-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: initialize echidna for fuzz testing #208
Conversation
Co-authored-by: lumtis <[email protected]>
Co-authored-by: lumtis <[email protected]>
Co-authored-by: lumtis <[email protected]>
WalkthroughThis update primarily enhances testing and code management. It introduces Changes
Sequence Diagram(s)sequenceDiagram
participant Developer
participant ERC20CustodyNew
participant GatewayEVM
Note right of Developer: Setup Echidna Testing
Developer->>ERC20CustodyNew: Call withdrawAndCall as public
Developer->>GatewayEVM: Deploy and setup initial custody
GatewayEVM-->Developer: Error if custody already initialized
Developer->>Echidna: Configure and run tests
Echidna->>ERC20CustodyNew&GatewayEVM: Test fuzz cases
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
@coderabbitai full review |
Actions performedFull review triggered. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #208 +/- ##
===========================================
- Coverage 59.25% 48.09% -11.17%
===========================================
Files 31 31
Lines 1048 1048
Branches 262 263 +1
===========================================
- Hits 621 504 -117
- Misses 427 544 +117 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Files ignored due to path filters (8)
pkg/contracts/prototypes/evm/erc20custodynew.sol/erc20custodynew.go
is excluded by!pkg/**
pkg/contracts/prototypes/evm/gatewayevm.sol/gatewayevm.go
is excluded by!pkg/**
typechain-types/contracts/prototypes/evm/ERC20CustodyNewEchidnaTest.ts
is excluded by!typechain-types/**
typechain-types/contracts/prototypes/evm/GatewayEVMEchidnaTest.ts
is excluded by!typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ERC20CustodyNewEchidnaTest__factory.ts
is excluded by!typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ERC20CustodyNew__factory.ts
is excluded by!typechain-types/**
typechain-types/factories/contracts/prototypes/evm/GatewayEVMEchidnaTest__factory.ts
is excluded by!typechain-types/**
typechain-types/factories/contracts/prototypes/evm/GatewayEVM__factory.ts
is excluded by!typechain-types/**
Files selected for processing (8)
- .eslintignore (1 hunks)
- .gitignore (1 hunks)
- contracts/prototypes/evm/ERC20CustodyNew.sol (1 hunks)
- contracts/prototypes/evm/GatewayEVM.sol (4 hunks)
- echidna.yaml (1 hunks)
- test/fuzz/ERC20CustodyNewEchidnaTest.sol (1 hunks)
- test/fuzz/GatewayEVMEchidnaTest.sol (1 hunks)
- test/fuzz/readme.md (1 hunks)
Additional context used
Path-based instructions (5)
test/fuzz/readme.md (1)
Pattern
test/**
: Review the test files for proper coverage, edge cases, and best practices.test/fuzz/GatewayEVMEchidnaTest.sol (1)
Pattern
test/**
: Review the test files for proper coverage, edge cases, and best practices.test/fuzz/ERC20CustodyNewEchidnaTest.sol (1)
Pattern
test/**
: Review the test files for proper coverage, edge cases, and best practices.contracts/prototypes/evm/ERC20CustodyNew.sol (1)
Pattern
contracts/**
: Review the Solidity contracts for security vulnerabilities and best practices.contracts/prototypes/evm/GatewayEVM.sol (1)
Pattern
contracts/**
: Review the Solidity contracts for security vulnerabilities and best practices.
yamllint
echidna.yaml
[error] 4-4: trailing spaces
(trailing-spaces)
[error] 5-5: trailing spaces
(trailing-spaces)
[error] 6-6: no new line character at the end of file
(new-line-at-end-of-file)
Markdownlint
test/fuzz/readme.md
3-3: null
Fenced code blocks should have a language specified(MD040, fenced-code-language)
10-10: null
Fenced code blocks should have a language specified(MD040, fenced-code-language)
13-13: null
Files should end with a single newline character(MD047, single-trailing-newline)
Additional comments not posted (15)
.eslintignore (1)
7-8
: LGTM!The additions of
docs
andcrytic-export
directories to the ignore list are appropriate..gitignore (1)
33-35
: LGTM!The additions of
abi
andcrytic-export
directories to the ignore list are appropriate.test/fuzz/GatewayEVMEchidnaTest.sol (5)
1-5
: Imports look good.The necessary modules and libraries are imported correctly.
7-8
: Ensure proper usage of SafeERC20.The
SafeERC20
library is used, which is good for preventing common ERC20 pitfalls.
10-11
: State variable initialization.The state variables are initialized correctly. Ensure
echidnaCaller
is properly set during tests.
13-17
: Constructor initialization logic.The constructor initializes the contract correctly. Ensure that
initialize
andnew
calls are functioning as expected.
19-26
: Test function for ERC20 execution.The test function
testExecuteWithERC20
is well-structured. Ensure that the minting and execution logic works as intended.test/fuzz/ERC20CustodyNewEchidnaTest.sol (5)
1-5
: Imports look good.The necessary modules and libraries are imported correctly.
7-8
: Ensure proper usage of SafeERC20.The
SafeERC20
library is used, which is good for preventing common ERC20 pitfalls.
10-11
: State variable initialization.The state variables are initialized correctly. Ensure
echidnaCaller
is properly set during tests.
