Work for V2 (#1)

* Partial work on v2

* Add Free Rider challenge

* Change package scripts

* Add Puppet v2

* Ease wording

* Limit ETH in climber

* Further cleanup before release

Author: tinchoabbate

.gitattributes

@@ -2,4 +2,8 @@ node_modules
 build
 contracts/attacker-contracts/*.sol
 *.solved.js
-cache
+cache
+.openzeppelin
+.vscode
+artifacts
+cache

.gitignore

@@ -0,0 +1,21 @@
+# Changelog
+
+## v2.0.0
+
+- Refactor testing environment. Now using Hardhat, Ethers and Waffle. This should give players a better debugging experience, and allow them to familiarize with up-to-date JavaScript tooling for smart contract testing.
+- New levels:
+    - Backdoor
+    - Climber
+    - Free Rider
+    - Puppet v2
+- New integrations with Gnosis Safe wallets, Uniswap v2, WETH9 and the upgradebale version of OpenZeppelin Contracts.
+- Tweaks in existing challenges after community feedback
+    - Upgraded most contracts to Solidity 0.8
+    - Changes in internal libraries around low-level calls and transfers of ETH. Now mostly using OpenZeppelin Contracts utilities.
+    - In existing Puppet and The Rewarder challenges, better encapsulate issues to avoid repetitions.
+    - Reorganization of some files
+- Changed from `npm` to `yarn` as dependency manager
+
+## v1.0.0
+
+Initial version

CHANGELOG.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2020
+Copyright (c) 2021 Damn Vulnerable DeFi
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

LICENSE

@@ -1,17 +1,14 @@
 ![](cover.png)
 
-**A set of challenges to hack implementations of DeFi in Ethereum.** Featuring flash loans, oracles, governance, NFTs, lending pools, and more!
+**A set of challenges to hack implementations of DeFi in Ethereum.**
 
-Created by [@tinchoabbate](https://twitter.com/tinchoabbate) at OpenZeppelin
+Featuring flash loans, price oracles, governance, NFTs, lending pools, smart contract wallets, timelocks, and more!
 
-## Play
-
-Visit [damnvulnerabledefi.xyz](https://damnvulnerabledefi.xyz)!
+Created by [@tinchoabbate](https://twitter.com/tinchoabbate)
 
-## Troubleshooting
+## Play
 
-- Some users have reported [issues](https://github.com/OpenZeppelin/damn-vulnerable-defi/issues/1) with specific versions of node. I have succesfully installed all dependencies, and executed all challenges, with version `v12.20.0`. If you're using a different version of node and are having problems during the setup, try switching to version `v12.20.0`.
-- Some users have reported [issues](https://github.com/OpenZeppelin/damn-vulnerable-defi/pull/4) with the timeout set in the `package.json` file for "The Rewarder" challenge. If you're having trouble executing your exploit for this challenge, try increasing the timeout.
+Visit [damnvulnerabledefi.xyz](https://damnvulnerabledefi.xyz)
 
