🍦
ItyFuzz
Hosted ItyFuzz on Blaz
  • Introduction
  • Installation & Building
  • Quickstart
  • Tutorials
    • [Exp] Hacking BEGO
    • [Exp] Hacking AES
    • [CTF] Verilog CTF (Onchain)
    • [CTF] Verilog CTF (Offchain)
    • [Exp] Known Working Hacks
  • Docs (EVM Contract)
    • Constructor for Offchain Fuzzing
    • Writing Invariants
    • Detecting Common Vulns
Powered by GitBook
On this page
Edit on GitHub
  1. Tutorials

[Exp] Hacking BEGO

PreviousQuickstartNext[Exp] Hacking AES

Last updated 1 year ago

BEGO on Binance Smart Chain has a bug in the contract allowing arbitrary mint.

Full exploit:

Using ItyFuzz to Solve

BEGO contract that is vulnerable:

The contracts are exploitable before block number 22315678. We'll fork the chain at block number 22315678 and let ItyFuzz find the exploit.

To conduct an ItyFuzz campaign, run the following command:

ityfuzz evm\
 -t 0xc342774492b54ce5F8ac662113ED702Fc1b34972\
 -f -c BSC\
 --onchain-block-number 22315678\
 --onchain-etherscan-api-key <your etherscan api key> # (Optional) specify your BSC etherscan api key
https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/BEGO_exp.sol
0xc342774492b54ce5F8ac662113ED702Fc1b34972