Write your own exploit for $CASH

Related tags

Command-line cashio-exploit-workshop
Overview

Cashio Exploit Workshop

The Cashio hack was one of the biggest hacks occurred in Solana ecosystem which allowed the attacker to print infinite amount of $CASH with a faked collateral. This repository provides a local environment that you can try writing your own attack for Cashio. This exploit workshop is influenced by Solana Security Workshop which we highly recommend to finish before trying this one.

DISCLAIMER: This tutorial is provided entirely for an educational purpose. We DO NOT endorse or support any type of illegal activities.

Steps

  1. The main file you will be working on is poc/src/main.rs. The file contains the code that prepares the mock environment with a real Cashio bank filled with assets. Take a look at the provided code to learn how to use the provided LocalEnv struct.
  2. Write your PoC in execute_poc() function. Your goal is to write code that exploits a logic bug in the Cashio contract that allows you to print infinite amount of $CASH and use the printed $CASH to steal collaterals (Saber LP token) stored in the bank.
  3. Run make to check your answer. After the initial build of dependencies cargo run also works.

Hints

Who are we?

We are Pwned No More, a white hat hacker DAO created by and for the best talents to protect our beloved crypto/Web3 world.

You might also like...
colorStyle is a library of styles for command-line text write in Rust.
colorStyle is a library of styles for command-line text write in Rust.

Colorstyle colorStyle is a library of styles for command-line text. Inspired by flylog/colorstyle (golang) Example let text = colorstyle::green("gre

Code Translation 6 Nov 12, 2022
Write a simple CLI script, that when given a 64-byte encoded string

Write a simple CLI script, that when given a 64-byte encoded string, it finds a suitable 4-byte prefix so that, a SHA256 hash of the prefix combined with the original string of bytes, has two last bytes as 0xca, 0xfe. Script should expect the original content of the string to be passed in hexadecimal format and should return two lines, first being the SHA256 string found and second 4-byte prefix used (in hexadecimal format).

Andy Bell 0 Feb 4, 2022
Library to write x64 Assembly code from Rust, more properly. Designed for the nasm assembler

x64asm Library to write x64 Assembly code from Rust, more properly. Designed for the nasm assembler How to use let mut f = Formatter::new(false); // f

Anтo 7 Dec 30, 2022
A Rust program/library to write a Hello World message to the standard output.

hello-world Description hello-world is a Rust program and library that prints the line Hello, world! to the console. Why was this created? This progra

null 0 May 11, 2022
Write Cross-platform application with React-like decralative UI framework and scalable ECS architecture all in Rust.

bevy_dioxus Dioxus Plugin for Bevy Write Cross-platform application with React-like decralative UI framework and scalable ECS architecture all in Rust

Junichi Sugiura 269 Dec 29, 2022
Simple macros to write colored and formatted text to a terminal. Based on `termcolor`, thus also cross-platform.
Simple macros to write colored and formatted text to a terminal. Based on `termcolor`, thus also cross-platform.

Bunt: simple macro-based terminal colors and styles bunt offers macros to easily print colored and formatted text to a terminal. It is just a convenie

Lukas Kalbertodt 202 Dec 22, 2022
A Write Ahead Log (WAL) implementation in Rust

Okay WAL A write-ahead log (WAL) implementation for Rust. There's The Great Wall, and then there's this: an okay WAL. This crate exposes a WAL that su

Khonsu Labs 5 Oct 28, 2022
Sets of libraries and tools to write applications and libraries mixing OCaml and Rust

Sets of libraries and tools to write applications and libraries mixing OCaml and Rust. These libraries will help keeping your types and data structures synchronized, and enable seamless exchange between OCaml and Rust

Meta 36 Jan 28, 2023
That program use on platform windows. And if you write any text on uncorrect keyboard layout, that program for that.
That program use on platform windows. And if you write any text on uncorrect keyboard layout, that program for that.

📌 This program is designed to translate text into the correct layout when typing is incorrect. 📌 Example ghbdtn - привет Just (by default) pressing

Gest Se 5 Jan 26, 2023
Owner
Narya.ai
Narya.ai
GitHub
A cross platform, rust implementation for the Tegra X1 bootROM exploit

Switcheroo A CLI and GUI for the RCM BootRom exploit (Fusée Gelée exploit for Nintendo Switch) Only works on unpatched Switches: https://ismyswitchpat

Ethan Budd 35 Nov 5, 2022
apache-shiro-exploit

郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 使用方法 ➜ ~ shiro_exploit --help Usage: shiro_exploit [--key <key>] [-m <mode>] [-t <t

EMOCAT 27 Jan 8, 2023
zkPoEX enables white hat hackers to report live vulnerabilities in smart contracts while maintaining the confidentiality of the exploit

zkPoEX enables white hat hackers to report live vulnerabilities in smart contracts while maintaining the confidentiality of the exploit, facilitating efficient communication and collaboration between hackers and project owners for a more secure DeFi ecosystem.

zkoranges 135 Apr 16, 2023
A toolkit for building your own interactive command-line tools in Rust

promkit A toolkit for building your own interactive command-line tools in Rust, utilizing crossterm. Getting Started Put the package in your Cargo.tom

null 70 Dec 18, 2022
A bring-your-own-mutex version of once_cell.

generic_once_cell generic_once_cell is a generic no_std version of once_cell. Internal synchronization for initialization is provided as type paramete

Martin Kröning 3 Nov 28, 2022
Create `.gitignore` files using one or more templates from TopTal, GitHub or your own collection

gitnr A cross-platform CLI utility to create .gitignore files using templates. Use templates from the GitHub & TopTal collections Use local files and

reemus.dev 25 Sep 2, 2023
A mansplainer for man commands, cheeky and rude, use at your own risk

mansplain mansplain is a Command-Line Interface (CLI) tool built in Rust that mansplains a command to you Prerequisites Rust and Cargo installed An Op

Pratik Kanthi 3 Oct 24, 2023
Custom implementation of Curl - Build Your Own curl

Build Your Own curl We are going to build curl from scratch by accepting the coding challenge posted on Coding Challenges FYI. Before moving ahead, yo

Praveen Chaudhary 15 Jun 7, 2024
ask.sh: AI terminal assistant that can read and write your terminal directly!

ask.sh: AI terminal assistant that read from & write to your terminal ask.sh is an AI terminal assistant based on OpenAI APIs such as GPT-3.5/4! What'

hmirin 5 Jun 20, 2023
bevy_scriptum is a a plugin for Bevy that allows you to write some of your game logic in a scripting language

bevy_scriptum is a a plugin for Bevy that allows you to write some of your game logic in a scripting language. Currently, only Rhai is supported, but more languages may be added in the future.

Jarosław Konik 7 Jun 24, 2023