Merge pull request #104 from Merit-Systems/shafu/more-fuzz

Add fuzz tests for admin and distributor management

Author: shafu0x

test/02_InitRepo.t.sol

@@ -912,6 +912,137 @@ contract InitRepo_Test is Base_Test {
         assertFalse(escrow.getAccountExists(124, 456));
     }
 
+    function test_initRepo_fuzz_signatures(uint256 wrongNonce, uint256 wrongDeadline) public {
+        vm.assume(wrongNonce != escrow.ownerNonce());
+        vm.assume(wrongDeadline != block.timestamp + 1 hours);
+        vm.assume(wrongDeadline > block.timestamp); // Must be future timestamp
+        
+        address[] memory admins = new address[](1);
+        admins[0] = repoAdmin;
+        uint256 repoId = 999;
+        uint256 accountId = 999;
+        
+        // Test with wrong nonce
+        bytes32 digestWrongNonce = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                escrow.DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(
+                    escrow.SET_ADMIN_TYPEHASH(),
+                    repoId,
+                    accountId,
+                    keccak256(abi.encode(admins)),
+                    wrongNonce,
+                    block.timestamp + 1 hours
+                ))
+            )
+        );
+        
+        (uint8 v1, bytes32 r1, bytes32 s1) = vm.sign(ownerPrivateKey, digestWrongNonce);
+        expectRevert(Errors.INVALID_SIGNATURE);
+        escrow.initRepo(repoId, accountId, admins, block.timestamp + 1 hours, v1, r1, s1);
+        
+        // Test with wrong deadline in signature
+        bytes32 digestWrongDeadline = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                escrow.DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(
+                    escrow.SET_ADMIN_TYPEHASH(),
+                    repoId,
+                    accountId,
+                    keccak256(abi.encode(admins)),
+                    escrow.ownerNonce(),
+                    wrongDeadline
+                ))
+            )
+        );
+        
+        (uint8 v2, bytes32 r2, bytes32 s2) = vm.sign(ownerPrivateKey, digestWrongDeadline);
+        expectRevert(Errors.INVALID_SIGNATURE);
+        escrow.initRepo(repoId, accountId, admins, block.timestamp + 1 hours, v2, r2, s2);
+    }
+
+    function test_initRepo_fuzz_batchLimits(uint8 numAdmins) public {
+        vm.assume(numAdmins > 0);
+        uint256 batchLimit = escrow.batchLimit();
+        
+        address[] memory admins = new address[](numAdmins);
+        for (uint i = 0; i < numAdmins; i++) {
+            admins[i] = makeAddr(string(abi.encodePacked("batchAdmin", i)));
+        }
+        
+        uint256 repoId = 888;
+        uint256 accountId = 888;
+        uint256 deadline = block.timestamp + 1 hours;
+        
+        bytes32 digest = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                escrow.DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(
+                    escrow.SET_ADMIN_TYPEHASH(),
+                    repoId,
+                    accountId,
+                    keccak256(abi.encode(admins)),
+                    escrow.ownerNonce(),
+                    deadline
+                ))
+            )
+        );
+        
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(ownerPrivateKey, digest);
+        
+        if (numAdmins <= batchLimit) {
+            // Should succeed if within batch limit
+            escrow.initRepo(repoId, accountId, admins, deadline, v, r, s);
+            
+            // Verify all admins were added
+            for (uint i = 0; i < numAdmins; i++) {
+                assertTrue(escrow.getIsAuthorizedAdmin(repoId, accountId, admins[i]));
+            }
+            
+            address[] memory allAdmins = escrow.getAllAdmins(repoId, accountId);
+            assertEq(allAdmins.length, numAdmins);
+        } else {
+            // Should fail if exceeds batch limit
+            expectRevert(Errors.BATCH_LIMIT_EXCEEDED);
+            escrow.initRepo(repoId, accountId, admins, deadline, v, r, s);
+        }
+    }
+
+    function test_initRepo_fuzz_timeDeadlines(uint32 timeOffset) public {
+        vm.assume(timeOffset > 0 && timeOffset <= 365 days);
+        
+        address[] memory admins = new address[](1);
+        admins[0] = repoAdmin;
+        uint256 repoId = 777;
+        uint256 accountId = 777;
+        uint256 deadline = block.timestamp + timeOffset;
+        
+        bytes32 digest = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                escrow.DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(
+                    escrow.SET_ADMIN_TYPEHASH(),
+                    repoId,
+                    accountId,
+                    keccak256(abi.encode(admins)),
+                    escrow.ownerNonce(),
+                    deadline
+                ))
+            )
+        );
+        
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(ownerPrivateKey, digest);
+        
+        // Should work with any reasonable future deadline
+        escrow.initRepo(repoId, accountId, admins, deadline, v, r, s);
+        assertTrue(escrow.getIsAuthorizedAdmin(repoId, accountId, repoAdmin));
+        assertTrue(escrow.getAccountExists(repoId, accountId));
+    }
+
     /* -------------------------------------------------------------------------- */
     /*                                    EVENTS                                  */
     /* -------------------------------------------------------------------------- */

test/03_FundRepo.t.sol

@@ -148,6 +148,66 @@ contract FundRepo_Test is Base_Test {
         assertEq(escrow.getAccountBalance(REPO_ID, ACCOUNT_ID, address(wETH)), amount);
     }
 
