From c09bc718c07e9f979a5adacd7e4c83bbb9866e17 Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Sun, 18 Jun 2023 12:14:26 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A5=A2=20Add=20`multi=5Fproof=5Fverify`?= =?UTF-8?q?=20Invariant=20Violation=20Test=20(#137)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gas-snapshot | 115 ++++++++++++----------- .github/workflows/checks.yml | 2 +- CHANGELOG.md | 15 ++- lib/solady | 2 +- test/utils/MerkleProofVerification.t.sol | 42 +++++++++ 5 files changed, 113 insertions(+), 63 deletions(-) diff --git a/.gas-snapshot b/.gas-snapshot index 680cc5e2..6a9cc6d7 100644 --- a/.gas-snapshot +++ b/.gas-snapshot @@ -59,8 +59,8 @@ BatchDistributorTest:testDistributeTokenMultipleAddressesSuccess() (gas: 640354) BatchDistributorTest:testDistributeTokenOneAddressSuccess() (gas: 602683) BatchDistributorTest:testDistributeTokenRevertWithInsufficientAllowance() (gas: 596641) BatchDistributorTest:testDistributeTokenRevertWithInsufficientBalance() (gas: 599203) -BatchDistributorTest:testFuzzDistributeEtherMultipleAddressesSuccess(((address,uint256)[]),uint256) (runs: 256, μ: 988508, ~: 926837) -BatchDistributorTest:testFuzzDistributeTokenMultipleAddressesSuccess(((address,uint256)[]),address,uint256) (runs: 256, μ: 1346875, ~: 1315349) +BatchDistributorTest:testFuzzDistributeEtherMultipleAddressesSuccess(((address,uint256)[]),uint256) (runs: 256, μ: 988880, ~: 925797) +BatchDistributorTest:testFuzzDistributeTokenMultipleAddressesSuccess(((address,uint256)[]),address,uint256) (runs: 256, μ: 1347272, ~: 1324156) Create2AddressTest:testComputeAddress() (gas: 573558) Create2AddressTest:testComputeAddressSelf() (gas: 581858) Create2AddressTest:testFuzzComputeAddress(bytes32,address) (runs: 256, μ: 574086, ~: 574086) @@ -86,26 +86,26 @@ CreateAddressTest:testComputeAddressSelfNonceUint56() (gas: 561665) CreateAddressTest:testComputeAddressSelfNonceUint64() (gas: 561760) CreateAddressTest:testComputeAddressSelfNonceUint8() (gas: 561410) CreateAddressTest:testComputeAddressSelfRevertTooHighNonce() (gas: 8799) -CreateAddressTest:testFuzzComputeAddressNonce0x7f(uint64,address) (runs: 256, μ: 560857, ~: 561013) -CreateAddressTest:testFuzzComputeAddressNonceUint16(uint64,address) (runs: 256, μ: 560350, ~: 560478) -CreateAddressTest:testFuzzComputeAddressNonceUint24(uint64,address) (runs: 256, μ: 560470, ~: 560582) -CreateAddressTest:testFuzzComputeAddressNonceUint32(uint64,address) (runs: 256, μ: 560461, ~: 560611) -CreateAddressTest:testFuzzComputeAddressNonceUint40(uint64,address) (runs: 256, μ: 560585, ~: 560681) -CreateAddressTest:testFuzzComputeAddressNonceUint48(uint64,address) (runs: 256, μ: 560586, ~: 560687) -CreateAddressTest:testFuzzComputeAddressNonceUint56(uint64,address) (runs: 256, μ: 560587, ~: 560694) -CreateAddressTest:testFuzzComputeAddressNonceUint64(uint64,address) (runs: 256, μ: 560575, ~: 560798) -CreateAddressTest:testFuzzComputeAddressNonceUint8(uint64,address) (runs: 256, μ: 560335, ~: 560456) -CreateAddressTest:testFuzzComputeAddressRevertTooHighNonce(uint256,address) (runs: 256, μ: 13331, ~: 13303) -CreateAddressTest:testFuzzComputeAddressSelfNonce0x7f(uint64) (runs: 256, μ: 566676, ~: 566807) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint16(uint64) (runs: 256, μ: 565999, ~: 566140) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint24(uint64) (runs: 256, μ: 566297, ~: 566407) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint32(uint64) (runs: 256, μ: 566307, ~: 566415) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint40(uint64) (runs: 256, μ: 566398, ~: 566486) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint48(uint64) (runs: 256, μ: 566359, ~: 566473) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint56(uint64) (runs: 256, μ: 566449, ~: 566543) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint64(uint64) (runs: 256, μ: 566482, ~: 566673) +CreateAddressTest:testFuzzComputeAddressNonce0x7f(uint64,address) (runs: 256, μ: 560838, ~: 561013) +CreateAddressTest:testFuzzComputeAddressNonceUint16(uint64,address) (runs: 256, μ: 560382, ~: 560627) +CreateAddressTest:testFuzzComputeAddressNonceUint24(uint64,address) (runs: 256, μ: 560469, ~: 560582) +CreateAddressTest:testFuzzComputeAddressNonceUint32(uint64,address) (runs: 