Update documentation and logging

README.md

@@ -4,6 +4,10 @@
 
 This repo contains the details of an exploit that drains 82.37% of the Elastic pool for wstETH-ETH on the Ethereum Mainnet at block height 17050000 (2023-Apr-15 04:13:47 AM +UTC). **This root cause of this exploit has now been fixed and a new audit has been conducted**.
 
+The PoC of the exploit is in [./test/KyberswapLegacyTest.sol].
+
+A PoC showing the that vulnerability is not present in the updated contracts is in [./test/KyberswapTest.sol].
+
 The exploit is generalisable to any pool running on the old Elastic code in the [ks-elastic-sc-legacy](https://github.com/KyberNetwork/ks-elastic-sc-legacy) repo.
 
 I submitted this Proof of Concept to Kyber Network on 17 April 2023. Kyber Network quickly disabled minting of new positions, and asked their LPs to withdraw their liquidity. After swiftly fixing the code and performing a fresh [audit with Chain Security](https://chainsecurity.com/security-audit/kyberswap-elastic/) Kyber Network re-launched the Elastic pools on 24 April 2023.

test/KyberswapLegacyTest.sol

@@ -294,6 +294,11 @@ contract KyberswapLegacyTest is Test, IFlashLoanReceiver {
         bytes calldata /*params*/
     ) external override returns (bool) {
 
+        console.log("================================================================");
+        console.log("Test demonstrating legacy contracts are vulnerable to double-add");
+        console.log("================================================================\n\n\n");
+
+
         console.log("--- Before flash loan ---");
         console.log("stETH balance = %s", stETH.balanceOf(address(this)).pretty());
         console.log("WETH  balance = %s", WETH.balanceOf(address(this)).pretty());

test/KyberswapTest.sol

@@ -74,33 +74,24 @@ contract KyberswapTest is Test {
     }
 
     function testFailedHack() public {
-
-        console.log("--- Before flash loan ---");
-        console.log("KNC balance = %s", KNC.balanceOf(address(this)).pretty());
-        console.log("KNC  balance = %s", KNC.balanceOf(address(this)).pretty());
-
         // Simulate flashloan
         deal(WETH_addr, address(this), INITIAL_TOKEN0);
         deal(KNC_addr, address(this), INITIAL_TOKEN1);
 
         performFailedHack();
-
-        console.log("--- After flash loan ---");
-        console.log("Final WETH balance = %s", WETH.balanceOf(address(this)).pretty());
-        console.log("Final KNC  balance = %s", KNC.balanceOf(address(this)).pretty());
-
     }
 
     function performFailedHack() internal {
 
+        console.log("=================================================================");
+        console.log("Test demonstrating new contracts are NOT vulnerable to double-add");
+        console.log("=================================================================\n\n\n");
+
         Stats memory stats;
         uint256 marketPrice = token0InToken1(getSqrtP());
         logXwing();
         logPoolBalances("Initial ", marketPrice);
 
-        int256 initialToken0Balance = int256(uint256(getToken0Balance()));
-        int256 initialToken1Balance = int256(uint256(getToken1Balance()));
-
         int24 tickSpacing = ETH_KNC.tickDistance();
 
         stats.token1Spent = INITIAL_TOKEN1;
@@ -151,7 +142,10 @@ contract KyberswapTest is Test {
         }
 
         if ( getCurrentTick() != TARGET_TICK ) {
-            console.log("*** Double add of liquidity not possible *** ");
+            console.log("\n\n");
+            console.log("********************************************");
+            console.log("*** Double add of liquidity not possible ***");
+            console.log("********************************************");
         }
         require(getCurrentTick() == TARGET_TICK);
         }