Damn Vulnerable DeFi — Challenge #5 Walkthrough

4 min readDec 18, 2020

Let’s continue our journey of learning about vulnerable DeFi applications. The next exercise, the-rewarder, challenges us to cheat at getting all of the rewards in a stripped down liquidity pool app:

There's a pool offering rewards in tokens every 5 days for those who deposit their DVT tokens into it.Alice, Bob, Charlie and David have already deposited some DVT tokens, and have won their rewards!You don't have any DVT tokens. Luckily, these are really popular nowadays, so there's another pool offering them in free flash loans.In the upcoming round, you must claim all rewards for yourself.

The challenge consists of four different contracts with the following functionality:

TheRewarderPool.sol accepts DamnValuableToken deposits and awards RewardTokens every 5 days. The contract uses AccountingToken for record keeping of deposited tokens.
RewardToken.sol is a simple ERC-20 token with basic minting functionality. It is used as a reward for keeping DamnValuableToken deposited in TheRewarderPool.
AccountingToken.sol is an ERC20Snapshot token. It is used to keep historical balances of DamnValuableToken deposited into TheRewarderPool and to calculate the amount of RewardToken to award users.
DamnValuableToken.sol, also referred to as a Liquidity Token, is a simple ERC-20 token. It is used as a liquidity token which can be deposited into TheRewarderPool in order to earn RewardToken. It can be borrowed from the FlashLoanerPool.
FlashLoanerPool.sol is a simple contract with a single method to supply flash loans of DamnValuableToken.

The interactions between all of the different contracts can be complex so it’s best to diagram all of the contract calls:

In the graph above, users can deposit Liquidity Tokens (DamnValuableToken) into the Rewarder Pool which in turn creates a balance snapshot and mints Reward Tokens each reward round. Users are awarded Reward Tokens based on the percentage of user owned vs. total deposited tokens. Below is the TheRewarderPool.sol source with some additional comments to help us better understand how the reward logic works:

Damn Vulnerable DeFi — Challenge #5 Walkthrough

Written by Peter Kacherginsky

More from Peter Kacherginsky

Hping Tips and Tricks

Hping is a TCP/IP packet forging tool with embedded Tcl scripting functionality. Developed by antirez in 1998, it is now in its 3rd…

Nmap Scanning Tips and Tricks

Nmap (Network MAPper) is a network port scanner with service version and operating system detection engines. The tool was originally…

Decrypting TLS/SSL traffic with Wireshark

Wireshark is capable of decrypting TLS/SSL traffic when certain conditions are met:

TLS/SSL Protocol

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two closely related protocols designed to protect confidentiality and…

Recommended from Medium

New audit competition with HOPR! Up to 1 Million in $HOPR in prizes.

Starting October 5th, 2023, at 15:00 GMT to October 19th, 2023, at 16:00 GMT

Damn Vulnerable DeFi V3 — Side Entrance

In today’s challenge, we will attempt to exploit a lending protocol.

Lists

Best of The Writing Cooperative

Staff Picks

Chainlink Oracle Security Considerations

Integrating with Chainlink Oracles involves unique security considerations that can result in exploitable vulnerabilities in smart…

A Deep Dive Into the Uniswap V2 Protocol

Know how the top DeFi protocol works under the hood

Pessimistic Spotter: Overview

Looking at this month’s never-ending hacks, one may wonder why they happen so frequently…

DFX Finance Rounding Error Bugfix Review

Summary