256, μ: 560476, ~: 560611) +CreateAddressTest:testFuzzComputeAddressNonceUint40(uint64,address) (runs: 256, μ: 560583, ~: 560681) +CreateAddressTest:testFuzzComputeAddressNonceUint48(uint64,address) (runs: 256, μ: 560589, ~: 560687) +CreateAddressTest:testFuzzComputeAddressNonceUint56(uint64,address) (runs: 256, μ: 560576, ~: 560694) +CreateAddressTest:testFuzzComputeAddressNonceUint64(uint64,address) (runs: 256, μ: 560590, ~: 560798) +CreateAddressTest:testFuzzComputeAddressNonceUint8(uint64,address) (runs: 256, μ: 560352, ~: 560456) +CreateAddressTest:testFuzzComputeAddressRevertTooHighNonce(uint256,address) (runs: 256, μ: 13330, ~: 13303) +CreateAddressTest:testFuzzComputeAddressSelfNonce0x7f(uint64) (runs: 256, μ: 566671, ~: 566807) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint16(uint64) (runs: 256, μ: 566007, ~: 566140) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint24(uint64) (runs: 256, μ: 566304, ~: 566407) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint32(uint64) (runs: 256, μ: 566319, ~: 566415) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint40(uint64) (runs: 256, μ: 566400, ~: 566486) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint48(uint64) (runs: 256, μ: 566364, ~: 566473) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint56(uint64) (runs: 256, μ: 566450, ~: 566543) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint64(uint64) (runs: 256, μ: 566476, ~: 566673) CreateAddressTest:testFuzzComputeAddressSelfNonceUint8(uint64) (runs: 256, μ: 566014, ~: 566110) -CreateAddressTest:testFuzzComputeAddressSelfRevertTooHighNonce(uint256) (runs: 256, μ: 13149, ~: 13142) +CreateAddressTest:testFuzzComputeAddressSelfRevertTooHighNonce(uint256) (runs: 256, μ: 13155, ~: 13142) ECDSATest:testEthSignedMessageHash() (gas: 5852) ECDSATest:testFuzzEthSignedMessageHash(string) (runs: 256, μ: 6442, ~: 6444) ECDSATest:testFuzzRecoverWithInvalidSignature(bytes,string) (runs: 256, μ: 15157, ~: 15158) @@ -371,12 +371,12 @@ ERC4626VaultTest:testEmptyVaultDeposit() (gas: 565800) ERC4626VaultTest:testEmptyVaultMint() (gas: 567225) ERC4626VaultTest:testEmptyVaultRedeem() (gas: 203519) ERC4626VaultTest:testEmptyVaultwithdraw() (gas: 215354) -ERC4626VaultTest:testFail_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 566854, ~: 568420) -ERC4626VaultTest:testFail_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 568804, ~: 570226) -ERC4626VaultTest:testFuzzDomainSeparator(uint8) (runs: 256, μ: 11871, ~: 11892) -ERC4626VaultTest:testFuzzEIP712Domain(bytes1,uint8,bytes32,uint256[]) (runs: 256, μ: 20042, ~: 20005) -ERC4626VaultTest:testFuzzPermitInvalid(string,string,uint16) (runs: 256, μ: 45994, ~: 46020) -ERC4626VaultTest:testFuzzPermitSuccess(string,string,uint16) (runs: 256, μ: 71204, ~: 71235) +ERC4626VaultTest:testFail_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 566331, ~: 568420) +ERC4626VaultTest:testFail_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 568152, ~: 570226) +ERC4626VaultTest:testFuzzDomainSeparator(uint8) (runs: 256, μ: 11869, ~: 11892) +ERC4626VaultTest:testFuzzEIP712Domain(bytes1,uint8,bytes32,uint256[]) (runs: 256, μ: 20036, ~: 19999) +ERC4626VaultTest:testFuzzPermitInvalid(string,string,uint16) (runs: 256, μ: 45992, ~: 46020) +ERC4626VaultTest:testFuzzPermitSuccess(string,string,uint16) (runs: 256, μ: 71207, ~: 71235) ERC4626VaultTest:testInitialSetup() (gas: 5842913) ERC4626VaultTest:testMintWithNoApproval() (gas: 25329) ERC4626VaultTest:testMintZero() (gas: 40561) @@ -395,30 +395,30 @@ ERC4626VaultTest:testVaultInteractionsForSomeoneElse() (gas: 225963) ERC4626VaultTest:testWithdrawInsufficientAllowance() (gas: 124763) ERC4626VaultTest:testWithdrawInsufficientAssets() (gas: 120057) ERC4626VaultTest:testWithdrawWithNoAssets() (gas: 21937) -ERC4626VaultTest:test_RT_deposit_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 480778, ~: 484640) -ERC4626VaultTest:test_RT_deposit_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 483112, ~: 486299) -ERC4626VaultTest:test_RT_mint_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 480897, ~: 484734) -ERC4626VaultTest:test_RT_mint_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 482870, ~: 486372) -ERC4626VaultTest:test_RT_redeem_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 480888, ~: 484719) -ERC4626VaultTest:test_RT_redeem_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 481161, ~: 484841) -ERC4626VaultTest:test_RT_withdraw_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 483084, ~: 486599) -ERC4626VaultTest:test_RT_withdraw_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 483256, ~: 486793) -ERC4626VaultTest:test_asset((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 429657, ~: 435026) -ERC4626VaultTest:test_convertToAssets((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 436769, ~: 440614) -ERC4626VaultTest:test_convertToShares((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 435904, ~: 440359) -ERC4626VaultTest:test_deposit((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 478169, ~: 481905) -ERC4626VaultTest:test_maxDeposit((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 429983, ~: 435351) -ERC4626VaultTest:test_maxMint((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430045, ~: 435413) -ERC4626VaultTest:test_maxRedeem((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430271, ~: 435638) -ERC4626VaultTest:test_maxWithdraw((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 431802, ~: 437256) -ERC4626VaultTest:test_mint((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 478199, ~: 482119) -ERC4626VaultTest:test_previewDeposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 472907, ~: 476958) -ERC4626VaultTest:test_previewMint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473655, ~: 477293) -ERC4626VaultTest:test_previewRedeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475650, ~: 479263) -ERC4626VaultTest:test_previewWithdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 477214, ~: 480882) -ERC4626VaultTest:test_redeem((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 479593, ~: 483548) -ERC4626VaultTest:test_totalAssets((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430511, ~: 435877) -ERC4626VaultTest:test_withdraw((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 482589, ~: 485146) +ERC4626VaultTest:test_RT_deposit_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 480286, ~: 484566) +ERC4626VaultTest:test_RT_deposit_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 482634, ~: 486239) +ERC4626VaultTest:test_RT_mint_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 480458, ~: 484756) +ERC4626VaultTest:test_RT_mint_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 482673, ~: 486326) +ERC4626VaultTest:test_RT_redeem_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 481547, ~: 485024) +ERC4626VaultTest:test_RT_redeem_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 481727, ~: 485052) +ERC4626VaultTest:test_RT_withdraw_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 482356, ~: 486401) +ERC4626VaultTest:test_RT_withdraw_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 483300, ~: 486556) +ERC4626VaultTest:test_asset((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 429656, ~: 435042) +ERC4626VaultTest:test_convertToAssets((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 436337, ~: 440473) +ERC4626VaultTest:test_convertToShares((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 435379, ~: 440342) +ERC4626VaultTest:test_deposit((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 478541, ~: 481908) +ERC4626VaultTest:test_maxDeposit((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 429982, ~: 435366) +ERC4626VaultTest:test_maxMint((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430044, ~: 435429) +ERC4626VaultTest:test_maxRedeem((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430270, ~: 435654) +ERC4626VaultTest:test_maxWithdraw((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 431804, ~: 437240) +ERC4626VaultTest:test_mint((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 478632, ~: 482096) +ERC4626VaultTest:test_previewDeposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 472744, ~: 477031) +ERC4626VaultTest:test_previewMint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473443, ~: 477301) +ERC4626VaultTest:test_previewRedeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475360, ~: 