fix: unit tests for BCR

Author: 0xmikko

contracts/global/BytecodeRepository.sol

@@ -63,7 +63,8 @@ contract BytecodeRepository is ImmutableOwnableTrait, SanityCheckTrait, IBytecod
     bytes32 public constant BYTECODE_TYPEHASH =
         keccak256("Bytecode(bytes32 contractType,uint256 version,bytes initCode,address author,string source)");
 
-    bytes32 public constant _SIGNATURE_TYPEHASH = keccak256("SignBytecodeHash(bytes32 bytecodeHash,string reportUrl)");
+    bytes32 public constant AUDITOR_SIGNATURE_TYPEHASH =
+        keccak256("SignBytecodeHash(bytes32 bytecodeHash,string reportUrl)");
 
     //
     // STORAGE
@@ -269,7 +270,8 @@ contract BytecodeRepository is ImmutableOwnableTrait, SanityCheckTrait, IBytecod
         }
 
         // Re-create typed data
-        bytes32 structHash = keccak256(abi.encode(_SIGNATURE_TYPEHASH, bytecodeHash, keccak256(bytes(reportUrl))));
+        bytes32 structHash =
+            keccak256(abi.encode(AUDITOR_SIGNATURE_TYPEHASH, bytecodeHash, keccak256(bytes(reportUrl))));
         // Hash with our pinned domain
         address signer = ECDSA.recover(_hashTypedDataV4(structHash), signature);
 
@@ -539,4 +541,8 @@ contract BytecodeRepository is ImmutableOwnableTrait, SanityCheckTrait, IBytecod
     function bytecodeByHash(bytes32 bytecodeHash) external view returns (Bytecode memory) {
         return _bytecodeByHash[bytecodeHash];
     }
+
+    function domainSeparatorV4() external view returns (bytes32) {
+        return _domainSeparatorV4();
+    }
 }

contracts/global/CrossChainMultisig.sol

@@ -149,10 +149,6 @@ contract CrossChainMultisig is EIP712Mainnet, Ownable, ReentrancyGuard, ICrossCh
         _executeProposal({calls: signedProposal.calls, proposalHash: proposalHash});
     }
 
-    function domainSeparator() external view returns (bytes32) {
-        return _domainSeparatorV4();
-    }
-
     function _verifyProposal(CrossChainCall[] memory calls, bytes32 prevHash) internal view {
         if (prevHash != lastProposalHash) revert InvalidPrevHashException();
         if (calls.length == 0) revert NoCallsInProposalException();
@@ -312,4 +308,8 @@ contract CrossChainMultisig is EIP712Mainnet, Ownable, ReentrancyGuard, ICrossCh
     function signedProposals(bytes32 proposalHash) external view returns (SignedProposal memory) {
         return _signedProposals[proposalHash];
     }
+
+    function domainSeparatorV4() external view returns (bytes32) {
+        return _domainSeparatorV4();
+    }
 }

contracts/interfaces/ICrossChainMultisig.sol

@@ -138,5 +138,5 @@ interface ICrossChainMultisig is IVersion {
     function isSigner(address account) external view returns (bool);
 
     /// @notice Returns the domain separator used for EIP-712 signing
-    function domainSeparator() external view returns (bytes32);
+    function domainSeparatorV4() external view returns (bytes32);
 }

contracts/test/global/BytecodeRepository.uint.t.sol

@@ -20,6 +20,8 @@ contract BytecodeRepositoryTest is Test {
     address public auditor;
     address public author;
 
+    uint256 public auditorPK = vm.randomUint();
+
     uint256 public authorPK = vm.randomUint();
 
     bytes32 private constant _TEST_CONTRACT = "TEST_CONTRACT";
@@ -29,16 +31,243 @@ contract BytecodeRepositoryTest is Test {
 
     function setUp() public {
         owner = makeAddr("owner");
-        auditor = makeAddr("auditor");
+        auditor = vm.addr(auditorPK);
         author = vm.addr(authorPK);
 
         vm.startPrank(owner);
-        repository = new BytecodeRepository(address(this));
+        repository = new BytecodeRepository(owner);
         repository.addAuditor(auditor, "Test Auditor");
         vm.stopPrank();
     }
 
