🍦
ItyFuzz
Hosted ItyFuzz on Blaz
  • Introduction
  • Installation & Building
  • Quickstart
  • Tutorials
    • [Exp] Hacking BEGO
    • [Exp] Hacking AES
    • [CTF] Verilog CTF (Onchain)
    • [CTF] Verilog CTF (Offchain)
    • [Exp] Known Working Hacks
  • Docs (EVM Contract)
    • Constructor for Offchain Fuzzing
    • Writing Invariants
    • Detecting Common Vulns
Powered by GitBook
On this page
Edit on GitHub
  1. Tutorials

[Exp] Hacking AES

Previous[Exp] Hacking BEGONext[CTF] Verilog CTF (Onchain)

Last updated 1 year ago

AES on Binance Smart Chain has experienced a price manipulation attack requiring flash loan. It is one of the most complex attacks we have seen so far.

Full exploit:

Using ItyFuzz to Solve

AES LP contract that is vulnerable:

The contracts are exploitable before block number 23695904. We'll fork the chain at block number 23695904 and let ItyFuzz find the exploit.

To conduct an ItyFuzz campaign, run the following command:

ityfuzz evm\
 -t 0x40eD17221b3B2D8455F4F1a05CAc6b77c5f707e3\
 -f -c BSC\
 --onchain-block-number 23695904\
 --onchain-etherscan-api-key <your etherscan api key> # (Optional) specify your BSC etherscan api key
https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/AES_exp.sol
0x40eD17221b3B2D8455F4F1a05CAc6b77c5f707e3