 ## Disclaimer
 

README.md

@@ -1,9 +1,81 @@
 {
-  "contractName": "UniswapV1Factory",
-  "abi": [{"name":"NewExchange","inputs":[{"type":"address","name":"token","indexed":true},{"type":"address","name":"exchange","indexed":true}],"anonymous":false,"type":"event"},{"name":"initializeFactory","outputs":[],"inputs":[{"type":"address","name":"template"}],"constant":false,"payable":false,"type":"function","gas":35725},{"name":"createExchange","outputs":[{"type":"address","name":"out"}],"inputs":[{"type":"address","name":"token"}],"constant":false,"payable":false,"type":"function","gas":187911},{"name":"getExchange","outputs":[{"type":"address","name":"out"}],"inputs":[{"type":"address","name":"token"}],"constant":true,"payable":false,"type":"function","gas":715},{"name":"getToken","outputs":[{"type":"address","name":"out"}],"inputs":[{"type":"address","name":"exchange"}],"constant":true,"payable":false,"type":"function","gas":745},{"name":"getTokenWithId","outputs":[{"type":"address","name":"out"}],"inputs":[{"type":"uint256","name":"token_id"}],"constant":true,"payable":false,"type":"function","gas":736},{"name":"exchangeTemplate","outputs":[{"type":"address","name":"out"}],"inputs":[],"constant":true,"payable":false,"type":"function","gas":633},{"name":"tokenCount","outputs":[{"type":"uint256","name":"out"}],"inputs":[],"constant":true,"payable":false,"type":"function","gas":663}],
-  "bytecode": "0x6103f056600035601c52740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a05263538a3f0e60005114156100ed57602060046101403734156100b457600080fd5b60043560205181106100c557600080fd5b50600054156100d357600080fd5b60006101405114156100e457600080fd5b61014051600055005b631648f38e60005114156102bf576020600461014037341561010e57600080fd5b600435602051811061011f57600080fd5b50600061014051141561013157600080fd5b6000600054141561014157600080fd5b60026101405160e05260c052604060c020541561015d57600080fd5b7f602e600c600039602e6000f33660006000376110006000366000730000000000610180526c010000000000000000000000006000540261019b527f5af41558576110006000f30000000000000000000000000000000000000000006101af5260406101806000f0806101cf57600080fd5b61016052610160513b6101e157600080fd5b610160513014156101f157600080fd5b6000600060246366d3820361022052610140516102405261023c6000610160515af161021c57600080fd5b6101605160026101405160e05260c052604060c020556101405160036101605160e05260c052604060c02055600154600160015401101561025c57600080fd5b6001600154016102a0526102a0516001556101405160046102a05160e05260c052604060c0205561016051610140517f9d42cb017eb05bd8944ab536a8b35bc68085931dd5f4356489801453923953f960006000a36101605160005260206000f3005b6306f2bf62600051141561030e57602060046101403734156102e057600080fd5b60043560205181106102f157600080fd5b5060026101405160e05260c052604060c0205460005260206000f3005b6359770438600051141561035d576020600461014037341561032f57600080fd5b600435602051811061034057600080fd5b5060036101405160e05260c052604060c0205460005260206000f3005b63aa65a6c0600051141561039a576020600461014037341561037e57600080fd5b60046101405160e05260c052604060c0205460005260206000f3005b631c2bbd1860005114156103c05734156103b357600080fd5b60005460005260206000f3005b639f181b5e60005114156103e65734156103d957600080fd5b60015460005260206000f3005b60006000fd5b6100046103f0036100046000396100046103f0036000f3",
-  "compiler": {
-    "name": "vyper",
-    "version": "0.1.0b4"
+  "abi": [
+    {
+      "name": "NewExchange",
+      "inputs": [
+        { "type": "address", "name": "token", "indexed": true },
+        { "type": "address", "name": "exchange", "indexed": true }
+      ],
+      "anonymous": false,
+      "type": "event"
+    },
+    {
+      "name": "initializeFactory",
+      "outputs": [],
+      "inputs": [{ "type": "address", "name": "template" }],
+      "constant": false,
+      "payable": false,
+      "type": "function",
+      "gas": 35725
+    },
+    {
+      "name": "createExchange",
+      "outputs": [{ "type": "address", "name": "out" }],
+      "inputs": [{ "type": "address", "name": "token" }],
+      "constant": false,
+      "payable": false,
+      "type": "function",
+      "gas": 187911
+    },
+    {
+      "name": "getExchange",
+      "outputs": [{ "type": "address", "name": "out" }],
+      "inputs": [{ "type": "address", "name": "token" }],
+      "constant": true,
+      "payable": false,
+      "type": "function",
+      "gas": 715
+    },
+    {
+      "name": "getToken",
+      "outputs": [{ "type": "address", "name": "out" }],
+      "inputs": [{ "type": "address", "name": "exchange" }],
+      "constant": true,
+      "payable": false,
+      "type": "function",
+      "gas": 745
+    },
+    {
+      "name": "getTokenWithId",
+      "outputs": [{ "type": "address", "name": "out" }],
+      "inputs": [{ "type": "uint256", "name": "token_id" }],
+      "constant": true,
+      "payable": false,
+      "type": "function",
+      "gas": 736
+    },
+    {
+      "name": "exchangeTemplate",
+      "outputs": [{ "type": "address", "name": "out" }],
+      "inputs": [],
+      "constant": true,
+      "payable": false,
+      "type": "function",
+      "gas": 633
+    },
+    {
+      "name": "tokenCount",
+      "outputs": [{ "type": "uint256", "name": "out" }],
+      "inputs": [],
+      "constant": true,
+      "payable": false,
+      "type": "function",
+      "gas": 663
+    }
+  ],
+  "evm": {
+    "bytecode": {
+      "object": "6103f056600035601c52740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a05263538a3f0e60005114156100ed57602060046101403734156100b457600080fd5b60043560205181106100c557600080fd5b50600054156100d357600080fd5b60006101405114156100e457600080fd5b61014051600055005b631648f38e60005114156102bf576020600461014037341561010e57600080fd5b600435602051811061011f57600080fd5b50600061014051141561013157600080fd5b6000600054141561014157600080fd5b60026101405160e05260c052604060c020541561015d57600080fd5b7f602e600c600039602e6000f33660006000376110006000366000730000000000610180526c010000000000000000000000006000540261019b527f5af41558576110006000f30000000000000000000000000000000000000000006101af5260406101806000f0806101cf57600080fd5b61016052610160513b6101e157600080fd5b610160513014156101f157600080fd5b6000600060246366d3820361022052610140516102405261023c6000610160515af161021c57600080fd5b6101605160026101405160e05260c052604060c020556101405160036101605160e05260c052604060c02055600154600160015401101561025c57600080fd5b6001600154016102a0526102a0516001556101405160046102a05160e05260c052604060c0205561016051610140517f9d42cb017eb05bd8944ab536a8b35bc68085931dd5f4356489801453923953f960006000a36101605160005260206000f3005b6306f2bf62600051141561030e57602060046101403734156102e057600080fd5b60043560205181106102f157600080fd5b5060026101405160e05260c052604060c0205460005260206000f3005b6359770438600051141561035d576020600461014037341561032f57600080fd5b600435602051811061034057600080fd5b5060036101405160e05260c052604060c0205460005260206000f3005b63aa65a6c0600051141561039a576020600461014037341561037e57600080fd5b60046101405160e05260c052604060c0205460005260206000f3005b631c2bbd1860005114156103c05734156103b357600080fd5b60005460005260206000f3005b639f181b5e60005114156103e65734156103d957600080fd5b60015460005260206000f3005b60006000fd5b6100046103f0036100046000396100046103f0036000f3"
+    }
   }
 }