13-19
: Constructor initialization logic.The constructor initializes the contract correctly. Ensure that
initialize
andsetCustody
calls are functioning as expected.
21-31
: Test function for withdraw and call.The test function
testWithdrawAndCall
is well-structured. Ensure that the minting, transferring, and withdrawal logic works as intended.contracts/prototypes/evm/ERC20CustodyNew.sol (1)
41-41
: Visibility change ofwithdrawAndCall
.Changing the visibility from
external
topublic
allows the function to be called internally, which might be necessary for testing or other internal logic. Ensure that this change does not introduce any security vulnerabilities.contracts/prototypes/evm/GatewayEVM.sol (2)
21-21
: New error typeCustodyInitialized
.The new error type
CustodyInitialized
is defined to handle reinitialization errors. Ensure that this error is used correctly in the contract.
138-138
: Visibility change ofsetCustody
.Changing the visibility from
external
topublic
allows the function to be called internally, which might be necessary for testing or other internal logic. Ensure that this change does not introduce any security vulnerabilities.
testLimit: 50000 | ||
seqLen: 10000 | ||
allContracts: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix trailing spaces and add a newline at the end of the file.
There are trailing spaces on lines 4 and 5, and the file is missing a newline at the end.
- testLimit: 50000
- seqLen: 10000
+ testLimit: 50000
+ seqLen: 10000
+
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
testLimit: 50000 | |
seqLen: 10000 | |
allContracts: false | |
testLimit: 50000 | |
seqLen: 10000 | |
allContracts: false | |
Tools
yamllint
[error] 4-4: trailing spaces
(trailing-spaces)
[error] 5-5: trailing spaces
(trailing-spaces)
[error] 6-6: no new line character at the end of file
(new-line-at-end-of-file)
@@ -0,0 +1,13 @@ | |||
## Setup echidna | |||
|
|||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specify language for fenced code blocks and add a newline at the end of the file.
Fenced code blocks should have a language specified, and the file should end with a newline.
- ```
+ ```sh
- ```
+ ```sh
+
Also applies to: 10-10, 13-13
Tools
Markdownlint
3-3: null
Fenced code blocks should have a language specified(MD040, fenced-code-language)
I think using Foundry more is a good idea. What I still like about Hardhat is the ability to import and use TypeScript tools, we're using them for everything in tutorials: balances, faucet, transaction tracking, code generation. But I think Hardhat-Foundry plugin is a good middle-ground. |
@@ -38,7 +38,7 @@ contract ERC20CustodyNew is ReentrancyGuard{ | |||
// For this, it passes through the Gateway contract, it transfers the tokens to the Gateway contract and then calls the contract | |||
// TODO: Finalize access control | |||
// https://github.com/zeta-chain/protocol-contracts/issues/204 | |||
function withdrawAndCall(address token, address to, uint256 amount, bytes calldata data) external nonReentrant { | |||
function withdrawAndCall(address token, address to, uint256 amount, bytes calldata data) public nonReentrant { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under which circumstances is withdrawAndCall and executeWithERC20 be called from within ERC20CustodyNew? This impacts the amount of gas consumed by these functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by circumstances?
withdrawAndCall
is called by the TSS address when handling an outbound
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably will be clearer when we add access control
I don't have enough experience with Echidna yet to make a proper statement. I agree with the proposed hardhat-foundry usage, it's a good middle ground and the full migration can happen if everyone agrees about foundry being the best solution. Also, I'll be studying echidna so I can have informed opinions on it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
We don't need to be complete in this PR, just write the base.
foundry instead of hardhat: too much effort atm to migrate
What concrete work to migrate outside of rewriting the test and deployment scripts?
Also myaybe we can have both supported atm?
@@ -38,7 +38,7 @@ contract ERC20CustodyNew is ReentrancyGuard{ | |||
// For this, it passes through the Gateway contract, it transfers the tokens to the Gateway contract and then calls the contract | |||
// TODO: Finalize access control | |||
// https://github.com/zeta-chain/protocol-contracts/issues/204 | |||
function withdrawAndCall(address token, address to, uint256 amount, bytes calldata data) external nonReentrant { | |||
function withdrawAndCall(address token, address to, uint256 amount, bytes calldata data) public nonReentrant { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by circumstances?
withdrawAndCall
is called by the TSS address when handling an outbound
i think tests and scripts, probably not that much effort if we only do it for v2 |
We could also consider create entire new repo for v2 as the env is just completely different |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@skosito can we add instructions in the PR how it can be tested?
yes, i added a readme in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested the commands, looking good to me
to test:
Setup echidna
Execute contract tests
just simple tests for now, and instructions on how to run, once we agree on approach we can open more issues for adding more fuzz tests same way its started here
alternatives:
foundry has built in fuzz testing, and bunch of tools for better testing in general (for example cheatcodes: https://book.getfoundry.sh/forge/cheatcodes)
Summary by CodeRabbit
New Features
echidna.yaml
forcrytic-compile
configuration.ERC20CustodyNewEchidnaTest.sol
andGatewayEVMEchidnaTest.sol
for advanced testing.readme.md
.Bug Fixes
setCustody
function inGatewayEVM.sol
to prevent reinitialization.Refactor
withdrawAndCall
function visibility fromexternal
topublic
inERC20CustodyNew
.Chores
.eslintignore
and.gitignore
to includecrytic-export
directory.