checkpoint: add Vault 01 and 02

Signed-off-by: Elliot <elliotfriedman3@gmail.com>

Author: ElliotFriedman

README.md

@@ -7,15 +7,12 @@ This workshop will walk you through the basics of securing smart contracts by te
 In this workshop we will be protecting a governance heavy application from the consequences of malicious upgrades and or deployment scripts.
 
 ## Bug Types
-- **Deployment** - Incorrect parameters, caught with a validation
-- **Deployment** - Incorrect parameters, caught with an integration test
+- **Deployment** - Incorrect parameters, caught with a validation 
+- **Deployment** - Incorrect parameters, caught with an integration test ✓
 ****
 - **Upgrade** - Storage offset changes, caught with an integration test, also caught with a validation
 - **Upgrade** - Logic error, caught with an integration test
 ****
-- **New contract** - Logic error, caught with formal verification
-- **New contract** - Vulnerable to DoS vector, caught with static analysis
-- **New contract** - Vulnerable to arbitrary calldata and targets, caught with static analysis
 
 ### Further Reading
 

src/examples/00/REQUIREMENTS.md

@@ -1,6 +1,6 @@
 # Overview
 
-The business team needs a simple contract that allows swapping between various different tokens of the same value. This is a peg stability module that allows users to deposit one asset, and withdraw another of the same value. It does not use chainlink and assumes price parity of all assets. There are no swap fees, and LP deposit then withdraw to swap.
+The business team needs a simple contract that allows swapping between various different tokens of the same value. This is a peg stability module that allows users to deposit one asset, and withdraw another of the same value. It does not use chainlink and assumes price parity of all assets. There are no swap fees, and LP's deposit then withdraw to swap.
 
 Create a contract that allows users to deposit any of the supported tokens, and withdraw any of the supported tokens.
 

src/examples/00/Vault.sol renamed to src/examples/00/Vault00.sol

@@ -0,0 +1,5 @@
+# Overview
+
+The first round of security reviews was conducted by an external security firm. The results were pretty bad for such a simple contract, and the CTO is livid. You show up to the meeting and get yelled at for writing such bad code. The CTO is demanding you fix the code immediately. They refused to give you the findings, so you're on your own.
+
+Good luck.

src/examples/01/REQUIREMENTS.md

@@ -0,0 +1,4 @@
+# Vault Test Cases
+
+- decimal scaling logic is correct
+- multiple users deposit, each with different tokens, and withdraw different tokens than deposited

