test: copy attackerAllowedModules test case

defi-wonderland · Sep 25, 2024 · 4e155a2 · 4e155a2
1 parent c92c1e6
commit 4e155a2
Showing 1 changed file with 50 additions and 0 deletions.
diff --git a/solidity/test/integration/BondEscalation.t.sol b/solidity/test/integration/BondEscalation.t.sol
@@ -478,6 +478,56 @@ contract Integration_BondEscalation is IntegrationBase {
     ////////////////// NEW MALICIOUS REQUEST ////////////////////////
 
     address _attacker = makeAddr('attacker');
+    mockRequest.nonce += 1;
+    mockRequest.requester = _attacker;
+    mockRequest.disputeModule = _attacker;
+    mockRequest.requestModuleData = abi.encode(
+      IHttpRequestModule.RequestParameters({
+        url: _expectedUrl,
+        body: _expectedBody,
+        method: _expectedMethod,
+        accountingExtension: _bondEscalationAccounting,
+        paymentToken: usdc,
+        paymentAmount: 0
+      })
+    );
+
+    vm.startPrank(_attacker);
+    // Create a new proposal with another dispute module
+    _bondEscalationAccounting.approveModule(mockRequest.requestModule);
+
+    vm.expectRevert(IBondEscalationAccounting.BondEscalationAccounting_UnauthorizedCaller.selector);
+    _bondEscalationAccounting.releasePledge(mockRequest, mockDispute, _attacker, usdc, _pledgeSize * 4);
+    vm.stopPrank();
+  }
+
+  function test_authorizedAttackerAllowedModules() public {
+    ////////////////// DISPUTE ESCALATION ////////////////////////
+    // Step 1: Proposer pledges against the dispute
+    _deposit(_bondEscalationAccounting, proposer, usdc, _pledgeSize);
+    vm.prank(proposer);
+    _bondEscalationModule.pledgeAgainstDispute(mockRequest, mockDispute);
+
+    // Step 2: Disputer doubles down
+    _deposit(_bondEscalationAccounting, disputer, usdc, _pledgeSize);
+    vm.prank(disputer);
+    _bondEscalationModule.pledgeForDispute(mockRequest, mockDispute);
+
+    // Step 3: Proposer doubles down
+    _deposit(_bondEscalationAccounting, proposer, usdc, _pledgeSize);
+    vm.prank(proposer);
+    _bondEscalationModule.pledgeAgainstDispute(mockRequest, mockDispute);
+
+    // Step 4: Disputer runs out of capital
+    // Step 5: The tying buffer kicks in
+    vm.warp(_bondEscalationDeadline + 1);
+
+    // Step 6: An external party sees that Proposer's response is incorrect, so they bond the required WETH
+    _deposit(_bondEscalationAccounting, _secondDisputer, usdc, _pledgeSize);
+    vm.prank(_secondDisputer);
+    _bondEscalationModule.pledgeForDispute(mockRequest, mockDispute);
+
+    ////////////////// NEW MALICIOUS REQUEST ////////////////////////
 
     mockRequest.nonce += 1;
     mockRequest.requester = _attacker;