A new cool lending pool has launched! It's now offering flash loans of DVT tokens.

Wow, and it even includes a really fancy governance mechanism to control it.

What could go wrong, right ?

You start with no DVT tokens in balance, and the pool has 1.5 million.

Your objective: steal them all.

function queueAction(address receiver, bytes calldata data, uint256 weiAmount) external returns (uint256) {
        require(_hasEnoughVotes(msg.sender), "Not enough votes to propose an action");
        require(receiver != address(this), "Cannot queue actions that affect Governance");

        uint256 actionId = actionCounter;

        GovernanceAction storage actionToQueue = actions[actionId];
        actionToQueue.receiver = receiver;
        actionToQueue.weiAmount = weiAmount;
        actionToQueue.data = data;
        actionToQueue.proposedAt = block.timestamp;

        actionCounter++;

        emit ActionQueued(actionId, msg.sender);
        return actionId;
    }

    function executeAction(uint256 actionId) external payable {
        require(_canBeExecuted(actionId), "Cannot execute this action");
        
        GovernanceAction storage actionToExecute = actions[actionId];
        actionToExecute.executedAt = block.timestamp;

        (bool success,) = actionToExecute.receiver.call{
            value: actionToExecute.weiAmount
        }(actionToExecute.data);
        
        require(success, "Action failed");

        emit ActionExecuted(actionId, msg.sender);
    }

Why this function is passed this modifier

modifier onlyGovernance() {
        require(msg.sender == address(governance), "Only governance can execute this action");
        _;
    }

function drainAllFunds(address receiver) external onlyGovernance {
        uint256 amount = token.balanceOf(address(this));
        token.transfer(receiver, amount);
        
        emit FundsDrained(receiver, amount);
    }

✅ How to use ContractName public varName

Contractname public varName;
// using deployed address
varName = Contractname(_varNameAddress)

⇒ It is only required to execute from SimpleGovernonce

		SimpleGovernance public governance;

    constructor(address tokenAddress, address governanceAddress) public {
        token = ERC20Snapshot(tokenAddress);
        governance = SimpleGovernance(governanceAddress);
    }

so, need to execute drainAllFunds function from the SimpleGov contract

but, there are some conditions

You have to be the receiver to store the data.