test: add authorized attacker test

Extract request and escalation setup.
defi-wonderland · Sep 24, 2024 · 0aac1a0 · 0aac1a0
1 parent cf6d1de
commit 0aac1a0
Showing 1 changed file with 60 additions and 9 deletions.
diff --git a/solidity/test/integration/BondEscalation.t.sol b/solidity/test/integration/BondEscalation.t.sol
@@ -25,6 +25,11 @@ contract Integration_BondEscalation is IntegrationBase {
     _expectedDeadline = block.timestamp + 10 days;
     _bondEscalationDeadline = block.timestamp + 5 days;
 
+    setUpRequest();
+    setUpEscalation();
+  }
+
+  function setUpRequest() public {
     mockRequest.requestModuleData = abi.encode(
       IHttpRequestModule.RequestParameters({
         url: _expectedUrl,
@@ -59,9 +64,12 @@ contract Integration_BondEscalation is IntegrationBase {
     );
 
     mockRequest.disputeModule = address(_bondEscalationModule);
+    mockRequest.nonce = uint96(oracle.totalRequestCount());
 
     _resetMockIds();
+  }
 
+  function setUpEscalation() public {
     // Set up all approvals
     vm.prank(requester);
     _bondEscalationAccounting.approveModule(address(_requestModule));
@@ -75,15 +83,6 @@ contract Integration_BondEscalation is IntegrationBase {
     vm.prank(proposer);
     _bondEscalationAccounting.approveModule(address(_bondEscalationModule));
 
-    vm.prank(_secondProposer);
-    _bondEscalationAccounting.approveModule(address(_responseModule));
-
-    vm.prank(_thirdProposer);
-    _bondEscalationAccounting.approveModule(address(_responseModule));
-
-    vm.prank(_secondDisputer);
-    _bondEscalationAccounting.approveModule(address(_bondEscalationModule));
-
     // Requester creates a request
     _deposit(_bondEscalationAccounting, requester, usdc, _expectedReward);
     vm.prank(requester);
@@ -161,6 +160,12 @@ contract Integration_BondEscalation is IntegrationBase {
   }
 
   function test_proposerLoses() public {
+    vm.prank(_secondProposer);
+    _bondEscalationAccounting.approveModule(address(_responseModule));
+
+    vm.prank(_thirdProposer);
+    _bondEscalationAccounting.approveModule(address(_responseModule));
+
     // Step 1: Proposer pledges against the dispute
     _deposit(_bondEscalationAccounting, proposer, usdc, _pledgeSize);
     vm.prank(proposer);
@@ -314,6 +319,12 @@ contract Integration_BondEscalation is IntegrationBase {
   }
 
   function test_bondEscalationTied() public {
+    vm.prank(_secondDisputer);
+    _bondEscalationAccounting.approveModule(address(_bondEscalationModule));
+
+    vm.prank(_secondProposer);
+    _bondEscalationAccounting.approveModule(address(_responseModule));
+
     // Step 1: Proposer pledges against the dispute
     _deposit(_bondEscalationAccounting, proposer, usdc, _pledgeSize);
     vm.prank(proposer);
@@ -443,6 +454,9 @@ contract Integration_BondEscalation is IntegrationBase {
   }
 
   function test_attackerAllowedModules() public {
+    vm.prank(_secondDisputer);
+    _bondEscalationAccounting.approveModule(address(_bondEscalationModule));
+
     ////////////////// DISPUTE ESCALATION ////////////////////////
     // Step 1: Proposer pledges against the dispute
     _deposit(_bondEscalationAccounting, proposer, usdc, _pledgeSize);
@@ -495,6 +509,43 @@ contract Integration_BondEscalation is IntegrationBase {
 
     vm.expectRevert(IBondEscalationAccounting.BondEscalationAccounting_UnauthorizedCaller.selector);
     _bondEscalationAccounting.releasePledge(mockRequest, mockDispute, _attacker, usdc, _pledgeSize * 4);
+
     vm.stopPrank();
   }
+
+  function test_authorizedAttackerAllowedModules() public {
+    address _attacker = makeAddr('attacker');
+
+    // redeploy BondEscalationAccounting authorizing the attacker
+    address[] memory _authorizedCallers = new address[](3);
+    _authorizedCallers[0] = address(_bondEscalationModule);
+    _authorizedCallers[1] = _attacker;
+    _bondEscalationAccounting = new BondEscalationAccounting(oracle, _authorizedCallers);
+
+    label(address(_bondEscalationAccounting), 'BondEscalationModule');
+
+    setUpRequest();
+    setUpEscalation();
+
+    ////////////////// NEW MALICIOUS REQUEST ////////////////////////
+
+    mockRequest.nonce += 1;
+    mockRequest.requester = _attacker;
+    mockRequest.disputeModule = _attacker;
+    // configure 0 usdc reward request
+    mockRequest.requestModuleData = abi.encode(
+      IHttpRequestModule.RequestParameters({
+        url: _expectedUrl,
+        body: _expectedBody,
+        method: _expectedMethod,
+        accountingExtension: _bondEscalationAccounting,
+        paymentToken: usdc,
+        paymentAmount: 0
+      })
+    );
+
+    vm.expectRevert(ValidatorLib.ValidatorLib_InvalidDisputeBody.selector);
+    vm.prank(_attacker);
+    _bondEscalationAccounting.releasePledge(mockRequest, mockDispute, _attacker, usdc, _pledgeSize);
+  }
 }