Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test - Empty Beneficiaries on Withdraw #16

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Test - Empty Beneficiaries on Withdraw #16

wants to merge 19 commits into from

Conversation

gnumonik
Copy link

@gnumonik gnumonik commented Dec 13, 2022
edited by cstml
Loading

Description

The tests generated in this PR result from modifying the Happy path test generator such that a single (arbitrarily chosen) withdrawal transaction in the generated Tx sequence is submitted with an empty list in the redeemer, yet is otherwise valid.

The relevant functions used to implement these tests are located in Generators.hs:

-- modifies a random element then removes the subsequent elements, 
-- used to ensure the cause of the error is in the modified withdrawal configuration object 
overRandomElemCut :: (a -> a) -> [a] -> Gen [a]
overRandomElemCut f as = do
  i <- chooseInt (0,length as - 1)
  let a  = as !! i
      a' = f a
  pure . take (i+1) $ set (ix i) a' as

overRandomWithdrawConfigCut :: (WithdrawConfig -> WithdrawConfig) -> TestConfig -> Gen TestConfig
overRandomWithdrawConfigCut f (d,ws) = overRandomElemCut f ws >>= \ws' -> pure (d,ws')

emptySignersInWithdrawals :: TestConfig -> Gen TestConfig
emptySignersInWithdrawals = overRandomWithdrawConfigCut $ \w -> w {signers = []}

As expected, each generated Tx sequence fails with a New Beneficiaries are empty error.

These tests support our hypothesis that funds cannot be locked forever at the script address by submitting a transaction with a redeemer containing an empty list of PubKeyHashs.

Conclusion

The above hypothesis proves to hold - therefore no vulnerability was found.

IAmPara0x and others added 19 commits November 25, 2022 16:34
@IAmPara0x
add simple psm test for vesting
9d21cdb
@IAmPara0x
flake
b3a05a2
@IAmPara0x
flake
9bfd7f8
@IAmPara0x
flake
29e5556
@IAmPara0x
flake
83388e7
@IAmPara0x
flake
a409eca
@IAmPara0x
Complete adding nix flake and plutip
9ef395d
@gnumonik
Minor changes to flake to support HLS, modified cabal.project for PSM…
43180c2 
…, started working on a simple test contract to familiarize myself with PSM changes + validator logic
@gnumonik
Helper functions & utilities to facilitate quickly writing many PSM t…
3978a31 
…ests
@gnumonik
Implemented happy path test generator
4a538e6
@gnumonik
Modified test generator to account for changing beneficiaries during …
9cb708f 
…the course of the contract. Something is still slightly broken, getting 'Datum modified' errors when I believe I shouldn't be
@gnumonik
Got test generator working w/ changing beneficiaries
e1873fb
@gnumonik
reorganized modules
9ca7493
@gnumonik
forgot to commit a module
9791af7
@gnumonik
implemented infrastructure for a few negative tests
1ec7e60
@gnumonik
Added shouldFail tests for early withdrawals
ee495ef
@gnumonik
added shouldFail empty beneficiaries on input tests
7ae5eb5
@gnumonik
Implemented shouldFail tests for empty beneficiaries in withdrawals
b36f3a7
@gnumonik
improved empty beneficiaries test
496ecc2
@cstml cstml added the audit label Dec 13, 2022
This was referenced Dec 13, 2022
Open
Open
@cstml cstml changed the title Empty beneficiaries on withdraw Test - Empty Beneficiaries on Withdraw Dec 14, 2022
@cstml cstml mentioned this pull request Dec 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
audit hypothesis-holds
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gnumonik @cstml @IAmPara0x