challenge 3: audius
quick, empty the treasury
for your next challenge, i want to try something different.
many of us heard about the audius hack a few months ago. the simple soundbite is that there was a storage slot collision with a proxy contract that allowed reinitialization of existing contracts. simple enough.
what i want you to figure out is this: how can you exploit this vulnerability to drain the treasury?
i’ll warn you, it’s not as simple as it appears.
first one to post a proof of concept with the solution on twitter earns a spot on the leaderboard.
i’ll be sending out hints later this week, and the full solution next friday, sept 23.
(note: since audius contracts were written in solidity 0.5.0, forge doesn’t work out of the box. this repo uses ds-test for testing and pulls in forge features as needed. it should work fine, but if it gives you trouble, ping me on twitter and i’ll help you out.)
subscribe to get the full solution in your inbox: