Skip to content

Commit

Permalink
feat #128: renamed contracts and added assertions
Browse files Browse the repository at this point in the history
  • Loading branch information
hansstammler committed Jun 24, 2024
1 parent 818ac8d commit 35a6dfc
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 14 deletions.
6 changes: 3 additions & 3 deletions CI/tests/Bridge.exploit1.js
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@ async function sequence(contractsA, contractsB, web3A, web3B){

let balance2 = await web3B.eth.getBalance(vaultB._address);
console.log(balance2);
let balance3 = await web3B.eth.getBalance(accountB);
console.log(balance3);
assert(balance2 == 99500, "Value was not 99500 as expected: " + balance2);
return balance2 == 99500;
}

async function callSmartContract(method, sender, value = 0){
Expand All @@ -116,7 +116,7 @@ async function startUp() {
bridgeTestLogger.debug("Web3 A: " + envAnvil.envInfo.rpcAddress);
bridgeTestLogger.debug("Web3 B: " + envAvalanche.envInfo.rpcAddress);

let contractsA = await deployBridge(envAnvil.web3, envAnvil.envInfo, 'A', 'ETH', 'EthRouterExploit1', 'EthVaultOracle', 'Oracle', 'eth_bridgeForwards', 'eth_bridgeForwardsERC20');
let contractsA = await deployBridge(envAnvil.web3, envAnvil.envInfo, 'A', 'ETH', 'EthRouterVulnerability1', 'EthVaultOracle', 'Oracle', 'eth_bridgeForwards', 'eth_bridgeForwardsERC20');
let contractsB = await deployBridge(envAvalanche.web3, envAvalanche.envInfo, 'B', 'AVAX', 'AvaxRouter', 'AvaxVaultOracle', 'Oracle', 'avax_bridgeForwards', 'avax_bridgeForwardsERC20');

let contractSourceA = fs.readFileSync(path.join('contracts', 'src', 'cross-chain', 'EthRouter.sol'), 'utf8');
Expand Down
8 changes: 4 additions & 4 deletions CI/tests/Bridge.exploit2.js
Original file line number Diff line number Diff line change
Expand Up @@ -89,14 +89,14 @@ async function sequence(contractsA, contractsB, web3A, web3B){
from: accountA,
gas: 300000,
value: 100
});3
});

await sleep(5000);

let balance2 = await web3B.eth.getBalance(vaultB._address);
console.log(balance2);
let balance3 = await web3B.eth.getBalance(accountB);
console.log(balance3);
assert(balance2 == 99750, "Value was not 99750 as expected: " + balance2);
return balance2 == 99750;
}

async function callSmartContract(method, sender, value = 0){
Expand All @@ -120,7 +120,7 @@ async function startUp() {
bridgeTestLogger.debug("Web3 A: " + envAnvil.envInfo.rpcAddress);
bridgeTestLogger.debug("Web3 B: " + envAvalanche.envInfo.rpcAddress);

let contractsA = await deployBridge(envAnvil.web3, envAnvil.envInfo, 'A', 'ETH', 'EthRouterExploit2', 'EthVaultOracle', 'Oracle', 'eth_bridgeForwards', 'eth_bridgeForwardsERC20');
let contractsA = await deployBridge(envAnvil.web3, envAnvil.envInfo, 'A', 'ETH', 'EthRouterVulnerability2', 'EthVaultOracle', 'Oracle', 'eth_bridgeForwards', 'eth_bridgeForwardsERC20');
let contractsB = await deployBridge(envAvalanche.web3, envAvalanche.envInfo, 'B', 'AVAX', 'AvaxRouter', 'AvaxVaultOracle', 'Oracle', 'avax_bridgeForwards', 'avax_bridgeForwardsERC20');

let contractSourceA = fs.readFileSync(path.join('contracts', 'src', 'cross-chain', 'EthRouter.sol'), 'utf8');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ interface iERC20 {
function transfer(address, uint256) external returns (bool success);
}

contract EthRouterExploit1 {
contract EthRouterVulnerability1 {
//This keeps track of bridge-owned token, is burned
address public CrossToken;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ interface iERC20 {
function transfer(address, uint256) external returns (bool success);
}

contract EthRouterExploit2 {
contract EthRouterVulnerability2 {
//This keeps track of bridge-owned token, is burned
address public CrossToken;

Expand Down Expand Up @@ -106,11 +106,8 @@ contract EthRouterExploit2 {
string memory memo,
uint expiration
) external payable {
unchecked {
require(expiration - block.timestamp >= 0, "Deposit request expired");
eth_deposit(vault, asset, amount, memo);
}

require(block.timestamp > expiration, "Deposit request expired");
eth_deposit(vault, asset, amount, memo);
}

//Called by a vault to pay out funds to indicated address
Expand Down

0 comments on commit 35a6dfc

Please sign in to comment.