src/examples/01/TESTS.md

@@ -0,0 +1,124 @@
+pragma solidity 0.8.25;
+
+import {IERC20Metadata} from
+    "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
+import {SafeERC20} from
+    "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+
+contract Vault {
+    using SafeERC20 for IERC20;
+
+    /// @notice Mapping of authorized tokens
+    mapping(address => bool) public authorizedToken;
+
+    /// @notice User's balance of all tokens deposited in the vault
+    mapping(address => uint256) public balanceOf;
+
+    /// @notice Total amount of tokens supplied to the vault
+    ///
+    /// invariants:
+    ///      totalSupplied = sum(balanceOf all users)
+    ///      sum(balanceOf(vault) authorized tokens) >= totalSupplied
+    ///
+    uint256 public totalSupplied;
+
+    /// @notice Deposit event
+    /// @param token The token deposited
+    /// @param sender The address that deposited the token
+    /// @param amount The amount deposited
+    event Deposit(
+        address indexed token, address indexed sender, uint256 amount
+    );
+
+    /// @notice Withdraw event
+    /// @param token The token withdrawn
+    /// @param sender The address that withdrew the token
+    /// @param amount The amount withdrawn
+    event Withdraw(
+        address indexed token, address indexed sender, uint256 amount
+    );
+
+    /// @notice Construct the vault with a list of authorized tokens
+    /// @param _tokens The list of authorized tokens
+    constructor(address[] memory _tokens) {
+        for (uint256 i = 0; i < _tokens.length; i++) {
+            require(
+                IERC20Metadata(_tokens[i]).decimals() <= 18,
+                "unsupported decimals"
+            );
+            authorizedToken[_tokens[i]] = true;
+        }
+    }
+
+    /// @notice Deposit tokens into the vault
+    /// @param token The token to deposit, only authorized tokens allowed
+    /// @param amount The amount to deposit
+    function deposit(address token, uint256 amount) external {
+        require(authorizedToken[token], "Vault: token not authorized");
+
+        uint256 normalizedAmount = getNormalizedAmount(token, amount);
+
+        /// save on gas by using unchecked, no need to check for overflow
+        /// as all deposited tokens are whitelisted
+        unchecked {
+            balanceOf[msg.sender] += normalizedAmount;
+        }
+
+        totalSupplied += normalizedAmount;
+
+        IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
+
+        emit Deposit(token, msg.sender, amount);
+    }
+
+    /// @notice Withdraw tokens from the vault
+    /// @param token The token to withdraw, only authorized tokens are allowed
+    /// this is implicitly checked because a user can only have a balance of an
+    /// authorized token
+    /// @param amount The amount to withdraw
+    function withdraw(address token, uint256 amount) external {
+        require(authorizedToken[token], "Vault: token not authorized");
+
+        uint256 normalizedAmount = getNormalizedAmount(token, amount);
+
+        /// both a check and an effect, ensures user has sufficient funds for
+        /// withdrawal
+        /// must be checked for underflow as a user can only withdraw what they
+        /// have deposited
+        balanceOf[msg.sender] -= normalizedAmount;
+
+        /// save on gas by using unchecked, no need to check for underflow
+        /// as all deposited tokens are whitelisted, plus we know our invariant
+        /// always holds
+        unchecked {
+            totalSupplied -= normalizedAmount;
+        }
+
+        IERC20(token).safeTransfer(msg.sender, amount);
+
+        emit Withdraw(token, msg.sender, amount);
+    }
+
+    /// @notice public for testing purposes, returns the normalized amount of
+    /// tokens scaled to 18 decimals
+    /// @param token The token to deposit
+    /// @param amount The amount to deposit
+    function getNormalizedAmount(address token, uint256 amount)
+        public
+        view
+        returns (uint256 normalizedAmount)
+    {
+        uint8 decimals = IERC20Metadata(token).decimals();
+        if (decimals < 18) {
+            /// scale the amount to 18 decimals
+            /// unchecked because we know that the product will always be less
+            /// than 2^256-1 as 1e18 = $1
+            unchecked {
+                normalizedAmount = amount * (10 ** (18 - decimals));
+            }
+        } else if (decimals > 18) {
+            revert("Vault: unsupported decimals over 18");
+        }
+    }
+}

src/examples/01/Vault01.sol

@@ -0,0 +1,6 @@
+# Overview
+
+New requirements have been added.
+
+The contract needs a way for an owner to add and remove tokens from the whitelisted tokens list. You counter and say that the complexity of adding removal logic would greatly increase the attack surface of the contract. The business team agrees to cut the removal logic, but they still want to be able to add tokens to the whitelist after deployment.
+

src/examples/02/REQUIREMENTS.md

@@ -0,0 +1,4 @@
+# Vault Test Cases
+
+- decimal scaling logic is correct
+- multiple users deposit, each with different tokens, and withdraw different tokens than deposited

