NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved bounty tests. (#1350)

Browse Source 
* Improved bounty tests.

* Fixed linter errors.

* Addressed review comments.

(cherry picked from commit ae109f69cc)
This commit is contained in:
Nicolás Venturo
2018-09-26 16:32:50 -03:00
committed by Francisco Giordano
parent 1b0c6b94b9
commit fa5ecd03cb
3 changed files with 97 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
contracts/mocks/SecureInvariantTargetBounty.sol → contracts/mocks/BreakInvariantBountyMock.sol
View File

@ -6,15 +6,24 @@ pragma solidity ^0.4.24;
import {BreakInvariantBounty, Target} from "../drafts/BreakInvariantBounty.sol"; import {BreakInvariantBounty, Target} from "../drafts/BreakInvariantBounty.sol";
contract SecureInvariantTargetMock is Target { contract TargetMock is Target {
function checkInvariant() public returns(bool) { bool private exploited;
function exploitVulnerability() public {
exploited = true;
}
function checkInvariant() public returns (bool) {
if (exploited) {
return false;
}
return true; return true;
} }
} }
contract BreakInvariantBountyMock is BreakInvariantBounty {
contract SecureInvariantTargetBounty is BreakInvariantBounty {
function _deployContract() internal returns (address) { function _deployContract() internal returns (address) {
return new SecureInvariantTargetMock(); return new TargetMock();
} }
} }

20
contracts/mocks/InsecureInvariantTargetBounty.sol
View File

@ -1,20 +0,0 @@
pragma solidity ^0.4.24;
// When this line is split, truffle parsing fails.
// See: https://github.com/ethereum/solidity/issues/4871
// solium-disable-next-line max-len
import {BreakInvariantBounty, Target} from "../drafts/BreakInvariantBounty.sol";
contract InsecureInvariantTargetMock is Target {
function checkInvariant() public returns(bool) {
return false;
}
}
contract InsecureInvariantTargetBounty is BreakInvariantBounty {
function _deployContract() internal returns (address) {
return new InsecureInvariantTargetMock();
}
}

