BlockheaderWeb3-Community · deborahamoni0-prog · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026 · Apr 13, 2026
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,38 @@
+name: CI
+
+permissions: {}
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    name: Foundry project
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Show Forge version
+        run: forge --version
+
+      - name: Run Forge fmt
+        run: forge fmt --check
+
+      - name: Run Forge build
+        run: forge build --sizes
+
+      - name: Run Forge tests
+        run: forge test -vvv
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
diff --git a/13-04-26-test/.github/workflows/test.yml b/13-04-26-test/.github/workflows/test.yml
@@ -0,0 +1,38 @@
+name: CI
+
+permissions: {}
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    name: Foundry project
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Show Forge version
+        run: forge --version
+
+      - name: Run Forge fmt
+        run: forge fmt --check
+
+      - name: Run Forge build
+        run: forge build --sizes
+
+      - name: Run Forge tests
+        run: forge test -vvv
diff --git a/13-04-26-test/.gitignore b/13-04-26-test/.gitignore
@@ -0,0 +1,14 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env
diff --git a/13-04-26-test/.gitmodules b/13-04-26-test/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
diff --git a/13-04-26-test/README.md b/13-04-26-test/README.md
@@ -0,0 +1,66 @@
+## Foundry
+
+**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.**
+
+Foundry consists of:
+
+- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools).
+- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data.
+- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network.
+- **Chisel**: Fast, utilitarian, and verbose solidity REPL.
+
+## Documentation
+
+https://book.getfoundry.sh/
+
+## Usage
+
+### Build
+
+```shell
+$ forge build
+```
+
+### Test
+
+```shell
+$ forge test
+```
+
+### Format
+
+```shell
+$ forge fmt
+```
+
+### Gas Snapshots
+
+```shell
+$ forge snapshot
+```
+
+### Anvil
+
+```shell
+$ anvil
+```
+
+### Deploy
+
+```shell
+$ forge script script/Counter.s.sol:CounterScript --rpc-url <your_rpc_url> --private-key <your_private_key>
+```
+
+### Cast
+
+```shell
+$ cast <subcommand>
+```
+
+### Help
+
+```shell
+$ forge --help
+$ anvil --help
+$ cast --help
+```
diff --git a/13-04-26-test/README.md2 b/13-04-26-test/README.md2
@@ -0,0 +1,8 @@
+## the vulnerability in the smart contract is a reentrancy attack. 
+## An attacker can exploit this contact by calling another function that calls the withdraw function again before the first call is completed.
+## This can result in the attacker draining the contract's balance.
+
+## To fix this vulnerability, we use the Checks-Effects-Interactions pattern.
+## This pattern involves separating the state changes (checks and effects) from the external interactions.you do this by updating the balance first before the user withdraws the or receives the money
+## By doing this, you can ensure that the state changes are completed before any external interactions are made.
+
diff --git a/13-04-26-test/foundry.lock b/13-04-26-test/foundry.lock
@@ -0,0 +1,8 @@
+{
+  "lib/forge-std": {
+    "tag": {
+      "name": "v1.15.0",
+      "rev": "0844d7e1fc5e60d77b68e469bff60265f236c398"
+    }
+  }
+}
diff --git a/13-04-26-test/foundry.toml b/13-04-26-test/foundry.toml
@@ -0,0 +1,6 @@
+[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+
+# See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options
diff --git a/13-04-26-test/script/Counter.s.sol b/13-04-26-test/script/Counter.s.sol
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import {Script} from "forge-std/Script.sol";
+import {Counter} from "../src/Counter.sol";
+
+contract CounterScript is Script {
+    Counter public counter;
+
+    function setUp() public {}
+
+    function run() public {
+        vm.startBroadcast();
+
+        counter = new Counter();
+
+        vm.stopBroadcast();
+    }
+}
diff --git a/13-04-26-test/src/Counter.sol b/13-04-26-test/src/Counter.sol
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+contract Counter {
+    uint256 public number;
+
+    function setNumber(uint256 newNumber) public {