     function _getMockBytecode(bytes32 _contractType, uint256 _version) internal pure returns (bytes memory) {
         return abi.encodePacked(type(MockedVersionContract).creationCode, abi.encode(_contractType, _version));
     }
+
+    function _uploadTestBytecode() internal returns (bytes32 bytecodeHash) {
+        bytes memory bytecode = _getMockBytecode(_TEST_CONTRACT, _TEST_VERSION);
+
+        Bytecode memory bc = Bytecode({
+            contractType: _TEST_CONTRACT,
+            version: _TEST_VERSION,
+            initCode: bytecode,
+            author: author,
+            source: _TEST_SOURCE,
+            authorSignature: bytes("")
+        });
+
+        bytecodeHash = repository.computeBytecodeHash(bc);
+
+        (uint8 v, bytes32 r, bytes32 s) =
+            vm.sign(authorPK, repository.domainSeparatorV4().toTypedDataHash(bytecodeHash));
+        bc.authorSignature = abi.encodePacked(r, s, v);
+
+        vm.prank(author);
+        repository.uploadBytecode(bc);
+    }
+
+    /// UPLOAD BYTECODE TESTS
+
+    function test_BCR_01_uploadBytecode_works() public {
+        bytes memory bytecode = _getMockBytecode(_TEST_CONTRACT, _TEST_VERSION);
+
+        Bytecode memory bc = Bytecode({
+            contractType: _TEST_CONTRACT,
+            version: _TEST_VERSION,
+            initCode: bytecode,
+            author: author,
+            source: _TEST_SOURCE,
+            authorSignature: bytes("")
+        });
+
+        bytes32 bytecodeHash = repository.computeBytecodeHash(bc);
+
+        // Sign bytecode hash with author's key
+        (uint8 v, bytes32 r, bytes32 s) =
+            vm.sign(authorPK, repository.domainSeparatorV4().toTypedDataHash(bytecodeHash));
+        bc.authorSignature = abi.encodePacked(r, s, v);
+
+        vm.prank(author);
+        repository.uploadBytecode(bc);
+
+        // Verify bytecode was stored
+        assertTrue(repository.isBytecodeUploaded(bytecodeHash));
+
+        Bytecode memory storedBc = repository.bytecodeByHash(bytecodeHash);
+        assertEq(storedBc.contractType, _TEST_CONTRACT);
+        assertEq(storedBc.version, _TEST_VERSION);
+        assertEq(storedBc.author, author);
+        assertEq(storedBc.source, _TEST_SOURCE);
+    }
+
+    function test_BCR_02_uploadBytecode_reverts_if_already_exists() public {
+        bytes memory bytecode = _getMockBytecode(_TEST_CONTRACT, _TEST_VERSION);
+
+        Bytecode memory bc = Bytecode({
+            contractType: _TEST_CONTRACT,
+            version: _TEST_VERSION,
+            initCode: bytecode,
+            author: author,
+            source: _TEST_SOURCE,
+            authorSignature: bytes("")
+        });
+
+        bytes32 bytecodeHash = repository.computeBytecodeHash(bc);
+
+        (uint8 v, bytes32 r, bytes32 s) =
+            vm.sign(authorPK, repository.domainSeparatorV4().toTypedDataHash(bytecodeHash));
+        bc.authorSignature = abi.encodePacked(r, s, v);
+
+        vm.startPrank(author);
+        repository.uploadBytecode(bc);
+
+        vm.expectRevert(IBytecodeRepository.BytecodeAlreadyExistsException.selector);
+        repository.uploadBytecode(bc);
+        vm.stopPrank();
+    }
+
+    function test_BCR_03_uploadBytecode_reverts_if_invalid_signature() public {
+        bytes memory bytecode = _getMockBytecode(_TEST_CONTRACT, _TEST_VERSION);
+
+        Bytecode memory bc = Bytecode({
+            contractType: _TEST_CONTRACT,
+            version: _TEST_VERSION,
+            initCode: bytecode,
+            author: author,
+            source: _TEST_SOURCE,
+            authorSignature: bytes("invalid signature")
+        });
+
+        vm.prank(author);
+        vm.expectRevert("ECDSA: invalid signature length");
+        repository.uploadBytecode(bc);
+    }
+
+    /// AUDITOR SIGNATURE TESTS
+
+    function test_BCR_04_signBytecodeHash_works() public {
+        // First upload bytecode
+        bytes32 bytecodeHash = _uploadTestBytecode();
+
+        // Now sign as auditor
+        string memory reportUrl = "https://audit.report";
+        bytes32 signatureHash = repository.domainSeparatorV4().toTypedDataHash(
+            keccak256(abi.encode(repository.AUDITOR_SIGNATURE_TYPEHASH(), bytecodeHash, keccak256(bytes(reportUrl))))
+        );
+
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(auditorPK, signatureHash);
+        bytes memory signature = abi.encodePacked(r, s, v);
+
+        vm.prank(auditor);
+        repository.signBytecodeHash(bytecodeHash, reportUrl, signature);
+
+        // Verify signature was stored
+        assertTrue(repository.isBytecodeAudited(bytecodeHash));
+
+        AuditorSignature[] memory sigs = repository.auditorSignaturesByHash(bytecodeHash);
+        assertEq(sigs.length, 1);
+        assertEq(sigs[0].auditor, auditor);
+        assertEq(sigs[0].reportUrl, reportUrl);