+    function test_fundRepo_fuzz_repoAndAccountIds(uint256 repoId, uint256 accountId, uint256 amount) public {
+        vm.assume(amount > 0 && amount <= 1000e18);
+        vm.assume(repoId <= type(uint128).max && accountId <= type(uint128).max);
+        
+        vm.prank(alice);
+        escrow.fundRepo(repoId, accountId, wETH, amount, "");
+        
+        assertEq(escrow.getAccountBalance(repoId, accountId, address(wETH)), amount);
+    }
+
+    function test_fundRepo_fuzz_multipleFundings(uint8 numFundings, uint256 baseAmount) public {
+        vm.assume(numFundings > 0 && numFundings <= 20);
+        vm.assume(baseAmount > 0 && baseAmount <= 50e18);
+        
+        uint256 totalAmount = 0;
+        
+        for (uint i = 0; i < numFundings; i++) {
+            uint256 amount = baseAmount + (i * 1e18); // Vary amounts
+            vm.prank(alice);
+            escrow.fundRepo(REPO_ID, ACCOUNT_ID, wETH, amount, abi.encodePacked("funding ", i));
+            totalAmount += amount;
+        }
+        
+        assertEq(escrow.getAccountBalance(REPO_ID, ACCOUNT_ID, address(wETH)), totalAmount);
+    }
+
+    function test_fundRepo_fuzz_dataField(bytes calldata data) public {
+        vm.assume(data.length <= 1000); // Reasonable data size limit
+        uint256 amount = 100e18;
+        
+        vm.expectEmit(true, true, true, true);
+        emit Funded(REPO_ID, address(wETH), alice, amount, data);
+        
+        vm.prank(alice);
+        escrow.fundRepo(REPO_ID, ACCOUNT_ID, wETH, amount, data);
+        
+        assertEq(escrow.getAccountBalance(REPO_ID, ACCOUNT_ID, address(wETH)), amount);
+    }
+
+    function test_fundRepo_fuzz_multipleUsers(uint8 numUsers, uint256 amountPerUser) public {
+        vm.assume(numUsers > 0 && numUsers <= 10);
+        vm.assume(amountPerUser > 0 && amountPerUser <= 100e18);
+        
+        uint256 totalAmount = 0;
+        
+        for (uint i = 0; i < numUsers; i++) {
+            address user = makeAddr(string(abi.encodePacked("user", i)));
+            wETH.mint(user, amountPerUser);
+            
+            vm.startPrank(user);
+            wETH.approve(address(escrow), amountPerUser);
+            escrow.fundRepo(REPO_ID, ACCOUNT_ID, wETH, amountPerUser, "");
+            vm.stopPrank();
+            
+            totalAmount += amountPerUser;
+        }
+        
+        assertEq(escrow.getAccountBalance(REPO_ID, ACCOUNT_ID, address(wETH)), totalAmount);
+    }
+
     // Event for testing
     event Funded(uint256 indexed repoId, address indexed token, address indexed sender, uint256 amount, bytes data);
 } 

test/07_ReclaimFund.t.sol

@@ -269,6 +269,68 @@ contract ReclaimFund_Test is Base_Test {
         escrow.reclaimFund(REPO_ID, ACCOUNT_ID, address(wETH), reclaimAmount);
     }
 
+    function test_reclaimFund_fuzz_repoAndAccountIds(uint256 repoId, uint256 accountId, uint256 amount) public {
+        vm.assume(amount > 0 && amount <= 1000e18);
+        vm.assume(repoId != REPO_ID || accountId != ACCOUNT_ID); // Avoid conflict with existing repo
+        vm.assume(repoId <= type(uint128).max && accountId <= type(uint128).max);
+        
+        address admin = makeAddr("fuzzAdmin");
+        
+        // Initialize new repo
+        uint256 deadline = block.timestamp + 1 hours;
+        bytes32 digest = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                escrow.DOMAIN_SEPARATOR(),
+                keccak256(abi.encode(
+                    escrow.SET_ADMIN_TYPEHASH(),
+                    repoId,
+                    accountId,
+                    keccak256(abi.encode(_toArray(admin))),
+                    escrow.ownerNonce(),
+                    deadline
+                ))
+            )
+        );
+        
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(ownerPrivateKey, digest);
+        escrow.initRepo(repoId, accountId, _toArray(admin), deadline, v, r, s);
+        
+        // Fund the repo
+        wETH.mint(address(this), amount);
+        wETH.approve(address(escrow), amount);
+        escrow.fundRepo(repoId, accountId, wETH, amount, "");
+        
+        uint256 initialAdminBalance = wETH.balanceOf(admin);
+        
+        // Reclaim funds
+        vm.prank(admin);
+        escrow.reclaimFund(repoId, accountId, address(wETH), amount);
+        
+        assertEq(wETH.balanceOf(admin), initialAdminBalance + amount);
+        assertEq(escrow.getAccountBalance(repoId, accountId, address(wETH)), 0);
+    }
+
+    function test_reclaimFund_fuzz_multipleReclaims(uint8 numReclaims, uint256 baseAmount) public {
+        vm.assume(numReclaims > 0 && numReclaims <= 10);
+        vm.assume(baseAmount > 0 && baseAmount <= 100e18);
+        
+        uint256 totalFundAmount = baseAmount * numReclaims;
+        _fundRepo(totalFundAmount);
+        
+        uint256 totalReclaimed = 0;
+        uint256 initialAdminBalance = wETH.balanceOf(repoAdmin);
+        
+        for (uint i = 0; i < numReclaims; i++) {
+            vm.prank(repoAdmin);
+            escrow.reclaimFund(REPO_ID, ACCOUNT_ID, address(wETH), baseAmount);
+            totalReclaimed += baseAmount;
+        }
+        
+        assertEq(wETH.balanceOf(repoAdmin), initialAdminBalance + totalReclaimed);
+        assertEq(escrow.getAccountBalance(REPO_ID, ACCOUNT_ID, address(wETH)), totalFundAmount - totalReclaimed);
+    }
+
     /* -------------------------------------------------------------------------- */
     /*                                    EVENTS                                  */
     /* -------------------------------------------------------------------------- */