Skip to content

Commit

Permalink
All tests passing
Browse files Browse the repository at this point in the history
  • Loading branch information
@aviggiano
aviggiano committed Feb 7, 2025
1 parent 01d9355 commit f824531
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 34 deletions.
58 changes: 35 additions & 23 deletions test/BaseRestrictedActionsGuardTest.t.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,70 +48,82 @@ contract BaseRestrictedActionsGuardTest is BaseTest {
);
}

function _setRestrictedActions(Safe safe, address target, bytes memory data, bytes memory mask) internal {
bytes[] memory datas = new bytes[](1);
datas[0] = data;
function _setRestrictedActions(Safe safe, address target, bytes memory pattern, bytes memory mask) internal {
bytes[] memory patterns = new bytes[](1);
patterns[0] = pattern;
bytes[] memory masks = new bytes[](1);
masks[0] = mask;
_setRestrictedActions(safe, target, datas, masks);
_setRestrictedActions(safe, target, patterns, masks);
}

function _setRestrictedActions(
Safe safe,
address target,
bytes memory data1,
bytes memory pattern1,
bytes memory mask1,
bytes memory data2,
bytes memory pattern2,
bytes memory mask2
) internal {
bytes[] memory datas = new bytes[](2);
datas[0] = data1;
datas[1] = data2;
bytes[] memory patterns = new bytes[](2);
patterns[0] = pattern1;
patterns[1] = pattern2;
bytes[] memory masks = new bytes[](2);
masks[0] = mask1;
masks[1] = mask2;
_setRestrictedActions(safe, target, datas, masks);
_setRestrictedActions(safe, target, patterns, masks);
}

function _getRestrictedActionErc20ApproveVaultAnyAmount(address vault)
function _getRestrictedActionErc20ApproveSpenderAnyAmount(address spender)
internal
pure
returns (bytes memory data, bytes memory mask)
returns (bytes memory pattern, bytes memory mask)
{
data = abi.encodeCall(IERC20.approve, (address(vault), type(uint256).max));
pattern = abi.encodeCall(IERC20.approve, (spender, type(uint256).max));
mask = abi.encodeWithSelector(bytes4(0xFFFFFFFF), address(uint160(type(uint160).max)), 0);
}

function _getRestrictedActionWethReceiveAnyAmount() internal pure returns (bytes memory data, bytes memory mask) {
data = bytes("");
function _getRestrictedActionWethReceiveAnyAmount()
internal
pure
returns (bytes memory pattern, bytes memory mask)
{
pattern = bytes("");
mask = bytes("");
}

function _getRestrictedActionWethDepositAnyAmount() internal pure returns (bytes memory data, bytes memory mask) {
data = abi.encodeCall(WETH.deposit, ());
function _getRestrictedActionWethDepositAnyAmount()
internal
pure
returns (bytes memory pattern, bytes memory mask)
{
pattern = abi.encodeCall(WETH.deposit, ());
mask = abi.encodeWithSelector(bytes4(0xFFFFFFFF));
}

function _getRestrictedActionWethWithdrawAnyAmount() internal pure returns (bytes memory data, bytes memory mask) {
data = abi.encodeCall(WETH.withdraw, (type(uint256).max));
function _getRestrictedActionWethWithdrawAnyAmount()
internal
pure
returns (bytes memory pattern, bytes memory mask)
{
pattern = abi.encodeCall(WETH.withdraw, (type(uint256).max));
mask = abi.encodeWithSelector(bytes4(0xFFFFFFFF), 0);
}

function _getRestrictedActionDepositVaultToSelfAnyAmount(Safe safe)
internal
pure
returns (bytes memory data, bytes memory mask)
returns (bytes memory pattern, bytes memory mask)
{
data = abi.encodeCall(ERC4626.deposit, (type(uint256).max, address(safe)));
pattern = abi.encodeCall(ERC4626.deposit, (type(uint256).max, address(safe)));
mask = abi.encodeWithSelector(bytes4(0xFFFFFFFF), 0, address(uint160(type(uint160).max)));
}

function _getRestrictedActionWithdrawVaultToSelfAnyAmount(Safe safe)
internal
pure
returns (bytes memory data, bytes memory mask)
returns (bytes memory pattern, bytes memory mask)
{
data = abi.encodeCall(ERC4626.withdraw, (type(uint256).max, address(safe), address(safe)));
pattern = abi.encodeCall(ERC4626.withdraw, (type(uint256).max, address(safe), address(safe)));
mask = abi.encodeWithSelector(
bytes4(0xFFFFFFFF), 0, address(uint160(type(uint160).max)), address(uint160(type(uint160).max))
);
Expand Down
48 changes: 40 additions & 8 deletions test/RestrictedActionsGuard_1_2_3.t.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ contract RestrictedActionsGuard_1_2_3_Test is BaseRestrictedActionsGuardTest {
function test_RestrictedActionsGuard_1_2_3_checkTransaction_1_signature_restricted_weth_deposit() public {
Safe safe = test_RestrictedActionsGuard_1_2_3_setup();

(bytes memory data, bytes memory mask) = _getRestrictedActionWethDepositAnyAmount();
_setRestrictedActions(safe, address(weth), data, mask);
(bytes memory pattern, bytes memory mask) = _getRestrictedActionWethDepositAnyAmount();
_setRestrictedActions(safe, address(weth), pattern, mask);

deal(address(safe), 1 ether);

