chore: add concrete test for DOS vector (#307)

zhongeric · web-flow · commit c15f3b2c9d47 · 2026-01-22T11:35:55.000-05:00
* chore: add concrete test for DOS vector

* chore: set evm version to cancun

* add logs

* chore: fix

* chore: fix gas limit

* chore: rm concrete test

* chore: remove cancun pin
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -34,7 +34,7 @@ jobs:
         id: build
 
       - name: Run Forge tests
-        run: forge test --isolate -vvv
+        run: FOUNDRY_GAS_LIMIT=9223372036854775807 forge test --isolate -vvv
         id: test
         env:
           FORGE_SNAPSHOT_CHECK: true
diff --git a/script/deploy/DeployAuctionStateLens.s.sol b/script/deploy/DeployAuctionStateLens.s.sol
@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.0;
 
-import {IContinuousClearingAuction} from '../../../src/interfaces/IContinuousClearingAuction.sol';
-import {AuctionStateLens} from '../../../src/lens/AuctionStateLens.sol';
+import {IContinuousClearingAuction} from '../../src/interfaces/IContinuousClearingAuction.sol';
+import {AuctionStateLens} from '../../src/lens/AuctionStateLens.sol';
 import 'forge-std/Script.sol';
 import 'forge-std/console2.sol';
 
diff --git a/test/Auction.dos.t.sol b/test/Auction.dos.t.sol
@@ -21,9 +21,9 @@ contract AuctionDosTest is AuctionBaseTest {
 
     // This test is quite slow so only fuzz 100 times. We hardcode most of the params for simplicity anyways
     /// forge-config: default.isolate = true
-    /// forge-config: default.gas_limit = 18446744073709551615
+    /// forge-config: default.gas_limit = 9223372036854775807 
     /// forge-config: ci.isolate = true
-    /// forge-config: ci.gas_limit = 18446744073709551615
+    /// forge-config: ci.gas_limit = 9223372036854775807
     /// forge-config: default.fuzz.runs = 100
     /// forge-config: ci.fuzz.runs = 100
     function test_forceIterateOverTicks_preventsDoS(FuzzDeploymentParams memory _deploymentParams)
@@ -46,6 +46,7 @@ contract AuctionDosTest is AuctionBaseTest {
         _deploymentParams.auctionParams.endBlock = uint64(_deploymentParams.auctionParams.startBlock + 1e7);
         _deploymentParams.auctionParams.claimBlock = uint64(_deploymentParams.auctionParams.endBlock + 1);
         _deploymentParams.auctionParams.auctionStepsData = AuctionStepsBuilder.init().addStep(1, 1e7);
+        _deploymentParams.auctionParams.validationHook = address(0);
 
         auction = new ContinuousClearingAuction(
             address(token), _deploymentParams.totalSupply, _deploymentParams.auctionParams
@@ -75,7 +76,7 @@ contract AuctionDosTest is AuctionBaseTest {
         uint128 bidAmount = uint128(FixedPointMathLib.fullMulDivUp(auction.totalSupply(), maxPrice, FixedPoint96.Q96));
 
         // Move the auction up to the highest tick
-        auction.submitBid{value: bidAmount, gas: FUSAKA_TX_GAS_LIMIT}(maxPrice, bidAmount, alice, prevPrice, bytes(''));
+        auction.submitBid{value: bidAmount}(maxPrice, bidAmount, alice, prevPrice, bytes(''));
 
         vm.roll(block.number + 1);
         // This should revert due to OOG
@@ -88,6 +89,9 @@ contract AuctionDosTest is AuctionBaseTest {
         emit ITickStorage.NextActiveTickUpdated(untilTickPrice);
         auction.forceIterateOverTicks{gas: FUSAKA_TX_GAS_LIMIT}(untilTickPrice);
 
+        emit log_named_uint('gasleft', gasleft());
+        require(gasleft() > FUSAKA_TX_GAS_LIMIT, 'Gas left is not greater than FUSAKA_TX_GAS_LIMIT');
+
         // Now you should be able to checkpoint
         auction.checkpoint{gas: FUSAKA_TX_GAS_LIMIT}();
     }