+        assertEq(sigs[0].signature, signature);
+    }
+
+    function test_BCR_05_signBytecodeHash_reverts_if_not_auditor() public {
+        // First upload bytecode
+        bytes32 bytecodeHash = _uploadTestBytecode();
+
+        // Now sign as auditor
+        string memory reportUrl = "https://audit.report";
+        bytes32 signatureHash = repository.domainSeparatorV4().toTypedDataHash(
+            keccak256(abi.encode(repository.AUDITOR_SIGNATURE_TYPEHASH(), bytecodeHash, keccak256(bytes(reportUrl))))
+        );
+
+        uint256 notAuditorPK = vm.randomUint();
+        address notAuditor = vm.addr(notAuditorPK);
+
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(notAuditorPK, signatureHash);
+        bytes memory signature = abi.encodePacked(r, s, v);
+
+        vm.prank(notAuditor);
+        vm.expectRevert(abi.encodeWithSelector(IBytecodeRepository.SignerIsNotAuditorException.selector, notAuditor));
+        repository.signBytecodeHash(bytecodeHash, reportUrl, signature);
+    }
+
+    /// DEPLOYMENT TESTS
+
+    function test_BCR_06_deploy_works() public {
+        // First upload bytecode
+        bytes32 bytecodeHash = _uploadTestBytecode();
+
+        // Now sign as auditor
+        string memory reportUrl = "https://audit.report";
+        bytes32 signatureHash = repository.domainSeparatorV4().toTypedDataHash(
+            keccak256(abi.encode(repository.AUDITOR_SIGNATURE_TYPEHASH(), bytecodeHash, keccak256(bytes(reportUrl))))
+        );
+
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(auditorPK, signatureHash);
+        bytes memory signature = abi.encodePacked(r, s, v);
+
+        vm.prank(auditor);
+        repository.signBytecodeHash(bytecodeHash, reportUrl, signature);
+
+        // Mark as system contract to auto-approve
+        vm.prank(owner);
+        repository.allowSystemContract(bytecodeHash);
+
+        // Now deploy
+        address deployer = makeAddr("deployer");
+        vm.prank(deployer);
+        address deployed = repository.deploy(_TEST_CONTRACT, _TEST_VERSION, "", _TEST_SALT);
+
+        // Verify deployment
+        assertTrue(deployed.code.length > 0);
+        assertEq(repository.deployedContracts(deployed), bytecodeHash);
+
+        IVersion version = IVersion(deployed);
+        assertEq(version.contractType(), _TEST_CONTRACT);
+        assertEq(version.version(), _TEST_VERSION);
+    }
+
+    function test_BCR_07_deploy_reverts_if_not_approved() public {
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                IBytecodeRepository.BytecodeIsNotApprovedException.selector, _TEST_CONTRACT, _TEST_VERSION
+            )
+        );
+        repository.deploy(_TEST_CONTRACT, _TEST_VERSION, "", _TEST_SALT);
+    }
+
+    function test_BCR_08_deploy_reverts_if_not_audited() public {
+        // Upload but don't audit
+        bytes memory bytecode = _getMockBytecode(_TEST_CONTRACT, _TEST_VERSION);
+
+        Bytecode memory bc = Bytecode({
+            contractType: _TEST_CONTRACT,
+            version: _TEST_VERSION,
+            initCode: bytecode,
+            author: author,
+            source: _TEST_SOURCE,
+            authorSignature: bytes("")
+        });
+
+        bytes32 bytecodeHash = repository.computeBytecodeHash(bc);
+
+        (uint8 v, bytes32 r, bytes32 s) =
+            vm.sign(authorPK, repository.domainSeparatorV4().toTypedDataHash(bytecodeHash));
+        bc.authorSignature = abi.encodePacked(r, s, v);
+
+        vm.prank(author);
+        repository.uploadBytecode(bc);
+
+        // Mark as system contract to auto-approve
+        vm.prank(owner);
+        repository.allowSystemContract(bytecodeHash);
+
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                IBytecodeRepository.BytecodeIsNotApprovedException.selector, _TEST_CONTRACT, _TEST_VERSION
+            )
+        );
+        repository.deploy(_TEST_CONTRACT, _TEST_VERSION, "", _TEST_SALT);
+    }
 }

contracts/test/global/CrossChainMultisig.unit.t.sol

@@ -37,7 +37,7 @@ contract CrossChainMultisigTest is Test {
     }
 
     function _getDigest(bytes32 structHash) internal view returns (bytes32) {
-        bytes32 domainSeparator = multisig.domainSeparator();
+        bytes32 domainSeparator = multisig.domainSeparatorV4();
         return keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash));
     }
 
@@ -173,7 +173,7 @@ contract CrossChainMultisigTest is Test {
         bytes32 proposalHash = multisig.hashProposal(calls, bytes32(0));
 
         // Generate EIP-712 signature
-        bytes32 domainSeparator = multisig.domainSeparator();
+        bytes32 domainSeparator = multisig.domainSeparatorV4();
         bytes32 digest = keccak256(abi.encodePacked("\x19\x01", domainSeparator, proposalHash));
 
         bytes memory signature = _signProposalHash(signer0PrivateKey, proposalHash);