Skip to content

bEsPoKeN-tOkEns/token-tester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits

.github/workflows

.github/workflows

 
 

lib

lib

 
 

src

src

 
 

test

test

 
 

.env

.env

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

foundry.toml

foundry.toml

 
 

htmltemplate.py

htmltemplate.py

 
 

remappings.txt

remappings.txt

 
 

runner.py

runner.py

 
 

script.sh

script.sh

 
 

Repository files navigation

Token Tester

Test a variety of unconventional tokens against your smart contracts

"Wow, it's just a modifier? Now that's ergonomic"

-chad dev

image

"What do you mean you only tested with USDC?"

-anon anime-pfp

Get Started & Usage

Install token-tester:

forge install bespoken-tokens/token-tester

Decorate your test functions with the TokenTester modifier(s)

import "forge-std/Test.sol";

// ------ Import TokenTester ------
import {TokenTester} from "token-tester/TokenTester.sol";

// ------ Inherit the TokenTester contract ------
contract ExampleTest is Test, TokenTester {
    function setUp() public {
        // initialize your contract
    }
    
    // ------ Decorate your test with `usesERC20TokenTester`                       ------
    // ------ The test is executed 22 times, each time with a different test token ------
    function testDeposit() public usesERC20TokenTester {
        deal(address(tokenTest), address(this), 100);
        
        // use the inherited `tokenTest` (an ERC20) against the contracts
        myContract.deposit(address(tokenTest), 100);
        
        // perform typical assertions
    }
}

Enable token tester when running Foundry unit tests:

TOKEN_TEST=true forge test --ffi

Example report.html:

Screenshot 2023-03-03 at 10 35 01 AM

Why Token Tester is Useful

Developers face the challenge of unknowingly interfacing with miscompliant tokens.

Hundreds1 of2 thousands3 of4 dollars5 in audits and bug bounties have been paid out for logical errors regarding token integrations. ERC standards are a growing list, now comprised of ERC-20, ERC-721, ERC-777, and ERC-4626 with more standards pending.

Token Tester provides a suite of bespoke tokens that encompass this range of standards and more, including tokens with fee-on-transfer logic, tokens with re-entrancy vulnerabilities, and tokens with malicious implementations.

Token Pool:

Our full catalog of tokens can be found here:

  • weird-erc20
  • More soon, which includes actually-deployed contracts

Use Cases

Token Tester can be used in a variety of scenarios, including:

  • Whitelist collateral tokens - Understand how your protocol may behave when choosing to whitelist a new token standard

  • Deposit accounting - Confirm that tokens sporting fee-on-transfer are accounted for correctly

  • Vault reward emissions - Safely distribute rewards to users through vault emissions and be confident your re-entrancy guards work as expected

  • Swap rebasing economics - Ensure that rebasing token economics are handled correctly in your AMM

TODO:cite AMP rebasing swap event

Future Work

Token Tester was started as a hackathon project for ETHDenver 2023. If useful, our intention is to expand our token-standards (to include ERC-721, ERC-1155, ERC-777, and ERC-4626)

We also hope to procure deployed tokens to expand the Token Test Pool

Footnotes

  1. prePO / approval-to-zero

  2. 88mph / fee-on-transfer

  3. Caviar / reentrancy via ERC-777

  4. Rari Fuse / reentrancy via cETH

  5. Sushi Trident / incorrectly handling EIP-2612 Permit

About

Use cursed ERC20s in foundry unit tests

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

149 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages