-
Notifications
You must be signed in to change notification settings - Fork 0
/
raffle_exploit_template.rs
85 lines (75 loc) · 2.84 KB
/
raffle_exploit_template.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright (C) Parity Technologies (UK) Ltd.
// SPDX-License-Identifier: Apache-2.0
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use crate::casino::*;
// Raffle Exploit Template
//
// Use this template to craft your attacks to the `Raffle` module.
// Feel free to use the same template to attack other targets.
// An example space is marked where you can write your exploit code.
// However, normally you will need to write more code to achieve your goal.
// This is just a template to get you started.
#[test]
fn raffle_exploit_template_works() { // Always use the _works suffix
/* Scenario Definition */
let victims = vec![
Casino::account_id_of(ALICE),
Casino::account_id_of(BOB),
Casino::account_id_of(EVE),
Casino::account_id_of(CHARLIE),
];
let attacker = Casino::account_id_of(DAVE);
let calls = vec![
Box::new(RuntimeCall::Poker(PokerCall::start_game {})),
Box::new(RuntimeCall::Poker(PokerCall::join_game {})),
Box::new(RuntimeCall::Poker(PokerCall::deal_hand {})),
];
let price = 10;
let length = 20;
let delay = 5;
let next_raffle_call = None;
let mut draw_block = length + delay;
let mut attacker_new_balance = 0;
Casino::execute_with(|| {
draw_block += System::block_number();
assert_ok!(Raffle::set_calls(RuntimeOrigin::root(), calls));
assert_ok!(Raffle::start_raffle(
RuntimeOrigin::signed(victims[0].clone()),
price,
length,
delay,
next_raffle_call,
));
assert_ok!(Raffle::play(
RuntimeOrigin::signed(victims[1].clone()),
RuntimeCall::Poker(PokerCall::start_game {}).encode()
));
});
/* Scenario Definition */
/* Exploit */
Casino::execute_with(|| {
let attacker_balance = Balances::free_balance(&attacker);
/* Your exploit code goes here */
let tickets_count = Raffle::tickets_count() as u128;
let ticket_bought = 1;
let extra_fees = 1; // Poker fee
let prize = price * (tickets_count - ticket_bought);
attacker_new_balance = attacker_balance + prize - extra_fees;
});
/* Exploit */
/* Scenario Execution */
run!(draw_block, || {
assert_ne!(Balances::free_balance(&attacker), attacker_new_balance);
});
/* Scenario Execution */
}