buidler.config.js

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
+import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol";
+import "@openzeppelin/contracts/access/AccessControl.sol";
+import "@openzeppelin/contracts/utils/Counters.sol";
+
+/**
+  * @title DamnValuableNFT
+  * @author Damn Vulnerable DeFi (https://damnvulnerabledefi.xyz)
+  * @notice Implementation of a mintable and burnable NFT with role-based access controls
+ */
+contract DamnValuableNFT is ERC721, ERC721Burnable, AccessControl {
+    using Counters for Counters.Counter;
+
+    bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
+    Counters.Counter private _tokenIdCounter;
+
+    constructor() ERC721("DamnValuableNFT", "DVNFT") {
+        _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
+        _setupRole(MINTER_ROLE, msg.sender);
+    }
+
+    function safeMint(address to) public onlyRole(MINTER_ROLE) returns (uint256) {
+        uint256 tokenId = _tokenIdCounter.current();
+        _safeMint(to, tokenId);
+        _tokenIdCounter.increment();
+        return tokenId;
+    }
+
+    function supportsInterface(bytes4 interfaceId)
+        public
+        view
+        override(ERC721, AccessControl)
+        returns (bool)
+    {
+        return super.supportsInterface(interfaceId);
+    }
+}

build-uniswap-v1/UniswapV1Exchange.json

@@ -1,11 +1,17 @@
-pragma solidity ^0.6.0;
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
 
 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
 
+/**
+ * @title DamnValuableToken
+ * @author Damn Vulnerable DeFi (https://damnvulnerabledefi.xyz)
+ */
 contract DamnValuableToken is ERC20 {
 
     // Decimals are set to 18 by default in `ERC20`
-    constructor() public ERC20("DamnValuableToken", "DVT") {
-        _mint(msg.sender, 2**256 - 1);
+    constructor() ERC20("DamnValuableToken", "DVT") {
+        _mint(msg.sender, type(uint256).max);
     }
 }