minime/test/reentrancy/ReentrancyTest.t.sol

// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;

import { Test } from "forge-std/Test.sol";
import { Deploy } from "../../script/Deploy.s.sol";
import { DeploymentConfig } from "../../script/DeploymentConfig.s.sol";
import { AttackController } from "./AttackController.sol";
import { AttackAccount } from "./AttackAccount.sol";
import { MiniMeToken } from "../../contracts/MiniMeToken.sol";

contract ReentrancyTest is Test {
    AttackController internal attackController;
    AttackAccount internal attackAccount;
    MiniMeToken internal minimeToken;
    DeploymentConfig internal deploymentConfig;
    address internal deployer;
    address internal attackerEOA = makeAddr("attackerEOA");

    function setUp() public {
        Deploy deployment = new Deploy();
        (deploymentConfig, minimeToken) = deployment.run();
        (deployer,,,,,,) = deploymentConfig.activeNetworkConfig();

        vm.prank(attackerEOA);
        attackAccount = new AttackAccount(minimeToken);
        attackController = new AttackController(attackerEOA, attackAccount);
    }

    function testAttack() public {
        address sender = makeAddr("sender");
        address receiver = address(attackAccount);

        uint256 fundsAmount = 10_000;
        uint256 allowanceAmount = fundsAmount * 6;
        uint256 sendAmount = fundsAmount;

        // ensure `sender` has funds
        vm.prank(deployer);
        minimeToken.generateTokens(sender, fundsAmount);

        // change controller to AttackController
        vm.prank(deployer);
        minimeToken.changeController(payable(address(attackController)));

        // sender sends tokens to receiver
        vm.prank(sender);
        minimeToken.approve(receiver, allowanceAmount);

        attackAccount.attack(sender, receiver, sendAmount);

        assertEq(minimeToken.balanceOf(attackController.attackerEOA()), 0, "Attacker EOA should not receive any funds");
        assertEq(minimeToken.balanceOf(sender), fundsAmount - sendAmount, "Sender should have expected funds");
        assertEq(minimeToken.balanceOf(receiver), sendAmount, "Receiver should have expected funds");
    }
}
Check for reentrancy double spend on onTransfer (#29) * chore: add missing trailing slash in remapping This was not causing any compilation issues, but the solidity language server gets confused by this and complains about incorrect import statements otherwise. * TokenController interactions after balance updates This test demonstrates that all transfer methods are vulnerable to callback reentrancy attacks if the controller of the `MiniMeToken` is malicious. --------- Co-authored-by: r4bbit <445106+0x-r4bbit@users.noreply.github.com> 2023-09-22 18:25:23 +00:00			`// SPDX-License-Identifier: GPL-3.0`
			`pragma solidity ^0.8.0;`

			`import { Test } from "forge-std/Test.sol";`
			`import { Deploy } from "../../script/Deploy.s.sol";`
			`import { DeploymentConfig } from "../../script/DeploymentConfig.s.sol";`
			`import { AttackController } from "./AttackController.sol";`
			`import { AttackAccount } from "./AttackAccount.sol";`
			`import { MiniMeToken } from "../../contracts/MiniMeToken.sol";`

			`contract ReentrancyTest is Test {`
			`AttackController internal attackController;`
			`AttackAccount internal attackAccount;`
			`MiniMeToken internal minimeToken;`
			`DeploymentConfig internal deploymentConfig;`
			`address internal deployer;`
			`address internal attackerEOA = makeAddr("attackerEOA");`

			`function setUp() public {`
			`Deploy deployment = new Deploy();`
remove minimetokenfactory 2023-09-26 15:46:06 +00:00			`(deploymentConfig, minimeToken) = deployment.run();`
Check for reentrancy double spend on onTransfer (#29) * chore: add missing trailing slash in remapping This was not causing any compilation issues, but the solidity language server gets confused by this and complains about incorrect import statements otherwise. * TokenController interactions after balance updates This test demonstrates that all transfer methods are vulnerable to callback reentrancy attacks if the controller of the `MiniMeToken` is malicious. --------- Co-authored-by: r4bbit <445106+0x-r4bbit@users.noreply.github.com> 2023-09-22 18:25:23 +00:00			`(deployer,,,,,,) = deploymentConfig.activeNetworkConfig();`

			`vm.prank(attackerEOA);`
			`attackAccount = new AttackAccount(minimeToken);`
			`attackController = new AttackController(attackerEOA, attackAccount);`
			`}`

			`function testAttack() public {`
			`address sender = makeAddr("sender");`
			`address receiver = address(attackAccount);`

			`uint256 fundsAmount = 10_000;`
			`uint256 allowanceAmount = fundsAmount * 6;`
			`uint256 sendAmount = fundsAmount;`

			// ensure `sender` has funds
			`vm.prank(deployer);`
			`minimeToken.generateTokens(sender, fundsAmount);`

			`// change controller to AttackController`
			`vm.prank(deployer);`
			`minimeToken.changeController(payable(address(attackController)));`

			`// sender sends tokens to receiver`
			`vm.prank(sender);`
			`minimeToken.approve(receiver, allowanceAmount);`

			`attackAccount.attack(sender, receiver, sendAmount);`

			`assertEq(minimeToken.balanceOf(attackController.attackerEOA()), 0, "Attacker EOA should not receive any funds");`
			`assertEq(minimeToken.balanceOf(sender), fundsAmount - sendAmount, "Sender should have expected funds");`
			`assertEq(minimeToken.balanceOf(receiver), sendAmount, "Receiver should have expected funds");`
			`}`
			`}`