solidity blockchain ethereum aave ethersjs hardhat typescript

Inverse Finance Exploit

This repo reproduces the oracle manipulation attack happened to Inverse Finance on June 16, 2022.

Transaction detail: https://etherscan.io/tx/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

Installation and Setup

1. Install Node.js & yarn, if you haven't already.

2. Clone This Repo

Run the following command.

git clone https://github.com/yuichiroaoki/inverse-finance-exploit.git

Demo

1. Setup Environment Variables

You'll need an ALCHEMY_MAINNET_RPC_URL environment variable. You can get one from Alchemy website for free.

Then, you can create a .env file with the following.

ALCHEMY_MAINNET_RPC_URL='<your-own-alchemy-mainnet-rpc-url>'

2. Install Dependencies

Run the following command.

yarn install

3. Compile Smart Contracts

Run the following command.

yarn compile

4. Simulate the Attack on the Ethereum Mainnet Fork

Run the following command.

yarn attack

Expected Outputs

$ yarn attack
latest answer 979943357748941122174
latest answer 2831510989152831182521
Earned:  53.24504921 WBTC
Earned:  99976.294967 USDC
Transaction Fee:  0.08769064026344821 ETH

References

https://blocksecteam.medium.com/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91

https://tools.blocksec.com/tx/eth/0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c

https://twitter.com/peckshield/status/1537382891230883841

About

Oracle Manipulation Attack on Inverse Finance

https://medium.com/coinmonks/how-the-oracle-manipulation-attack-happened-to-inverse-finance-cb95e5343034

solidity blockchain ethereum aave ethersjs hardhat typescript

MIT License

Languages

Language:Solidity 73.3%Language:TypeScript 26.5%Language:Shell 0.2%