Damn Vulnerable DeFi — Challenge #3 Walkthrough

Let’s dive into the next challenge called Truster in the OpenZeppelin’s fun wargame:

More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.
Currently the pool has 1 million DVT tokens in balance. And you have nothing.
But don't worry, you might be able to steal them all from the pool.

The challenge sets up a lending pool instance of TrusterLenderPool and deposits 1M ETH:

The TrusterLenderPool has a single function called flashLoan which can lend any requested amount to the borrower address as long as that amount is returned by the end of the transaction:

What’s really interesting about the above function is that it also executes an arbitrary smart contract with user supplied data. We can’t abuse the function in a way that would result in an immediate monetary loss since balances before and…