✅Temporary Variable

Idea

This is a no-brainer one. Basically there are two functions called supply() and remove():

    function supply(
        address _user,
        uint256 _amount
    ) public {
        require(_user == msg.sender, "unauthorized");
        require(_balances[_user] == 0, "already exists");
        require(_amount > 0, "invalid amount");
        _balances[_user] += _amount;
        _blacklist[_user] = false;
    }

    function remove (
        address _from,
        uint256 _amount
    ) public isUserBlacklisted(_from)  {
        require(_from == msg.sender, "unauthorized");
        uint256 _accountbalance = _balances[_from];
        require(_amount <= _accountbalance, "not enough balance");


        if (_amount == _accountbalance) {
            delete _balances[_from];
            delete _blacklist[_from];
        }
        else {
            _accountbalance -= _amount;
            _balances[_from] = _accountbalance;
        }
    }

The assertion is:

        uint256 newbalance = _factory.checkbalance(user1);
        assertEq(newbalance, 200);

where checkbalance() just reads the mapping _balance:

    function checkbalance(address _user) public view returns (uint256) {
        return _balances[_user];
    }

This is so obvious. The function supply() does not ask for money, we can just call it with any amount we desire. Before calling supply(), we should call remove() to clear user balance, so that the check require(_balances[_user] == 0, "already exists"); will pass.

PoC

QuillCTF-PoC/TemporaryVariable/test/factory.t.sol at main · ret2basic/QuillCTF-PoCGitHub

TemporaryVariable PoC