You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran the following command. ityfuzz evm -t 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1,0x55d398326f99059fF775485246999027B3197955,0x17269a3CACB6eA16FE5137eC3ccBde00A6A97668 -f -c bsc -d erc20 --onchain-etherscan-api-key <API_KEY>
And got the following result.
😊😊 Found vulnerabilities!
================ Description ================
[Fund Loss]: Anyone can earn 8.254 ETH by interacting with the provided contracts
================ Trace ================
[Sender] 0xe1A425f1AC34A8a441566f93c82dD730639c8510
└─[1] 0x17269a3CACB6eA16FE5137eC3ccBde00A6A97668.sync()
[Sender] 0x68Dd4F5AC792eAaa5e36f4f4e0474E0625dc9024
├─[1] Router.swapExactETHForTokens{value: 18.4467 ether}(0, path:(WETH → 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1), address(this), block.timestamp);
└─[1] 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1.transfer(0x68Dd4F5AC792eAaa5e36f4f4e0474E0625dc9024, 0)
However, when I try to reproduce the exploit with foundry forge (with enough initial funds), the transaction does not yield the promised profit. In fact, it does not yield any profit. In addition, the contracts involved do not seem to have enough tokens to yield 8.254ETH.
According to the code in src/evm/tokens/v2_transformers, it seems like ityfuzz handles liquidation by iterating through necessary Uniswap swaps. Are there any approximation steps involved with this procedure? Where is the 8.254 ETH profit coming from?
Thanks!
The text was updated successfully, but these errors were encountered:
I ran the following command.
ityfuzz evm -t 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1,0x55d398326f99059fF775485246999027B3197955,0x17269a3CACB6eA16FE5137eC3ccBde00A6A97668 -f -c bsc -d erc20 --onchain-etherscan-api-key <API_KEY>And got the following result.
However, when I try to reproduce the exploit with foundry forge (with enough initial funds), the transaction does not yield the promised profit. In fact, it does not yield any profit. In addition, the contracts involved do not seem to have enough tokens to yield 8.254ETH.
According to the code in
src/evm/tokens/v2_transformers, it seems like ityfuzz handles liquidation by iterating through necessary Uniswap swaps. Are there any approximation steps involved with this procedure? Where is the 8.254 ETH profit coming from?Thanks!
The text was updated successfully, but these errors were encountered: