Merge pull request #104 from perpetual-protocol/immunefi-34300

add invalid withdraw test
perpetual-protocol · Aug 12, 2024 · f0cb25b · f0cb25b
2 parents a875876 + 58020fc
commit f0cb25b
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 2 deletions.
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -124,8 +124,12 @@ jobs:
               run: npm run foundry-build-uniswap
 
             - name: Run tests
+              env:
+                OPTIMISM_WEB3_ENDPOINT_ARCHIVE: ${{ vars.OPTIMISM_WEB3_ENDPOINT_ARCHIVE }} # For fork tests
               run: npm run foundry-test
 
             - name: Run snapshot
+              env:
+                OPTIMISM_WEB3_ENDPOINT_ARCHIVE: ${{ vars.OPTIMISM_WEB3_ENDPOINT_ARCHIVE }} # For fork tests
               run: forge snapshot
 
diff --git a/foundry.toml b/foundry.toml
@@ -7,4 +7,16 @@ cache_path = 'forge-cache'
 no_match_path = 'contracts/test/*'
 fs_permissions = [{ access = "read", path = "./out"}]
 
-# See more config options https://github.com/foundry-rs/foundry/tree/master/config
+# It's to solve vm.getCode is failed due to "No matching artifact found" error.
+# https://github.com/foundry-rs/foundry/issues/7569#issuecomment-2040694197
+unchecked_cheatcode_artifacts = true
+
+# In some foundry tests are failed due to outOfGas.
+gas_limit = "18446744073709551615"
+
+# See more config options https://github.com/foundry-rs/foundry/tree/master/config
+
+[rpc_endpoints]
+# All available network keywords:
+# https://github.com/foundry-rs/forge-std/blob/ff4bf7db008d096ea5a657f2c20516182252a3ed/src/StdCheats.sol#L255-L271
+optimism = "${OPTIMISM_WEB3_ENDPOINT_ARCHIVE}"
diff --git a/lib/forge-std b/lib/forge-std
diff --git a/test/foundry/base/SafeOwnable.t.sol b/test/foundry/base/SafeOwnable.t.sol
@@ -1,4 +1,5 @@
 pragma solidity 0.7.6;
+pragma abicoder v2;
 
 import "../../../contracts/base/SafeOwnable.sol";
 import "../interface/ISafeOwnableEvent.sol";

diff --git a/test/foundry/helper/Constant.sol b/test/foundry/helper/Constant.sol
@@ -1,4 +1,5 @@
 pragma solidity 0.7.6;
+pragma abicoder v2;
 
 import "forge-std/Test.sol";
 

diff --git a/test/foundry/immunefi/34300.InvalidWithdrawal.t.sol b/test/foundry/immunefi/34300.InvalidWithdrawal.t.sol
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+pragma solidity 0.7.6;
+pragma abicoder v2;
+
+import "forge-std/Test.sol";
+import "../../../contracts/Vault.sol";
+import "../../../contracts/test/TestERC20.sol";
+
+contract InvalidWithdrawalTest is Test {
+    uint256 forkBlock = 105_302_472; // Optimiam mainnet @ Thu Jun  8 05:55:21 UTC 2023
+
+    Vault vault;
+    TestERC20 usdc;
+    TestERC20 weth;
+
+    function setUp() public {
+        vm.createSelectFork(vm.rpcUrl("optimism"), forkBlock);
+        vault = Vault(0xAD7b4C162707E0B2b5f6fdDbD3f8538A5fbA0d60);
+        usdc = TestERC20(vault.getSettlementToken());
+        weth = TestERC20(0x4200000000000000000000000000000000000006);
+
+        deal(address(usdc), address(this), 1000 * 1e6, true);
+    }
+
+    function test_exploit() external payable {
+        // Step 1: Deposit 1000 USDC into the Vault
+        // Assume the attacker already has 1000 USDC
+        usdc.approve(address(vault), 1000 * 1e6); // Approve Vault to spend USDC
+        vault.deposit(address(usdc), 1000 * 1e6); // Deposit 1000 USDC
+        assertEq(vault.getBalanceByToken(address(this), address(usdc)), 1000 * 1e6);
+        assertEq(vault.getBalanceByToken(address(this), address(weth)), 0);
+
+        // Step 2: Withdraw 1 wei
+        vm.expectRevert("V_NEFC");
+        vault.withdrawEther(1); // Attempt to withdraw 1 wei
+    }
+}