challenge 3: audius
for your next challenge, i want to try something different.
many of us heard about the audius hack a few months ago. the simple soundbite is that there was a storage slot collision with a proxy contract that allowed reinitialization of existing contracts. simple enough.
what i want you to figure out is this: how can you exploit this vulnerability to drain the treasury?
i’ll warn you, it’s not as simple as it appears.
first one to post a proof of concept with the solution on twitter earns a spot on the leaderboard.
i’ll be sending out hints later this week, and the full solution next friday, sept 23.
happy hacking!
https://github.com/unhackedctf/audius
(note: since audius contracts were written in solidity 0.5.0, forge doesn’t work out of the box. this repo uses ds-test for testing and pulls in forge features as needed. it should work fine, but if it gives you trouble, ping me on twitter and i’ll help you out.)