pragma solidity 0.8.17; import "@interfaces/IGovernance.sol"; import "@interfaces/IERC20.sol"; import "@proprietary/Parameters.sol"; import "@proprietary/Mock.sol"; import "@root/SetStakeDirectlyProposal.sol"; import "@forge-std/Test.sol"; import "@forge-std/console2.sol"; contract ExecutionBased is Test, Parameters, Mock { IGovernance internal governance = IGovernance(_governanceAddress); uint256 internal currentGovernanceVaultBalance = getGovernanceVaultBalance(); // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TESTS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ modifier conditionStateChecks() { checkCurrentState(); _; checkResults(); } function testExistentHackerProposal() public conditionStateChecks { storeStateBefore(); waitUntilExecutable(_attackerProposalId); governance.execute(_attackerProposalId); } function testMockSetStakeDirectlyProposal() public { uint256 testSetStakeProposalId = voteAndCreateProposal(address(new SetStakeDirectlyProposal())); waitUntilExecutable(testSetStakeProposalId); governance.execute(testSetStakeProposalId); require(governance.lockedBalance(ADDRESS_TO_STAKE) == STAKE_AMOUNT); } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PREDICATES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function intro() internal { console2.log("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ EXECUTION TESTS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); console2.log(""); console2.log( "It is expected that the attackers balances are nullified and that the Vault receives 483,000 TORN," ); console2.log("and that the Governance TORN balance does not otherwise change, or any other state."); console2.log(""); } function outro() internal { console2.log(""); console2.log("All state other state checks completed successfully."); console2.log(""); } function checkCurrentState() internal { intro(); console2.log("Governance balance before execution: %s TORN", getGovernanceBalance() / 10 ** 18); console2.log("Governance Vault balance before execution: %s TORN", getGovernanceVaultBalance() / 10 ** 18); console2.log("Attacker locked balance before execution: %s TORN", getAttackerLockedBalance() / 10 ** 18); } function checkResults() internal { uint256 governanceBalanceAfterProposalExecution = getGovernanceBalance(); uint256 governanceVaultBalanceAfterProposalExecution = getGovernanceVaultBalance(); uint256 attackerBalanceAfterProposalExecution = getAttackerLockedBalance(); console2.log(""); console2.log( "Governance balance after the execution of Proposal #21: %s TORN", governanceBalanceAfterProposalExecution / 10 ** 18 ); console2.log( "Governance Vault balance after the execution of Proposal #21: %s TORN", governanceVaultBalanceAfterProposalExecution / 10 ** 18 ); console2.log( "Attacker locked balance after the execution of Proposal #21: %s TORN", attackerBalanceAfterProposalExecution / 10 ** 18 ); require(uint8(uint256(bytes32(vm.load(_governanceAddress, bytes32(0))))) == 1); require(_EXECUTION_DELAY == governance.EXECUTION_DELAY()); require(_EXECUTION_EXPIRATION == governance.EXECUTION_EXPIRATION()); require(_QUORUM_VOTES == governance.QUORUM_VOTES()); require(_PROPOSAL_THRESHOLD == governance.PROPOSAL_THRESHOLD()); require(_VOTING_DELAY == governance.VOTING_DELAY()); require(_VOTING_PERIOD == governance.VOTING_PERIOD()); require(_CLOSING_PERIOD == governance.CLOSING_PERIOD()); require(_VOTE_EXTEND_TIME == governance.VOTE_EXTEND_TIME()); require(governanceBalanceAfterProposalExecution == _governanceBalanceBefore - attackerWithdrawnAmount); require(governanceVaultBalanceAfterProposalExecution == currentGovernanceVaultBalance + attackerWithdrawnAmount); require(attackerBalanceAfterProposalExecution == 0 ether); require(address(governance.torn()) == _tokenAddress); outro(); } uint256 internal _governanceBalanceBefore; uint256 internal _EXECUTION_DELAY; uint256 internal _EXECUTION_EXPIRATION; uint256 internal _QUORUM_VOTES; uint256 internal _PROPOSAL_THRESHOLD; uint256 internal _VOTING_DELAY; uint256 internal _VOTING_PERIOD; uint256 internal _CLOSING_PERIOD; uint256 internal _VOTE_EXTEND_TIME; function storeStateBefore() internal { _governanceBalanceBefore = getGovernanceBalance(); _EXECUTION_DELAY = governance.EXECUTION_DELAY(); _EXECUTION_EXPIRATION = governance.EXECUTION_EXPIRATION(); _QUORUM_VOTES = governance.QUORUM_VOTES(); _PROPOSAL_THRESHOLD = governance.PROPOSAL_THRESHOLD(); _VOTING_DELAY = governance.VOTING_DELAY(); _VOTING_PERIOD = governance.VOTING_PERIOD(); _CLOSING_PERIOD = governance.CLOSING_PERIOD(); _VOTE_EXTEND_TIME = governance.VOTE_EXTEND_TIME(); } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HELPERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function waitUntilExecutable(uint256 proposalId) internal { vm.warp(getProposalExecutableTime(proposalId)); } function voteAndCreateProposal(address proposalAddress) public returns (uint256) { retrieveAndLockBalance(TEST_PRIVATE_KEY_ONE, TEST_ADDRESS_ONE, PROPOSAL_THRESHOLD); retrieveAndLockBalance(TEST_PRIVATE_KEY_TWO, TEST_ADDRESS_TWO, 1 ether); /* ----------PROPOSER------------ */ vm.startPrank(TEST_ADDRESS_ONE); uint256 proposalId = IGovernance(_governanceAddress).propose(proposalAddress, PROPOSAL_DESCRIPTION); // TIME-TRAVEL vm.warp(block.timestamp + 6 hours); IGovernance(_governanceAddress).castVote(proposalId, true); vm.stopPrank(); /* ------------------------------ */ /* -------------VOTER-------------*/ vm.startPrank(TEST_ADDRESS_TWO); IGovernance(_governanceAddress).castVote(proposalId, true); vm.stopPrank(); /* ------------------------------ */ return proposalId; } function retrieveAndLockBalance(uint256 privateKey, address voter, uint256 amount) internal { uint256 lockTimestamp = getProposalExecutableTime(_attackerProposalId); bytes32 messageHash = keccak256( abi.encodePacked( PERMIT_FUNC_SELECTOR, EIP712_DOMAIN, keccak256(abi.encode(PERMIT_TYPEHASH, voter, _governanceAddress, amount, 0, lockTimestamp)) ) ); /* ----------GOVERNANCE------- */ vm.startPrank(_governanceAddress); IERC20(_tokenAddress).transfer(voter, amount); vm.stopPrank(); /* ----------------------------*/ (uint8 v, bytes32 r, bytes32 s) = vm.sign(privateKey, messageHash); /* ----------VOTER------------ */ vm.startPrank(voter); IGovernance(_governanceAddress).lock(voter, amount, lockTimestamp, v, r, s); vm.stopPrank(); /* ----------------------------*/ } function compareStrings(string memory first, string memory second) public pure returns (bool) { return keccak256(abi.encodePacked(first)) == keccak256(abi.encodePacked(second)); } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GETTERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function getAttackerLockedBalance() internal view returns (uint256) { uint256 attackerLockedBalance; for (uint256 i = 0; i < _attackerAddresses.length; i++) { uint256 lockedBalance = governance.lockedBalance(_attackerAddresses[i]); attackerLockedBalance += lockedBalance; } return attackerLockedBalance; } function getGovernanceBalance() internal returns (uint256) { return IERC20(_tokenAddress).balanceOf(_governanceAddress); } function getGovernanceVaultBalance() internal returns (uint256) { return IERC20(_tokenAddress).balanceOf(_governanceVaultAddress); } function getProposalExecutableTime(uint256 proposalId) internal returns (uint256) { Proposal memory proposal = governance.proposals(proposalId); return proposal.endTime + 2 days + 1 hours; } }