+        number = newNumber;
+    }
+
+    function increment() public {
+        number++;
+    }
+}
diff --git a/13-04-26-test/src/attack.sol b/13-04-26-test/src/attack.sol
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.31;
+
+
+contract Attack {
+    address public target;
+
+    constructor(address _target) {
+        target = _target;
+
+    }
+
+    function attack () public payable {
+        require(msg.value >= 1 ether, "send at least 1 ether to attack");
+        (bool success,) = target.call{value: msg.value}("");
+        require(success, "attack failed");
+
+    }
+       function withdrawFunds () external {
+        require(msg.sender == address(this), "only the attack contract can withdraw funds");
+        payable(msg.sender).transfer(address(this).balance);
+    }
+}
+
+
diff --git a/13-04-26-test/src/test.sol b/13-04-26-test/src/test.sol
@@ -0,0 +1,31 @@
+//SPDX Licensense Identifier: MIT
+pragma solidity ^0.8.31;
+
+contract Test {
+mapping(address => uint256) public balances;
+
+function deposit() public payable {
+    balances[msg.sender] += msg.value;
+}
+
+// function withdraw(uint256 amount) public {
+//     require(balances[msg.sender] >= amount, "Insufficient balance");
+
+//     (bool success, ) = msg.sender.call{value: amount}("");
+//     require(success, "Transfer failed");
+
+//     balances[msg.sender] -= amount;
+//}
+
+
+//fix withdraw functions
+function withdraw(uint256 amount) public {
+    require(balances[msg.sender] >= amount, "Insufficient balance");
+
+    balances[msg.sender] -= amount;
+
+    (bool success, ) = msg.sender.call{value: amount}("");
+    require(success, "Transfer failed");
+
+}
+}
diff --git a/13-04-26-test/test/Counter.t.sol b/13-04-26-test/test/Counter.t.sol
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import {Test} from "forge-std/Test.sol";
+import {Counter} from "../src/Counter.sol";
+
+contract CounterTest is Test {
+    Counter public counter;
+
+    function setUp() public {
+        counter = new Counter();
+        counter.setNumber(0);
+    }
+
+    function test_Increment() public {
+        counter.increment();
+        assertEq(counter.number(), 1);
+    }
+
+    function testFuzz_SetNumber(uint256 x) public {
+        counter.setNumber(x);
+        assertEq(counter.number(), x);
+    }
+}
diff --git a/13-04-26-test/test/attack.t.sol b/13-04-26-test/test/attack.t.sol
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import {Test} from "forge-std/Test.sol";
+import {Attack} from "../src/attack.sol";
+contract AttackTest is Test {
+    Attack public attack;
+
+    function setUp() public {
+        attack = new Attack(address(this)); 
+           vm.deal(address(attack), 10 ether);
+    }
+
+    function test_Attack() public {
+        attack.attack{value: 1 ether}();
+        vm.startPrank(address(attack));
+        assertEq(address(this).balance, 0);
+        assertGt(address(attack).balance, 1 ether);
+        vm.stopPrank();
+
+
+    }
+
+    fuction test_WithdrawFunds() public {
+        attack.attack{value: 1 ether}();
+        vm.startPrank(address(attack));
+        attack.withdrawFunds();
+        assertEq(address(this).balance, 1 ether);
+        assertEq(address(attack).balance, 0);
+        vm.stopPrank();
+    }
+
+}
diff --git a/13-04-26-test/test/test.t.sol b/13-04-26-test/test/test.t.sol
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import {Test} from "forge-std/Test.sol";
+import {test} from "../src/test.sol";
+
+contract testTest is Test {
+    test public t;
+
+    function setUp() public {
+        test = new test();
+    }
+
+    function test_Deposit() public {
+        test.deposit{value: 1 ether}();
+        assertEq(test.balances(address(this)), 1 ether);
+    }
+
+    function test_Withdraw() public {
+        test.deposit{value: 1 ether}();
+        test.withdraw(0.5 ether);
+        assertEq(test.balances(address(this)), 0.5 ether);
+    }
+
+}
diff --git a/13-defistaking/.gitignore b/13-defistaking/.gitignore
@@ -0,0 +1,20 @@
+# Node modules
+/node_modules
+
+# Compilation output
+/dist
+
+# pnpm deploy output
+/bundle
+
+# Hardhat Build Artifacts
+/artifacts
+
+# Hardhat compilation (v2) support directory
+/cache
+
+# Typechain output
+/types
+
+# Hardhat coverage reports
+/coverage