LendEx pool hack

https://github.com/ret2basic/AMAZEX-DSS-PARIS/tree/main/src/3_LendingPool

LendingPool

Objective

In the realm of decentralized finance, where trust is often bestowed upon code, a groundbreaking borrowing and lending platform known as LendEx was created.

Unbeknownst to the LendEx team, a hacker hide a bug in the LendingPool smart contract with a intention to exploit the bug later. LendEx team reviewed smart contract source code, approved it for the usage and deposited the funds from the LendExGovernor contract to the LendingPool contract.

Do you have what it takes to spot how hacker is planning to exploit the LendEx?

📌 You have to fill the shoes of the hacker and execute the exploit by stealing stablecoins from a lending pool. 📌 Note: Foundry has a bug. If a selfdestruct() is triggered in a test script then it has to be done in the setUp() function and the rest of the code should be in a different function otherwise foundry test script does not see that selfdestruct happened to a contract. 📌 You have to modify LendingHack.sol and setUp(), testExploit() functions for Challenge3.t.sol.

🗒️ Concepts you should be familiar with (spoilers!)

• The TornadoCash Governance Exploit.

• How to deploy different contracts on the same address.

---

The contract that you will hack is:

• LendingHack.sol

Which have interactions with the following contracts:

• LendExGovernor.sol

• LendingPool.sol

• Create2Deployer.sol

• CreateDeployer.sol

• USDC.sol

The test script where you will have to write your solution is:

• Challenge3.t.sol

Writeup

PoC