Test for overflow in puppyraffle

[guyzilberblum]

Hey i wrote a diffrante test from patrick test to proof an over flow let me know what you think
"""

       function testOverFlows () public {
       address[] memory players = new address[](4);
       players[0] = playerOne;
       players[1] = playerTwo;
       players[2] = playerThree;
       players[3] = playerFour;
       puppyRaffle.enterRaffle{value: entranceFee * 4}(players);


       uint64 totalFees = 0;
       uint256 totalAmountCollected = players.length * entranceFee;
       uint256 prizePool = (totalAmountCollected * 80) / 100;
       uint256 fee = (totalAmountCollected * 20) / 100;
       uint64 totalfeesOverflow = 0;
       uint64 myVar = type(uint64).max;
       vm.warp(block.timestamp + duration + 1);
       vm.roll(block.number + 1);
       totalFees = totalFees + uint64(fee);
       totalfeesOverflow = totalfeesOverflow + myVar +1;

       puppyRaffle.selectWinner();
       console.log("max 64 uint", myVar);
       console.log("fee" ,fee);
       console.log("total fee", totalFees);
       console.log("this number should be zero" ,totalfeesOverflow);
    


}

"""

let me know what you think

[EngrPips]

function testOverFlows () public {
       address[] memory players = new address[](4);
       players[0] = playerOne;
       players[1] = playerTwo;
       players[2] = playerThree;
       players[3] = playerFour;
       puppyRaffle.enterRaffle{value: entranceFee * 4}(players);


       uint64 totalFees = 0;
       uint256 totalAmountCollected = players.length * entranceFee;
       uint256 prizePool = (totalAmountCollected * 80) / 100;
       uint256 fee = (totalAmountCollected * 20) / 100;
       uint64 totalfeesOverflow = 0;
       uint64 myVar = type(uint64).max;
       vm.warp(block.timestamp + duration + 1);
       vm.roll(block.number + 1);
       totalFees = totalFees + uint64(fee);
       totalfeesOverflow = totalfeesOverflow + myVar +1;

       puppyRaffle.selectWinner();
       console.log("max 64 uint", myVar);
       console.log("fee" ,fee);
       console.log("total fee", totalFees);
       console.log("this number should be zero" ,totalfeesOverflow);
}

[EngrPips]

I like the colors, which is why I re-formatted it; you can always format it as I did above by putting your block of code inside an upper three backticks () and a lower three backticks() and writing javascript or js immediately after the upper three backticks (`)

[guyzilberblum]

Thanks does the test is ok ?

…

On Tue, 7 May 2024 at 14:28 EngrPips ***@***.***> wrote: I like the colors that is why I re-formated it, you can always format it like I do above by using the below syntax <```javascript — Reply to this email directly, view it on GitHub <#173 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BHZOBILAMDIQR2CW5XLWJVTZBC3E7AVCNFSM6AAAAABHKXX5YCVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TGNBQGQ2TM> . You are receiving this because you authored the thread.Message ID: <Cyfrin/security-and-auditing-full-course-s23/repo-discussions/173/comments/9340456 @github.com>

[EngrPips]

When you run the test, did fees earned by the protocol overflow?

[guyzilberblum]

Basically I showed that if you add one to the maximum uint64 it will overflow the fee is casted at the contract so it will overflow so basically yea

…

On Tue, 7 May 2024 at 14:34 EngrPips ***@***.***> wrote: When you run the test, did fees earned by the protocol overflow? — Reply to this email directly, view it on GitHub <#173 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BHZOBILF6WUCYLUK35PH3NTZBC325AVCNFSM6AAAAABHKXX5YCVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TGNBQGUYTG> . You are receiving this because you authored the thread.Message ID: <Cyfrin/security-and-auditing-full-course-s23/repo-discussions/173/comments/9340513 @github.com>

[EngrPips]

Oh, I see, that seems correct, but doing it like that makes the quality of the finding subpar as you didn't make the fee of the protocol itself exceed the maximum value a uint64 can hold but instead just added the maximum value a uint64 can have to the current fee of the protocol. Regardless, you did a great job coming up with that.

[guyzilberblum]

Thanks a lot you helping a lot in my journey thanks for that

…

On Tue, 7 May 2024 at 14:39 EngrPips ***@***.***> wrote: Oh, I see, that seems correct, but doing it like that makes the quality of the finding subpar as you didn't make the fee of the protocol itself exceed the maximum value a uint64 can hold but instead just added the maximum value a uint64 can have to the current fee of the protocol. Regardless, you did a great job coming up with that. — Reply to this email directly, view it on GitHub <#173 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BHZOBIM2PLIMWXOZMK56J73ZBC4QVAVCNFSM6AAAAABHKXX5YCVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TGNBQGU4DS> . You are receiving this because you authored the thread.Message ID: <Cyfrin/security-and-auditing-full-course-s23/repo-discussions/173/comments/9340589 @github.com>

[EngrPips]

You are welcome, and I am glad you are learning and growing.