sol_Bo8des9o
/
openzeppelin-contracts


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279
							// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

import {Test} from "forge-std/Test.sol";
import {ERC2771Forwarder} from "@openzeppelin/contracts/metatx/ERC2771Forwarder.sol";
import {CallReceiverMockTrustingForwarder, CallReceiverMock} from "@openzeppelin/contracts/mocks/CallReceiverMock.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";

enum TamperType {
    FROM,
    TO,
    VALUE,
    DATA,
    SIGNATURE
}

contract ERC2771ForwarderMock is ERC2771Forwarder {
    constructor(string memory name) ERC2771Forwarder(name) {}

    function forwardRequestStructHash(
        ERC2771Forwarder.ForwardRequestData calldata request,
        uint256 nonce
    ) external view returns (bytes32) {
        return
            _hashTypedDataV4(
                keccak256(
                    abi.encode(
                        _FORWARD_REQUEST_TYPEHASH,
                        request.from,
                        request.to,
                        request.value,
                        request.gas,
                        nonce,
                        request.deadline,
                        keccak256(request.data)
                    )
                )
            );
    }
}

contract ERC2771ForwarderTest is Test {
    using ECDSA for bytes32;

    ERC2771ForwarderMock internal _erc2771Forwarder;
    CallReceiverMockTrustingForwarder internal _receiver;

    uint256 internal _signerPrivateKey = 0xA11CE;
    address internal _signer = vm.addr(_signerPrivateKey);

    uint256 internal constant _MAX_ETHER = 10_000_000; // To avoid overflow

    function setUp() public {
        _erc2771Forwarder = new ERC2771ForwarderMock("ERC2771Forwarder");
        _receiver = new CallReceiverMockTrustingForwarder(address(_erc2771Forwarder));
    }

    // Forge a new ForwardRequestData
    function _forgeRequestData() private view returns (ERC2771Forwarder.ForwardRequestData memory) {
        return
            _forgeRequestData({
                value: 0,
                deadline: uint48(block.timestamp + 1),
                data: abi.encodeCall(CallReceiverMock.mockFunction, ())
            });
    }

    function _forgeRequestData(
        uint256 value,
        uint48 deadline,
        bytes memory data
    ) private view returns (ERC2771Forwarder.ForwardRequestData memory) {
        return
            ERC2771Forwarder.ForwardRequestData({
                from: _signer,
                to: address(_receiver),
                value: value,
                gas: 30000,
                deadline: deadline,
                data: data,
                signature: ""
            });
    }

    // Sign a ForwardRequestData (in place) for a given nonce. Also returns it for convenience.
    function _signRequestData(
        ERC2771Forwarder.ForwardRequestData memory request,
        uint256 nonce
    ) private view returns (ERC2771Forwarder.ForwardRequestData memory) {
        bytes32 digest = _erc2771Forwarder.forwardRequestStructHash(request, nonce);
        (uint8 v, bytes32 r, bytes32 s) = vm.sign(_signerPrivateKey, digest);
        request.signature = abi.encodePacked(r, s, v);
        return request;
    }

    // Tamper a ForwardRequestData (in place). Also returns it for convenience.
    function _tamperRequestData(
        ERC2771Forwarder.ForwardRequestData memory request,
        TamperType tamper
    ) private returns (ERC2771Forwarder.ForwardRequestData memory) {
        if (tamper == TamperType.FROM) request.from = vm.randomAddress();
        else if (tamper == TamperType.TO) request.to = vm.randomAddress();
        else if (tamper == TamperType.VALUE) request.value = vm.randomUint();
        else if (tamper == TamperType.DATA) request.data = vm.randomBytes(4);
        else if (tamper == TamperType.SIGNATURE) request.signature = vm.randomBytes(65);

        return request;
    }

    // Predict the revert error for a tampered request, and expect it is emitted.
    function _tamperedExpectRevert(
        ERC2771Forwarder.ForwardRequestData memory request,
        TamperType tamper,
        uint256 nonce
    ) private returns (ERC2771Forwarder.ForwardRequestData memory) {
        if (tamper == TamperType.FROM) nonce = _erc2771Forwarder.nonces(request.from);

        // predict revert
        if (tamper == TamperType.TO) {
            vm.expectRevert(
                abi.encodeWithSelector(
                    ERC2771Forwarder.ERC2771UntrustfulTarget.selector,
                    request.to,
                    address(_erc2771Forwarder)
                )
            );
        } else {
            (address recovered, , ) = _erc2771Forwarder.forwardRequestStructHash(request, nonce).tryRecover(
                request.signature
            );
            vm.expectRevert(
                abi.encodeWithSelector(ERC2771Forwarder.ERC2771ForwarderInvalidSigner.selector, recovered, request.from)
            );
        }
        return request;
    }

    function testExecuteAvoidsETHStuck(uint256 initialBalance, uint256 value, bool targetReverts) public {
        initialBalance = bound(initialBalance, 0, _MAX_ETHER);
        value = bound(value, 0, _MAX_ETHER);