src/examples/02/TESTS.md

@@ -0,0 +1,157 @@
+pragma solidity 0.8.25;
+
+import {IERC20Metadata} from
+    "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
+import {SafeERC20} from
+    "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+
+contract Vault is Ownable {
+    using SafeERC20 for IERC20;
+
+    /// @notice Mapping of authorized tokens
+    mapping(address => bool) public authorizedToken;
+
+    /// @notice User's balance of all tokens deposited in the vault
+    mapping(address => uint256) public balanceOf;
+
+    /// @notice Total amount of tokens supplied to the vault
+    ///
+    /// invariants:
+    ///      totalSupplied = sum(balanceOf all users)
+    ///      sum(balanceOf(vault) authorized tokens) >= totalSupplied
+    ///
+    uint256 public totalSupplied;
+
+    /// @notice Deposit event
+    /// @param token The token deposited
+    /// @param sender The address that deposited the token
+    /// @param amount The amount deposited
+    event Deposit(
+        address indexed token, address indexed sender, uint256 amount
+    );
+
+    /// @notice Withdraw event
+    /// @param token The token withdrawn
+    /// @param sender The address that withdrew the token
+    /// @param amount The amount withdrawn
+    event Withdraw(
+        address indexed token, address indexed sender, uint256 amount
+    );
+
+    event TokenAdded(address indexed token);
+
+    /// @notice Construct the vault with a list of authorized tokens
+    /// @param _tokens The list of authorized tokens
+    constructor(address[] memory _tokens, address _owner) Ownable(_owner) {
+        for (uint256 i = 0; i < _tokens.length; i++) {
+            require(
+                IERC20Metadata(_tokens[i]).decimals() <= 18,
+                "Vault: unsupported decimals"
+            );
+
+            authorizedToken[_tokens[i]] = true;
+
+            emit TokenAdded(_tokens[i]);
+        }
+    }
+
+    /// -------------------------------------------------------------
+    /// -------------------------------------------------------------
+    /// -------------------- ONLY OWNER FUNCTION --------------------
+    /// -------------------------------------------------------------
+    /// -------------------------------------------------------------
+
+    /// @notice Add a token to the list of authorized tokens
+    /// only callable by the owner
+    /// @param token to add
+    function addToken(address token) external onlyOwner {
+        require(
+            IERC20Metadata(token).decimals() <= 18,
+            "Vault: unsupported decimals"
+        );
+        require(!authorizedToken[token], "Vault: token already authorized");
+
+        authorizedToken[token] = true;
+
+        emit TokenAdded(token);
+    }
+
+    /// -------------------------------------------------------------
+    /// -------------------------------------------------------------
+    /// ----------------- PUBLIC MUTATIVE FUNCTIONS -----------------
+    /// -------------------------------------------------------------
+    /// -------------------------------------------------------------
+
+    /// @notice Deposit tokens into the vault
+    /// @param token The token to deposit, only authorized tokens allowed
+    /// @param amount The amount to deposit
+    function deposit(address token, uint256 amount) external {
+        require(authorizedToken[token], "Vault: token not authorized");
+
+        uint256 normalizedAmount = getNormalizedAmount(token, amount);
+
+        /// save on gas by using unchecked, no need to check for overflow
+        /// as all deposited tokens are whitelisted
+        unchecked {
+            balanceOf[msg.sender] += normalizedAmount;
+        }
+
+        totalSupplied += normalizedAmount;
+
+        IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
+
+        emit Deposit(token, msg.sender, amount);
+    }
+
+    /// @notice Withdraw tokens from the vault
+    /// @param token The token to withdraw, only authorized tokens are allowed
+    /// this is implicitly checked because a user can only have a balance of an
+    /// authorized token
+    /// @param amount The amount to withdraw
+    function withdraw(address token, uint256 amount) external {
+        require(authorizedToken[token], "Vault: token not authorized");
+
+        uint256 normalizedAmount = getNormalizedAmount(token, amount);
+
+        /// both a check and an effect, ensures user has sufficient funds for
+        /// withdrawal
+        /// must be checked for underflow as a user can only withdraw what they
+        /// have deposited
+        balanceOf[msg.sender] -= normalizedAmount;
+
+        /// save on gas by using unchecked, no need to check for underflow
+        /// as all deposited tokens are whitelisted, plus we know our invariant
+        /// always holds
+        unchecked {
+            totalSupplied -= normalizedAmount;
+        }
+
+        IERC20(token).safeTransfer(msg.sender, amount);
+
+        emit Withdraw(token, msg.sender, amount);
+    }
+
+    /// --------------------------------------------------------
+    /// --------------------------------------------------------
+    /// ----------------- PUBLIC VIEW FUNCTION -----------------
+    /// --------------------------------------------------------
+    /// --------------------------------------------------------
+
+    /// @notice public for testing purposes, returns the normalized amount of
+    /// tokens scaled to 18 decimals
+    /// @param token The token to deposit
+    /// @param amount The amount to deposit
+    function getNormalizedAmount(address token, uint256 amount)
+        public
+        view
+        returns (uint256 normalizedAmount)
+    {
+        uint8 decimals = IERC20Metadata(token).decimals();
+        normalizedAmount = amount;
+        if (decimals < 18) {
+            normalizedAmount = amount * (10 ** (18 - decimals));
+        }
+    }
+}

src/examples/02/Vault02.sol

@@ -5,7 +5,7 @@ import {GovernorBravoProposal} from
     "@forge-proposal-simulator/src/proposals/GovernorBravoProposal.sol";
 import {Addresses} from "@forge-proposal-simulator/addresses/Addresses.sol";
 
-import {Vault} from "src/examples/00/Vault.sol";
+import {Vault} from "src/examples/00/Vault00.sol";
 import {MockToken} from "@mocks/MockToken.sol";
 import {ForkSelector, ETHEREUM_FORK_ID} from "@test/utils/Forks.sol";