479213) +ERC4626VaultTest:test_previewWithdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 477255, ~: 480973) +ERC4626VaultTest:test_redeem((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 479512, ~: 483525) +ERC4626VaultTest:test_totalAssets((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 430510, ~: 435893) +ERC4626VaultTest:test_withdraw((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 482401, ~: 485234) ERC721Invariants:invariantOwner() (runs: 256, calls: 3840, reverts: 3449) ERC721Invariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3449) ERC721Test:testApproveClearingApprovalWithNoPriorApproval() (gas: 178025) @@ -559,13 +559,14 @@ MathTest:testWadExp() (gas: 26657) MathTest:testWadExpOverflow() (gas: 10670) MathTest:testWadLn() (gas: 25780) MathTest:testWadLnNegativeValues() (gas: 10559) -MerkleProofVerificationTest:testFuzzMultiProofVerifySingleLeaf(bytes32[],uint256) (runs: 256, μ: 1649976913, ~: 1649973662) -MerkleProofVerificationTest:testFuzzVerify(bytes32[],uint256) (runs: 256, μ: 135975595, ~: 135972314) -MerkleProofVerificationTest:testFuzzVerifyMultiProofMultipleLeaves(bool,bool,bool) (runs: 256, μ: 412472434, ~: 412472367) +MerkleProofVerificationTest:testFuzzMultiProofVerifySingleLeaf(bytes32[],uint256) (runs: 256, μ: 1649976896, ~: 1649973650) +MerkleProofVerificationTest:testFuzzVerify(bytes32[],uint256) (runs: 256, μ: 135975578, ~: 135972302) +MerkleProofVerificationTest:testFuzzVerifyMultiProofMultipleLeaves(bool,bool,bool) (runs: 256, μ: 412472433, ~: 412472367) MerkleProofVerificationTest:testInvalidMerkleMultiProof() (gas: 412478445) MerkleProofVerificationTest:testInvalidMerkleProof() (gas: 33970386) MerkleProofVerificationTest:testInvalidMerkleProofLength() (gas: 33972544) MerkleProofVerificationTest:testInvalidMultiProof() (gas: 909634332) +MerkleProofVerificationTest:testMaliciousMultiProofVerify() (gas: 303217530) MerkleProofVerificationTest:testMultiProofEdgeCase1() (gas: 412458049) MerkleProofVerificationTest:testMultiProofEdgeCase2() (gas: 412458200) MerkleProofVerificationTest:testMultiProofVerify() (gas: 412482424) @@ -624,8 +625,8 @@ SignatureCheckerTest:testEOAWithInvalidSignature2() (gas: 20265) SignatureCheckerTest:testEOAWithInvalidSigner() (gas: 20498) SignatureCheckerTest:testEOAWithTooHighSValue() (gas: 17254) SignatureCheckerTest:testEOAWithValidSignature() (gas: 19597) -SignatureCheckerTest:testFuzzEIP1271WithInvalidSigner(string,string) (runs: 256, μ: 35944, ~: 35950) +SignatureCheckerTest:testFuzzEIP1271WithInvalidSigner(string,string) (runs: 256, μ: 35942, ~: 35947) SignatureCheckerTest:testFuzzEIP1271WithValidSignature(string) (runs: 256, μ: 34483, ~: 34485) SignatureCheckerTest:testFuzzEOAWithInvalidSignature(bytes,string) (runs: 256, μ: 16905, ~: 16900) -SignatureCheckerTest:testFuzzEOAWithInvalidSigner(string,string) (runs: 256, μ: 21581, ~: 21590) -SignatureCheckerTest:testFuzzEOAWithValidSignature(string,string) (runs: 256, μ: 20696, ~: 20705) \ No newline at end of file +SignatureCheckerTest:testFuzzEOAWithInvalidSigner(string,string) (runs: 256, μ: 21573, ~: 21579) +SignatureCheckerTest:testFuzzEOAWithValidSignature(string,string) (runs: 256, μ: 20688, ~: 20694) \ No newline at end of file diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 4c2cfe0d..440edfc6 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -104,4 +104,4 @@ jobs: awesome_bot ./*.md src/**/*.vy src/**/interfaces/*.vy \ test/**/*.sol test/**/interfaces/*.sol test/**/mocks/*.sol \ test/**/scripts/*.js scripts/*.py --allow-dupe --allow-redirect \ - --request-delay 0.4 --white-list https://www.wagmi.xyz + --request-delay 0.4 --white-list https://www.wagmi.xyz,https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.3,https://github.com/pcaversaccio/snekmate/blob/v0.0.3 diff --git a/CHANGELOG.md b/CHANGELOG.md index a718522d..9fa047ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # 🕓 Changelog +## [`0.0.3`](https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.3) (Unreleased) + +### 🥢 Test Coverage + +- **Utility Functions** + - [`MerkleProofVerificationTest`](https://github.com/pcaversaccio/snekmate/blob/v0.0.3/test/utils/MerkleProofVerification.t.sol): Add an additional test for a possible `multi_proof_verify` invariant