idea how to hack it haha
Is flash loan needed to solve this level or there just are something in the contract itself that I’m missing?

You think it should be harder? Or easier?

In my opinion it's harder than 3/10. But can't tell how much harder, because I still didn't hack it.

1 Like

See what happens when you do a few swaps back and forth.

@PatrickAlphaC, What do you think about my proposed "evil token attack" for the Dex level?

I still like the idea of adding:
require((from == token1 && to == token2) || (from == token2 && to == token1 )
to Dex.swap and having a separate level without that check.

1 Like

This looks like a nice PR!