Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(evm): Add fuzz tests for SignerValidator #47

Merged
merged 2 commits into from
Sep 4, 2024
Merged

test(evm): Add fuzz tests for SignerValidator #47

merged 2 commits into from
Sep 4, 2024

Conversation

topocount
Copy link
Contributor

@topocount topocount commented Aug 31, 2024
edited
Loading

These fuzz tests cover signature spoofing and also sets of inputs
that should work validate successfully.
We could go in harder on the signature spoofing if we wanted to by
constraining stack parameters and fuzzing on claimData though.

merge plan

merge after #45

@topocount topocount requested a review from a team as a code owner August 31, 2024 22:27
Quazia
Quazia approved these changes Sep 3, 2024
View reviewed changes
Copy link
Collaborator

@Quazia Quazia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - let's also add another for the signature generation vs the signer generation

packages/evm/test/validators/SignerValidator.t.sol
address claimant,
bytes memory incentiveData
) public {
incentiveQuantity = uint8(bound(incentiveQuantity, 1, 7));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should work up to 8, right? It's the ID that needs to be under 8 necessarily

packages/evm/test/validators/SignerValidator.t.sol Outdated
validator.validate(boostId, incentiveId, claimant, claimData);
}

function testValidate_FuzzMaliciousSignature(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want to add another fuzz test for malicious signature generation vs signer generation and rename this but this one looks good.

@topocount topocount force-pushed the validation-auth branch 3 times, most recently from fd894f7 to e4ed633 Compare September 4, 2024 01:53
Base automatically changed from validation-auth to main September 4, 2024 02:00
@topocount
test(evm): Add fuzz tests for SignerValidator
2748223 
These fuzz tests cover signature spoofing and also sets of inputs
that should work validate successfully.
We could go in harder on the signature spoofing if we wanted to by
constraining stack parameters and fuzzing on claimData though.
@topocount
test(evm): Add SignerValidator test that fuzzes a signature payload
2f97e66
@topocount topocount merged commit 9fb9f7c into main Sep 4, 2024
3 checks passed
@topocount topocount deleted the signervalidator-fuzz branch September 4, 2024 02:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Quazia Quazia Quazia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@topocount @Quazia