Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Test to Validate Mitigation of Unauthorized Bounty Claim #5

Merged
merged 8 commits into from
Mar 9, 2024
Merged

Add Test to Validate Mitigation of Unauthorized Bounty Claim #5

Changes from 7 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
66948a7
added test to check for bounty using another pauser payer
JordanCason Mar 9, 2024
cc047a2
Update test/HoneyPause.t.sol
JordanCason Mar 9, 2024
1efee10
Update test/HoneyPause.t.sol
JordanCason Mar 9, 2024
24aaece
fix some small nits
JordanCason Mar 9, 2024
b1646ec
quick nit fix
JordanCason Mar 9, 2024
43bd9f0
Update test/HoneyPause.t.sol
JordanCason Mar 9, 2024
343a739
fixed conflict
JordanCason Mar 9, 2024
9e3d5d8
updated revert messages
JordanCason Mar 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 72 additions & 1 deletion test/HoneyPause.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,52 @@ contract HoneyPauseTest is Test {
assertEq(honey.verifyBountyCanPay(bountyId, RECEIVER), false);
}

function test_bountyCannotUseAnotherBountyPauserPayer() external {
MockPauser mockPauser = new MockPauser();
MockPayer mockPayer = new MockPayer();

testToken.mint(address(mockPayer), 100 ether);
JordanCason marked this conversation as resolved.
Show resolved Hide resolved
uint256 bountyAmount = 1 ether;

// Create legitimate and a fake bounty with the mock contracts.
uint256 legitimateBountyId = honey.add(
"Legitimate",
testToken,
bountyAmount,
new TestVerifier(),
mockPauser,
mockPayer,
address(this)
);

uint256 fakeBountyId = honey.add(
"ExploitTest",
testToken,
bountyAmount,
new TestVerifier(),
mockPauser,
mockPayer,
address(this)
);

IExploiter exploiter = new TestExploiter();

// Set the valid bountyId in mock contracts to the legitimate bountyId.
mockPauser.setValidBountyId(legitimateBountyId);
mockPayer.setValidBountyId(legitimateBountyId);

// Test that the pauser receives the correct bountyId and reverts against the fake bountyId.
vm.expectRevert("Unauthorized bountyId");
honey.claim(fakeBountyId, payable(address(this)), exploiter, "", "");

// Temporarily allow pausing for the fake bounty to test payer logic.
mockPauser.setValidBountyId(fakeBountyId);

// Test that the payer also correctly identifies and reverts against fake bountyId claims.
vm.expectRevert("Unauthorized bountyId");
JordanCason marked this conversation as resolved.
Show resolved Hide resolved
honey.claim(fakeBountyId, payable(address(this)), exploiter, "", "");
}

function _addTestBounty()
private returns (uint256 bountyId)
{
Expand Down Expand Up @@ -544,6 +590,31 @@ contract HoneyPauseTest is Test {
}
}

contract MockPauser is IPauser {
uint256 private validBountyId;

function setValidBountyId(uint256 validBountyId_) external {
validBountyId = validBountyId_;
}

function pause(uint256 bountyId) external view {
require(bountyId == validBountyId, "Unauthorized bountyId");
}
}

contract MockPayer is IPayer {
uint256 private validBountyId;

function setValidBountyId(uint256 validBountyId_) external {
validBountyId = validBountyId_;
}

function payExploiter(uint256 bountyId, ERC20 token, address payable to, uint256 amount) external override {
require(bountyId == validBountyId, "Unauthorized bountyId");
token.transfer(to, amount);
}
}

contract TestExploiter is IExploiter {
event ExploitCalled(bytes exploiterData);

Expand Down Expand Up @@ -673,4 +744,4 @@ contract TestHoneyPause is HoneyPause {
) external pure {
_validateBountyConfig({ operator: operator, pauser: pauser, verifier: verifier, payer: payer });
}
}
}