BlockheaderWeb3-Community · Olorunshogo · Mar 2, 2026 · Mar 2, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,6 @@ Thumbs.db
 .idea/
 *.swp
 *.swo
+
+
+lib/
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "assignments/foundry-test-assignment/lib/openzeppelin-contracts"]
+	path = assignments/foundry-test-assignment/lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts
diff --git a/13-04-26-test/assessment1/README.md b/13-04-26-test/assessment1/README.md
@@ -0,0 +1,66 @@
+## Foundry
+
+**Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.**
+
+Foundry consists of:
+
+- **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools).
+- **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data.
+- **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network.
+- **Chisel**: Fast, utilitarian, and verbose solidity REPL.
+
+## Documentation
+
+https://book.getfoundry.sh/
+
+## Usage
+
+### Build
+
+```shell
+$ forge build
+```
+
+### Test
+
+```shell
+$ forge test
+```
+
+### Format
+
+```shell
+$ forge fmt
+```
+
+### Gas Snapshots
+
+```shell
+$ forge snapshot
+```
+
+### Anvil
+
+```shell
+$ anvil
+```
+
+### Deploy
+
+```shell
+$ forge script script/Counter.s.sol:CounterScript --rpc-url <your_rpc_url> --private-key <your_private_key>
+```
+
+### Cast
+
+```shell
+$ cast <subcommand>
+```
+
+### Help
+
+```shell
+$ forge --help
+$ anvil --help
+$ cast --help
+```
diff --git a/13-04-26-test/assessment1/foundry.toml b/13-04-26-test/assessment1/foundry.toml
@@ -0,0 +1,6 @@
+[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+
+# See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options
diff --git a/13-04-26-test/assessment1/src/AssessmentContract.sol b/13-04-26-test/assessment1/src/AssessmentContract.sol
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
+// === Vulnerable Contract
+contract VulnerableContract {
+  mapping(address => uint256) public balances;
+
+  function deposit() public payable {
+    balances[msg.sender] += msg.value;
+  }
+
+  function withdraw(uint256 amount) public {
+    require(balances[msg.sender] >= amount, 'Insufficient balance');
+
+    (bool success, ) = msg.sender.call{value: amount}('');
+    require(success, 'Transfer failed');
+
+    unchecked {
+      balances[msg.sender] -= amount;
+    }
+  }
+}
+
+// === Attacker Contract
+contract AttackerContract {
+  VulnerableContract public vulnerableContract;
+
+  constructor(address _vulnerableContractAddress) {
+    vulnerableContract = VulnerableContract(_vulnerableContractAddress);
+  }
+
+  // === This is called when the contract receives ether
+  receive() external payable {
+    if (address(vulnerableContract).balance >= 1 ether) {
+      vulnerableContract.withdraw(1 ether);
+    }
+  }
+
+  function exploit() external payable {
+    require(msg.value >= 1 ether);
+    vulnerableContract.deposit{value: 1 ether}();
+    vulnerableContract.withdraw(1 ether);
+  }
+}
+
+contract ReentrancyGuard {
+  bool internal _notInteracted = true;
+
+  modifier nonReentrant() {
+    require(_notInteracted, 'ReentrancyGuard: reentrant call');
+    _notInteracted = false;
+    _;
+    _notInteracted = true;
+  }
+}
+
+contract FixedContract is ReentrancyGuard {
+  mapping(address => uint256) public balances;
+
+  function deposit() external payable nonReentrant {
+    balances[msg.sender] += msg.value;
+  }
+
+  function withdraw(uint256 amount) external nonReentrant {
+    require(balances[msg.sender] >= amount, 'Insufficient balance');
+
+    balances[msg.sender] -= amount;
+
+    (bool success, ) = msg.sender.call{value: amount}('');
+    require(success, 'Transfer failed');
+  }
+}
diff --git a/13-04-26-test/assessment1/test/Assessment.t.sol b/13-04-26-test/assessment1/test/Assessment.t.sol
@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.28;
+
+import {Test} from 'forge-std/Test.sol';
+import '../src/AssessmentContract.sol';
+import {console} from "forge-std/console.sol";
+
+contract AssessmentTest is Test {
+  VulnerableContract public vulnerableContract;
+  AttackerContract public attackerContract;
+  FixedContract public fixedContract;
+
+  address owner = makeAddr('owner');
+  address attacker = makeAddr('attacker');
+  address user = makeAddr('user');
+
+  function setUp() public {
+    vulnerableContract = new VulnerableContract();
+    fixedContract = new FixedContract();
+    attackerContract = new AttackerContract(address(vulnerableContract));
