Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PDB-02S] Inexistent Sanitization of Input Address #876

Merged
merged 5 commits into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions contracts/protocol/bases/PriceDiscoveryBase.sol
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ contract PriceDiscoveryBase is ProtocolBase {
*/
//solhint-disable-next-line
constructor(address _wNative) {
if (_wNative == address(0)) revert InvalidAddress();
wNative = IWrappedNative(_wNative);
}

Expand Down
11 changes: 11 additions & 0 deletions test/protocol/PriceDiscoveryHandlerFacet.js
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,17 @@ describe("IPriceDiscoveryHandlerFacet", function () {
});
});

context("📋 Constructor", async function () {
it("Deployment fails if wrapped native address is 0", async function () {
const priceDiscoveryFactory = await getContractFactory("PriceDiscoveryHandlerFacet");

await expect(priceDiscoveryFactory.deploy(ZeroAddress)).to.revertedWithCustomError(
bosonErrors,
RevertReasons.INVALID_ADDRESS
);
});
});

// All supported Price discovery methods
context("📋 Price discovery Methods", async function () {
beforeEach(async function () {
Expand Down
11 changes: 11 additions & 0 deletions test/protocol/SequentialCommitHandlerTest.js
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,17 @@ describe("IBosonSequentialCommitHandler", function () {
});
});

context("📋 Constructor", async function () {
it("Deployment fails if wrapped native address is 0", async function () {
const sequentialCommitFactory = await getContractFactory("SequentialCommitHandlerFacet");

await expect(sequentialCommitFactory.deploy(ZeroAddress)).to.revertedWithCustomError(
bosonErrors,
RevertReasons.INVALID_ADDRESS
);
});
});

// All supported Sequential commit methods
context("📋 Sequential Commit Methods", async function () {
beforeEach(async function () {
Expand Down
7 changes: 4 additions & 3 deletions test/util/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -494,9 +494,10 @@ async function setupTestEnvironment(contracts, { bosonTokenAddress, forwarderAdd
];

const facetsToDeploy = await getFacetsWithArgs(facetNames, protocolConfig);
facetsToDeploy["SequentialCommitHandlerFacet"].constructorArgs[0] = wethAddress || ZeroAddress; // update only weth address
facetsToDeploy["PriceDiscoveryHandlerFacet"].constructorArgs[0] = wethAddress || ZeroAddress; // update only weth address

if (wethAddress) {
facetsToDeploy["SequentialCommitHandlerFacet"].constructorArgs[0] = wethAddress; // update only weth address
facetsToDeploy["PriceDiscoveryHandlerFacet"].constructorArgs[0] = wethAddress; // update only weth address
}
// Cut the protocol handler facets into the Diamond
await deployAndCutFacets(await protocolDiamond.getAddress(), facetsToDeploy, maxPriorityFeePerGas);

Expand Down