159
test/drafts/BreakInvariantBounty.test.js
View File

@ -2,97 +2,104 @@ const { ethGetBalance, ethSendTransaction } = require('../helpers/web3');
const expectEvent = require('../helpers/expectEvent'); const expectEvent = require('../helpers/expectEvent');
const { assertRevert } = require('../helpers/assertRevert'); const { assertRevert } = require('../helpers/assertRevert');
const SecureInvariantTargetBounty = artifacts.require('SecureInvariantTargetBounty'); const BreakInvariantBountyMock = artifacts.require('BreakInvariantBountyMock');
const InsecureInvariantTargetBounty = artifacts.require('InsecureInvariantTargetBounty'); const TargetMock = artifacts.require('TargetMock');
require('chai') require('chai')
.use(require('chai-bignumber')(web3.BigNumber)) .use(require('chai-bignumber')(web3.BigNumber))
.should(); .should();
const sendReward = async (from, to, value) => ethSendTransaction({
from,
to,
value,
});
const reward = new web3.BigNumber(web3.toWei(1, 'ether')); const reward = new web3.BigNumber(web3.toWei(1, 'ether'));
contract('BreakInvariantBounty', function ([_, owner, researcher, nonTarget]) { contract('BreakInvariantBounty', function ([_, owner, researcher, anyone, nonTarget]) {
context('against secure contract', function () { beforeEach(async function () {
beforeEach(async function () { this.bounty = await BreakInvariantBountyMock.new({ from: owner });
this.bounty = await SecureInvariantTargetBounty.new({ from: owner });
});
it('can set reward', async function () {
await sendReward(owner, this.bounty.address, reward);
const balance = await ethGetBalance(this.bounty.address);
balance.should.be.bignumber.equal(reward);
});
context('with reward', function () {
beforeEach(async function () {
const result = await this.bounty.createTarget({ from: researcher });
const event = expectEvent.inLogs(result.logs, 'TargetCreated');
this.targetAddress = event.args.createdAddress;
await sendReward(owner, this.bounty.address, reward);
const balance = await ethGetBalance(this.bounty.address);
balance.should.be.bignumber.equal(reward);
});
it('cannot claim reward', async function () {
await assertRevert(
this.bounty.claim(this.targetAddress, { from: researcher }),
);
});
});
}); });
context('against broken contract', function () { it('can set reward', async function () {
await ethSendTransaction({ from: owner, to: this.bounty.address, value: reward });
(await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(reward);
});
context('with reward', function () {
beforeEach(async function () { beforeEach(async function () {
this.bounty = await InsecureInvariantTargetBounty.new(); await ethSendTransaction({ from: owner, to: this.bounty.address, value: reward });
const result = await this.bounty.createTarget({ from: researcher });
const event = expectEvent.inLogs(result.logs, 'TargetCreated');
this.targetAddress = event.args.createdAddress;
await sendReward(owner, this.bounty.address, reward);
}); });
it('can claim reward', async function () { describe('destroy', function () {
await this.bounty.claim(this.targetAddress, { from: researcher }); it('returns all balance to the owner', async function () {
const claim = await this.bounty.claimed(); const ownerPreBalance = await ethGetBalance(owner);
await this.bounty.destroy({ from: owner, gasPrice: 0 });
const ownerPostBalance = await ethGetBalance(owner);
claim.should.equal(true); (await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(0);
ownerPostBalance.sub(ownerPreBalance).should.be.bignumber.equal(reward);
const researcherPrevBalance = await ethGetBalance(researcher);
await this.bounty.withdrawPayments(researcher, { gasPrice: 0 });
const updatedBalance = await ethGetBalance(this.bounty.address);
updatedBalance.should.be.bignumber.equal(0);
const researcherCurrBalance = await ethGetBalance(researcher);
researcherCurrBalance.sub(researcherPrevBalance).should.be.bignumber.equal(reward);
});
it('cannot claim reward from non-target', async function () {
await assertRevert(
this.bounty.claim(nonTarget, { from: researcher })
);
});
context('reward claimed', function () {
beforeEach(async function () {
await this.bounty.claim(this.targetAddress, { from: researcher });
}); });
it('should no longer be payable', async function () { it('reverts when called by anyone', async function () {
await assertRevert( await assertRevert(this.bounty.destroy({ from: anyone }));
sendReward(owner, this.bounty.address, reward) });
); });
describe('claim', function () {
it('is initially unclaimed', async function () {
(await this.bounty.claimed()).should.equal(false);
});
it('can create claimable target', async function () {
const { logs } = await this.bounty.createTarget({ from: researcher });
expectEvent.inLogs(logs, 'TargetCreated');
});
context('with target', async function () {
beforeEach(async function () {
const { logs } = await this.bounty.createTarget({ from: researcher });
const event = expectEvent.inLogs(logs, 'TargetCreated');
this.target = TargetMock.at(event.args.createdAddress);
});
context('before exploiting vulnerability', async function () {
it('reverts when claiming reward', async function () {
await assertRevert(this.bounty.claim(this.target.address, { from: researcher }));
});
});
context('after exploiting vulnerability', async function () {
beforeEach(async function () {
await this.target.exploitVulnerability({ from: researcher });
});
it('sends the reward to the researcher', async function () {
await this.bounty.claim(this.target.address, { from: anyone });
const researcherPreBalance = await ethGetBalance(researcher);
await this.bounty.withdrawPayments(researcher);
const researcherPostBalance = await ethGetBalance(researcher);
researcherPostBalance.sub(researcherPreBalance).should.be.bignumber.equal(reward);
(await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(0);
});
context('after claiming', async function () {
beforeEach(async function () {
await this.bounty.claim(this.target.address, { from: researcher });
});
it('is claimed', async function () {
(await this.bounty.claimed()).should.equal(true);
});
it('no longer accepts rewards', async function () {
await assertRevert(ethSendTransaction({ from: owner, to: this.bounty.address, value: reward }));
});
});
});
});
context('with non-target', function () {
it('reverts when claiming reward', async function () {
await assertRevert(this.bounty.claim(nonTarget, { from: researcher }));
});
}); });
}); });
}); });