violation. ([#137](https://github.com/pcaversaccio/snekmate/pull/137)) + ## [`0.0.2`](https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.2) (07-06-2023) ### 💥 New Features @@ -7,12 +14,12 @@ - **General** - All 🐍 snekmate contracts now contain an _Ethereum Natural Language Specification Format_ (NatSpec) `custom` field `@custom:contract-name`. The underlying rationale is that the block explorers plan to use `@custom:contract-name` as contract name and `@title` as fallback. ([#124](https://github.com/pcaversaccio/snekmate/pull/124)) - **Extensions** - - [`ERC4626`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/extensions/ERC4626.vy): Implements additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) + - [`ERC4626`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/extensions/ERC4626.vy): Implement additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) - **Tokens** - - [`ERC20`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/tokens/ERC20.vy): Implements additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) - - [`ERC721`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/tokens/ERC721.vy): Implements additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) + - [`ERC20`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/tokens/ERC20.vy): Implement additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) + - [`ERC721`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/tokens/ERC721.vy): Implement additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) - **Utility Functions** - - [`EIP712DomainSeparator`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/EIP712DomainSeparator.vy): Implements additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) + - [`EIP712DomainSeparator`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/EIP712DomainSeparator.vy): Implement additionally the interface [`IERC5267`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/interfaces/IERC5267.vy). ([#129](https://github.com/pcaversaccio/snekmate/pull/129)) - [`Math`](https://github.com/pcaversaccio/snekmate/blob/v0.0.2/src/utils/Math.vy): Add `wad_ln` and `wad_exp` to the standard mathematical utility functions. ([#91](https://github.com/pcaversaccio/snekmate/pull/91)) ### ♻️ Refactoring diff --git a/lib/solady b/lib/solady index 37b4fd04..50cbe190 160000 --- a/lib/solady +++ b/lib/solady @@ -1 +1 @@ -Subproject commit 37b4fd04dd82977eb0161839389187abb7afdb58 +Subproject commit 50cbe1909e773b7e4ba76049c75a203e626d55ba diff --git a/test/utils/MerkleProofVerification.t.sol b/test/utils/MerkleProofVerification.t.sol index 12cf7ea9..9a2a60ac 100644 --- a/test/utils/MerkleProofVerification.t.sol +++ b/test/utils/MerkleProofVerification.t.sol @@ -442,6 +442,48 @@ contract MerkleProofVerificationTest is Test { ); } + /** + * @notice This is a unit test linked to OpenZeppelin's security advisory: + * https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wprv-93r4-jj2p. + * Note that Snekmate's implementation is not vulnerable by design, + * as you cannot consume out-of-bound hashes in Vyper. For further + * insights also, see the following Twitter thread: + * https://twitter.com/0xDACA/status/1669846430528286722. + */ + function testMaliciousMultiProofVerify() public { + /** + * @dev Create a Merkle tree that contains a zero leaf at depth 1. + */ + bytes32[] memory leaves = new bytes32[](2); + leaves[0] = keccak256(abi.encode("real leaf")); + leaves[1] = bytes32(0); + bytes32 root = merkleGenerator.hashLeafPairs(leaves[0], leaves[1]); + + bytes32[] memory maliciousLeaves = new bytes32[](2); + maliciousLeaves[0] = keccak256(abi.encode("malicious")); + maliciousLeaves[1] = keccak256(abi.encode("leaves")); + + /** + * @dev Now we can pass any malicious fake leaves as valid. + */ + bytes32[] memory maliciousProof = new bytes32[](2); + maliciousProof[0] = leaves[0]; + maliciousProof[1] = leaves[0]; + + bool[] memory maliciousProofFlags = new bool[](3); + maliciousProofFlags[0] = true; + maliciousProofFlags[1] = true; + maliciousProofFlags[2] = false; + + vm.expectRevert(); + merkleProofVerification.multi_proof_verify( + maliciousProof, + maliciousProofFlags, + root, + maliciousLeaves + ); + } + function testInvalidMultiProof() public { string[] memory cmdsCorrectRoot = new string[](2); cmdsCorrectRoot[0] = "node";