blockchainmedium

[Blackbox] Web3_Lending

caplag

Task: DeFi lending platform on Anvil devnet with AMM, LendingVault, and FlashLoanProvider contracts. Solution: Reverse engineered EVM bytecode to extract flag from PUSH32 string literals; intended path was spot oracle price manipulation via flash loan attack.

$ ls tags/ techniques/

blockchain web3 anvil evm_bytecode defi lending amm flash_loan oracle_manipulation spot_price

evm_bytecode_reverse_engineeringpush32_string_extractionspot_oracle_price_manipulationflash_loan_attackdefi_oracle_exploit

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]