For Balsn CTF 2020 online, I also created two smart-contract challenges, Election and IdleGame. The source files of them are available on GitHub - shw9453/my-ctf-challenges. Here is a walkthrough of the challenge IdleGame.

Challenge

Thinking about making money by playing games? Try the first idle game on the blockchain!

  • Type: Smart contract
  • Solves: 4/490
  • Keywords: Continuous token, Flash-mintable token, Arbitrage, DeFi attack

Solution

Overview of the Game Contract

The IdleGame contract is designed as a real idle game, where players wait a specific time to earn IDL tokens and spend them on leveling up. Moreover, players can also buy and sell IDL tokens with BSN tokens. To reach our goal of earning a large number of IDL tokens, playing the game is not enough. We have to exploit the token contract’s two features: flash-mintable and continuous supply.

Flash-Mintable Tokens

Flash-mintable tokens are ERC20-compliant tokens that allow flash-minting. Anyone can mint an arbitrary number of tokens as long as he can burn the same number of tokens at the end of the transaction, or the transaction reverts otherwise. Keep in mind that, with the flash-mintable capability, one can manipulate the total supply of a token to an arbitrarily large value as he desires.

Continuous Tokens

If you are not familiar with continuous tokens, bounding curves or the Bancor formula, here is an excellent article to start. Recall that the Bancor formula determines the price of a continuous token as follows:

ContinuousTokenPrice = ReserveBalance / (ContinuousTokenSupply * ReserveRatio)

In this challenge, IDL is a continuous token with BSN as its reserve token, and the reserve ratio is 99.9% (line 86). When buying tokens, both ReserveBalance and ContinuousTokenSupply increase, and so does the ContinuousTokenPrice. Selling tokens, on the other hand, reduces the price.

Arbitraging by Manipulating the Token Price

Now comes the tricky part. How would the price of IDL change if we can directly control its total supply without minting or burning? According to the formula, the token price decreases as the total supply increases and vice versa. By controlling the total supply, we can perform an arbitrage attack.

First, flash-mint a large number of IDL tokens to raise the total supply and buy them with BSN tokens before the flash-minted tokens are burned. Second, sell all IDL tokens for BSN tokens. Since we buy the IDL tokens at a low price and sell them at a higher price, we get more BSN tokens than before. Repeat the attack multiple times to earn more BSN tokens until we have enough to exchange them to IDL and buy a flag.

Misc

This challenge is inspired by the Eminence attack, where the attacker earned 15M USD (but also returned 8M). In this real-world attack, the total supply of the continuous token, EMN, was manipulated by buying and selling eAAVE tokens instead of using the flash-minting feature.

Thanks to @aaditya_purani and @whysw_p for their fantastic write-ups for this challenge. Hope you all enjoyed it!

Flag: BALSN{Arb1tr4ge_wi7h_Fl45hMin7}