Skip to content
This repository was archived by the owner on Jan 15, 2024. It is now read-only.

Files

Latest commit

RivaillRivaill
Add Polygon double spend PoC
Mar 11, 2022
51415b3 · Mar 11, 2022

History

History
This branch is up to date with Rivaill/CryptoVulhub:master.

PolygonDoubleSpend

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
contracts
contracts
Mar 11, 2022
scripts
scripts
Mar 11, 2022
.env.example
.env.example
Mar 11, 2022
.eslintignore
.eslintignore
Mar 11, 2022
.eslintrc.js
.eslintrc.js
Mar 11, 2022
.gitignore
.gitignore
Mar 11, 2022
.npmignore
.npmignore
Mar 11, 2022
.prettierignore
.prettierignore
Mar 11, 2022
.prettierrc
.prettierrc
Mar 11, 2022
.solhint.json
.solhint.json
Mar 11, 2022
.solhintignore
.solhintignore
Mar 11, 2022
README.md
README.md
Mar 11, 2022
hardhat.config.ts
hardhat.config.ts
Mar 11, 2022
package-lock.json
package-lock.json
Mar 11, 2022
package.json
package.json
Mar 11, 2022
tsconfig.json
tsconfig.json
Mar 11, 2022

README.md

Polygon double spend vulnerable PoC

How to run

Install nodejs/npm first

Set up the forking url (in hardhat.config.ts)

e.g. https://speedy-nodes-nyc.moralis.io/xxxxxxxxxxx/eth/mainnet/archive ( You need to apply for speedy-nodes from moralis.io)

Then run

npm install
npx hardhat run scripts/attack.ts

You will see similar output later

------ Exploit: verifyInclusion byte discard bug ------------
Dai balance of attacker: 0.0
------> Step 1: call processExits() to make a normal withdrawal
Dai balance of attacker: 33000.0
------> Step 2: call startExitWithBurntTokens() repeatedly to mint ExitNFT
7 days have passed
------> Step 3: call processExits() to make multiple withdrawals
Dai balance of attacker: 99000.0

This means the attack is complete

The block height of the fork is 13260334

Link