+
+    vm.deal(owner, 10 ether);
+    vm.deal(attacker, 2 ether);
+    vm.deal(user, 2 ether);
+  }
+
+  // === Basic Deployment Tests
+  function test_IfDeploymentInitialBalanceIsZero() public view {
+    assertEq(vulnerableContract.balances(owner), 0);
+  }
+
+  function test_DepositWillUpdateBalance() public {
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 1 ether}();
+    assertEq(vulnerableContract.balances(owner), 1 ether);
+  }
+
+  function test_WithdrawWillReduceBalance() public {
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 1 ether}();
+
+    vm.prank(owner);
+    vulnerableContract.withdraw(1 ether);
+
+    assertEq(vulnerableContract.balances(owner), 0);
+  }
+
+  function test_WithdrawRevertsIfInsufficientBalance() public {
+    vm.prank(owner);
+    vm.expectRevert('Insufficient balance');
+    vulnerableContract.withdraw(1 ether);
+  }
+
+  // === Reentrancy attack
+  function test_ReentrancyAttackToDrainVulnerableContract() public {
+    vm.prank(owner);
+    vulnerableContract.deposit{value: 5 ether}();
+
+    uint256 contractInitialBalance = address(vulnerableContract).balance;
+    console.log("Vulnerable Contract Initial Balance: ", contractInitialBalance);
+    uint256 attackerInitialBalance = address(attackerContract).balance;
+    console.log("Attacker Initial Balance: ", attackerInitialBalance);
+
+    vm.prank(attacker);
+    attackerContract.exploit{value: 1 ether}();
+
+    uint256 contractFinalBalance = address(vulnerableContract).balance;
+    console.log("Vulnerable Contract Final Balance: ", contractFinalBalance);
+    uint256 attackerFinalBalance = address(attackerContract).balance;
+    console.log("Attacker final balance: ", attackerFinalBalance);
+
+    assertGt(
+      address(attackerContract).balance,
+      attackerInitialBalance + 1 ether,
+      "Attacker should have drained extra ETH"
+    );
+    assertLt(
+      address(vulnerableContract).balance,
+      contractInitialBalance,
+      "Vulnerable contract should have lost ETH"
+    );
+  }
+
+  // === Fixed Contract Tests
+  function test_IfFixedDeploymentInitialBalanceIsZero() public view {
+    assertEq(vulnerableContract.balances(owner), 0);
+  }
+
+  function test_FixedDepositWillUpdateBalance() public {
+    vm.prank(user);
+    fixedContract.deposit{value: 1 ether}();
+    assertEq(fixedContract.balances(user), 1 ether);
+  }
+
+  function testFixedWithdrawWillReduceBalance() public {
+    vm.prank(user);
+    fixedContract.deposit{value: 1 ether}();
+
+    vm.prank(user);
+    fixedContract.withdraw(1 ether);
+
+    assertEq(fixedContract.balances(user), 0);
+  }
+
+  function testFixedWithdrawRevertsIfInsufficientBalance() public {
+    vm.prank(user);
+    vm.expectRevert('Insufficient balance');
+    fixedContract.withdraw(1 ether);
+  }
+}
diff --git a/assignments/Olorunshogo.md b/assignments/Olorunshogo.md
@@ -0,0 +1,5 @@
+
+1. [Link to the upgradeable contracts using both open zeppelin and the diamond](https://github.com/Olorunshogo/UpgradeableContract)
+
+
+2. [Link to the article](https://medium.com/@shownzy001/upgradeable-contracts-b4d8c5c3d61e)
diff --git a/assignments/foundry-test-assignment/.github/workflows/test.yml b/assignments/foundry-test-assignment/.github/workflows/test.yml
@@ -0,0 +1,38 @@
+name: CI
+
+permissions: {}
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    name: Foundry project
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Show Forge version
+        run: forge --version
+
+      - name: Run Forge fmt
+        run: forge fmt --check
+
+      - name: Run Forge build
+        run: forge build --sizes
+
+      - name: Run Forge tests
+        run: forge test -vvv
diff --git a/assignments/foundry-test-assignment/.gitignore b/assignments/foundry-test-assignment/.gitignore
@@ -0,0 +1,17 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env
+
+
+lib/
diff --git a/assignments/foundry-test-assignment/.gitmodules b/assignments/foundry-test-assignment/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,3 +22,6 @@ Thumbs.db @@
     .idea/
     *.swp
     *.swo
+    lib/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,5 @@

		1. [Link to the upgradeable contracts using both open zeppelin and the diamond](https://github.com/Olorunshogo/UpgradeableContract)


		2. [Link to the article](https://medium.com/@shownzy001/upgradeable-contracts-b4d8c5c3d61e)