# Operation magic redemption {% embed url="" %} MagicETH {% endembed %} ## Objective A prominent protocol, InsecStar, finds itself under attack. Their token, MagicETH (mETH), has been drained through an exploit in their borrow & loan protocol. InsecStar has urgently summoned you to devise a method to recover the stolen tokens and redeem them for ETH before the situation worsens. This is a critical test of your capabilities. Can you rise to the occasion and secure the tokens, thereby reinforcing the strength and resilience of the Ethereum ecosystem? 📌 Recover `1000 mETH` from the *exploiter wallet*. 📌 Convert the `mETH` to `ETH` to avoid further losses.
🗒️ Concepts you should be familiar with (spoilers!) * [*The ERC20 token standard*](https://ethereum.org/en/developers/docs/standards/tokens/erc-20) * *Review the $DEI incident.*
*** **The contracts that you will hack are**: * [**`MagicETH.sol`**](https://github.com/ret2basic/AMAZEX-DSS-PARIS/blob/main/src/1_MagicETH/MagicETH.sol) **The test script where you will have to write your solution is**: * [**`Challenge1.t.sol`**](https://github.com/ret2basic/AMAZEX-DSS-PARIS/blob/main/test/Challenge1.t.sol) ## Writeup In `burnFrom()`: ```solidity uint256 currentAllowance = allowance(msg.sender, account); ``` Always check if the parameters are provided in correct order. In this case, the function definition is `allowance(address owner, address spender)`, and clearly `msg.sender` shouldn't be the owner. The variable `currentAllowance` is used here: ```solidity _approve(account, msg.sender, currentAllowance - amount); ``` Developer assumed this line is going to reduce `msg.sender`'s allowance on `account`. However, due to the bug in `currentAllowance`, we can first call `approve()` to grant max allowance for `exploiter` and then call `burnFrom(exploiter, 0)` to trigger: ```solidity _approve(exploiter, whitehat, type(uint256).max); ``` After that a simple `transferFrom()` call will take all mETH from the exploiter. ## PoC {% embed url="" %} MagicETH PoC {% endembed %}