Expand All @@ -97,8 +97,8 @@ contract RestrictedActionsGuard_1_2_3_Test is BaseRestrictedActionsGuardTest {
function test_RestrictedActionsGuard_1_2_3_checkTransaction_1_signature_restricted_weth_receive() public {
Safe safe = test_RestrictedActionsGuard_1_2_3_setup();

(bytes memory data, bytes memory mask) = _getRestrictedActionWethReceiveAnyAmount();
_setRestrictedActions(safe, address(weth), data, mask);
(bytes memory pattern, bytes memory mask) = _getRestrictedActionWethReceiveAnyAmount();
_setRestrictedActions(safe, address(weth), pattern, mask);

deal(address(safe), 1 ether);

Expand All @@ -113,7 +113,7 @@ contract RestrictedActionsGuard_1_2_3_Test is BaseRestrictedActionsGuardTest {
assertEq(weth.balanceOf(address(safe)), 1 ether);
assertEq(address(safe).balance, 0);

data = abi.encodeCall(weth.withdraw, (1 ether));
bytes memory data = abi.encodeCall(weth.withdraw, (1 ether));
bytes32 dataHash = _getDataHash(safe, address(weth), data);
vm.expectRevert(
abi.encodeWithSelector(RestrictedActionsGuard.ActionNotAllowed.selector, address(safe), address(weth), data)
Expand All @@ -130,9 +130,9 @@ contract RestrictedActionsGuard_1_2_3_Test is BaseRestrictedActionsGuardTest {
function test_RestrictedActionsGuard_1_2_3_checkTransaction_1_signature_restricted_weth_deposit_withdraw() public {
Safe safe = test_RestrictedActionsGuard_1_2_3_setup();

(bytes memory data1, bytes memory mask1) = _getRestrictedActionWethDepositAnyAmount();
(bytes memory data2, bytes memory mask2) = _getRestrictedActionWethWithdrawAnyAmount();
_setRestrictedActions(safe, address(weth), data1, mask1, data2, mask2);
(bytes memory pattern1, bytes memory mask1) = _getRestrictedActionWethDepositAnyAmount();
(bytes memory pattern2, bytes memory mask2) = _getRestrictedActionWethWithdrawAnyAmount();
_setRestrictedActions(safe, address(weth), pattern1, mask1, pattern2, mask2);

deal(address(safe), 1 ether);

Expand All @@ -152,4 +152,36 @@ contract RestrictedActionsGuard_1_2_3_Test is BaseRestrictedActionsGuardTest {
assertEq(weth.balanceOf(address(safe)), 0);
assertEq(address(safe).balance, 1 ether);
}

function test_RestrictedActionsGuard_1_2_3_checkTransaction_deposit_vault_invalid_recipient() public {
Safe safe = test_RestrictedActionsGuard_1_2_3_setup();

deal(address(safe), 1 ether);

address[] memory signers = new address[](1);
signers[0] = owner1;

(bytes memory pattern1, bytes memory mask1) = _getRestrictedActionWethDepositAnyAmount();
(bytes memory pattern2, bytes memory mask2) =
_getRestrictedActionErc20ApproveSpenderAnyAmount(address(wethVault));
_setRestrictedActions(safe, address(weth), pattern1, mask1, pattern2, mask2);
_execTransaction(safe, address(weth), 1 ether, abi.encodeCall(weth.deposit, ()), signers);
_execTransaction(safe, address(weth), abi.encodeCall(weth.approve, (address(wethVault), 1 ether)), signers);

(bytes memory pattern3, bytes memory mask3) = _getRestrictedActionDepositVaultToSelfAnyAmount(safe);
_setRestrictedActions(safe, address(wethVault), pattern3, mask3);

bytes memory data = abi.encodeCall(wethVault.deposit, (1 ether, owner1));
bytes32 dataHash = _getDataHash(safe, address(wethVault), data);
vm.expectRevert(
abi.encodeWithSelector(
RestrictedActionsGuard.ActionNotAllowed.selector, address(safe), address(wethVault), data
)
);
_execTransaction(safe, address(wethVault), data, signers, dataHash);

data = abi.encodeCall(wethVault.deposit, (1 ether, address(safe)));
dataHash = _getDataHash(safe, address(wethVault), data);
_execTransaction(safe, address(wethVault), data, signers, dataHash);
}
}
6 changes: 3 additions & 3 deletions test/RestrictedActionsGuard_1_3_5.t.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ contract RestrictedActionsGuard_1_3_5_Test is BaseRestrictedActionsGuardTest {
function test_RestrictedActionsGuard_1_3_5_removeRestrictedAllowedTarget() public {
Safe safe = test_RestrictedActionsGuard_1_3_5_setup();

(bytes memory data, bytes memory mask) = _getRestrictedActionWethDepositAnyAmount();
_setRestrictedActions(safe, address(weth), data, mask);
(bytes memory pattern, bytes memory mask) = _getRestrictedActionWethDepositAnyAmount();
_setRestrictedActions(safe, address(weth), pattern, mask);

deal(address(safe), 1 ether);

Expand Down Expand Up @@ -89,7 +89,7 @@ contract RestrictedActionsGuard_1_3_5_Test is BaseRestrictedActionsGuardTest {

deal(address(safe), 1 ether);

data = abi.encodeCall(weth.deposit, ());
bytes memory data = abi.encodeCall(weth.deposit, ());
bytes32 dataHash = _getDataHash(safe, address(weth), 1 ether, data);
vm.expectRevert(
abi.encodeWithSelector(RestrictedActionsGuard.ActionNotAllowed.selector, address(safe), address(weth), data)
Expand Down

0 comments on commit f824531

Please sign in to comment.