        // create and sign request
        ERC2771Forwarder.ForwardRequestData memory request = _forgeRequestData({
            value: value,
            deadline: uint48(block.timestamp + 1),
            data: targetReverts
                ? abi.encodeCall(CallReceiverMock.mockFunctionRevertsNoReason, ())
                : abi.encodeCall(CallReceiverMock.mockFunction, ())
        });
        _signRequestData(request, _erc2771Forwarder.nonces(_signer));

        vm.deal(address(_erc2771Forwarder), initialBalance);
        vm.deal(address(this), request.value);

        if (targetReverts) vm.expectRevert();
        _erc2771Forwarder.execute{value: value}(request);

        assertEq(address(_erc2771Forwarder).balance, initialBalance);
    }

    function testExecuteBatchAvoidsETHStuck(uint256 initialBalance, uint256 batchSize, uint256 value) public {
        uint256 seed = uint256(keccak256(abi.encodePacked(initialBalance, batchSize, value)));

        batchSize = bound(batchSize, 1, 10);
        initialBalance = bound(initialBalance, 0, _MAX_ETHER);
        value = bound(value, 0, _MAX_ETHER);

        address refundReceiver = address(0xebe);
        uint256 refundExpected = 0;
        uint256 nonce = _erc2771Forwarder.nonces(_signer);

        // create an sign array or requests (that may fail)
        ERC2771Forwarder.ForwardRequestData[] memory requests = new ERC2771Forwarder.ForwardRequestData[](batchSize);
        for (uint256 i = 0; i < batchSize; ++i) {
            bool failure = (seed >> i) & 0x1 == 0x1;

            requests[i] = _forgeRequestData({
                value: value,
                deadline: uint48(block.timestamp + 1),
                data: failure
                    ? abi.encodeCall(CallReceiverMock.mockFunctionRevertsNoReason, ())
                    : abi.encodeCall(CallReceiverMock.mockFunction, ())
            });
            _signRequestData(requests[i], nonce + i);

            refundExpected += SafeCast.toUint(failure) * value;
        }

        // distribute ether
        vm.deal(address(_erc2771Forwarder), initialBalance);
        vm.deal(address(this), value * batchSize);

        // execute batch
        _erc2771Forwarder.executeBatch{value: value * batchSize}(requests, payable(refundReceiver));

        // check balances
        assertEq(address(_erc2771Forwarder).balance, initialBalance);
        assertEq(refundReceiver.balance, refundExpected);
    }

    function testVerifyTamperedValues(uint8 _tamper) public {
        TamperType tamper = _asTamper(_tamper);

        // create request, sign, tamper
        ERC2771Forwarder.ForwardRequestData memory request = _forgeRequestData();
        _signRequestData(request, 0);
        _tamperRequestData(request, tamper);

        // should not pass verification
        assertFalse(_erc2771Forwarder.verify(request));
    }

    function testExecuteTamperedValues(uint8 _tamper) public {
        TamperType tamper = _asTamper(_tamper);

        // create request, sign, tamper, expect execution revert
        ERC2771Forwarder.ForwardRequestData memory request = _forgeRequestData();
        _signRequestData(request, 0);
        _tamperRequestData(request, tamper);
        _tamperedExpectRevert(request, tamper, 0);

        vm.deal(address(this), request.value);
        _erc2771Forwarder.execute{value: request.value}(request);
    }

    function testExecuteBatchTamperedValuesZeroReceiver(uint8 _tamper) public {
        TamperType tamper = _asTamper(_tamper);
        uint256 nonce = _erc2771Forwarder.nonces(_signer);

        // create an sign array or requests
        ERC2771Forwarder.ForwardRequestData[] memory requests = new ERC2771Forwarder.ForwardRequestData[](3);
        for (uint256 i = 0; i < requests.length; ++i) {
            requests[i] = _forgeRequestData({
                value: 0,
                deadline: uint48(block.timestamp + 1),
                data: abi.encodeCall(CallReceiverMock.mockFunction, ())
            });
            _signRequestData(requests[i], nonce + i);
        }

        // tamper with request[1] and expect execution revert
        _tamperRequestData(requests[1], tamper);
        _tamperedExpectRevert(requests[1], tamper, nonce + 1);

        vm.deal(address(this), requests[1].value);
        _erc2771Forwarder.executeBatch{value: requests[1].value}(requests, payable(address(0)));
    }

    function testExecuteBatchTamperedValues(uint8 _tamper) public {
        TamperType tamper = _asTamper(_tamper);
        uint256 nonce = _erc2771Forwarder.nonces(_signer);

        // create an sign array or requests
        ERC2771Forwarder.ForwardRequestData[] memory requests = new ERC2771Forwarder.ForwardRequestData[](3);
        for (uint256 i = 0; i < requests.length; ++i) {
            requests[i] = _forgeRequestData({
                value: 0,
                deadline: uint48(block.timestamp + 1),
                data: abi.encodeCall(CallReceiverMock.mockFunction, ())
            });
            _signRequestData(requests[i], nonce + i);
        }

        // tamper with request[1]
        _tamperRequestData(requests[1], tamper);

        // should not revert
        vm.expectCall(address(_receiver), abi.encodeCall(CallReceiverMock.mockFunction, ()), 1);

        vm.deal(address(this), requests[1].value);
        _erc2771Forwarder.executeBatch{value: requests[1].value}(requests, payable(address(0xebe)));
    }

    function _asTamper(uint8 _tamper) private pure returns (TamperType) {
        return TamperType(bound(_tamper, uint8(TamperType.FROM), uint8(TamperType.SIGNATURE)));
    }
}