test(forge-oracle): verify attacker signing for admin address is rejected#1
Open
Markodiba6399 wants to merge 3 commits into
Open
test(forge-oracle): verify attacker signing for admin address is rejected#1Markodiba6399 wants to merge 3 commits into
Markodiba6399 wants to merge 3 commits into
Conversation
Add requirements, design, and tasks for optional start_time parameter in ForgeVesting::initialize(). Allows deployers to pre-schedule a future vesting start rather than always starting at deployment time. Past timestamps are rejected with InvalidConfig.
… gaps - Create 5 proposals in sequence - Assert returned IDs are exactly [0, 1, 2, 3, 4] - Assert get_proposal_count() returns 5 - Assert get_proposal(0..4) all return valid proposals with correct proposer - Assert get_proposal(5) returns ProposalNotFound
…cted Add test_attacker_signing_for_admin_address_is_rejected which covers the two-phase auth scenario for initialize(): Phase 1 — attacker mocks auth for the admin address but is not that address; admin.require_auth() fails because attacker did not sign for admin. Phase 2 — real admin mocks auth for their own address; require_auth() succeeds and get_admin() returns admin, not attacker. The existing test_initialize_admin_must_sign_for_supplied_address covers a caller nominating a third-party without that party's signature. This new test covers the complementary case: an attacker explicitly forging the admin's auth and still being rejected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
test_attacker_signing_for_admin_address_is_rejectedto the forge-oracle test suite.Motivation
The existing
test_initialize_admin_must_sign_for_supplied_addresscovers a caller nominating a third-party address without that party's signature. No test covered the complementary scenario: an attacker explicitly forging the admin's auth (i.e.mock_authswithaddress: &attackerbut passing&adminas the initialize argument) and still being rejected.What this test does
Phase 1 (attacker): Mocks auth as
attackersigning for aninitializecall that passesadminas the admin argument.admin.require_auth()fails becauseattackerdid not sign foradmin. Assertstry_initializereturnsErr.Phase 2 (admin): Mocks auth as
adminsigning for their own address.require_auth()is satisfied. Assertstry_initializereturnsOk.Post-init: Asserts
get_admin() == adminandget_admin() != attacker.Notes
mock_all_auths()used anywhere in the testtest_get_price_reverts_if_staleness_threshold_missing,test_transfer_admin_new_admin_can_submit_old_admin_cannot) are unrelated to this change and fail onmainas well