logos-messaging/logos-messaging-rlnv2-contract
1
0
Fork 0
mirror of https://github.com/logos-messaging/logos-messaging-rlnv2-contract.git synced 2026-02-16 11:53:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: show success when unauthorized upgrade after malicious

Browse Source
This commit is contained in:
Roman 2025-10-08 13:12:55 +11:00
parent f45228e51b
commit 0f39a040eb
No known key found for this signature in database
GPG Key ID: 583BDF43C238B83E
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
test/WakuRlnV2.t.sol
View File

@ -1580,4 +1580,23 @@ contract WakuRlnV2Test is Test {
// Assert: Funds not drained (invariant: no direct access)
assertEq(token.balanceOf(address(w)), price); // Still held
}
// Test: Demonstrate success of Unauthorized Upgrade Post-Malicious Change
function test_UnauthorizedUpgradeAfterMalicious() external {
// Deploy malicious impl that allows anyone to upgrade
address maliciousImpl = address(new MaliciousImplementation()); // Overrides _authorizeUpgrade to public
// Owner upgrades to malicious
vm.prank(w.owner());
w.upgradeTo(address(maliciousImpl));
// Non-owner attempts further upgrade
address newImpl = address(new TestStableToken()); // Arbitrary
vm.prank(address(0xdead));
w.upgradeTo(newImpl); // Should succeed if malicious allows, but test revert if protected
// Assert: Bricked or unauthorized (depending on spec; expect revert for safety)
vm.expectRevert("Ownable: caller is not the owner");
w.upgradeTo(newImpl); // If not overridden
}
}