diff --git a/test/invariant-tests/AccessControl.Invariant.sol b/test/invariant-tests/AccessControl.Invariant.sol index ea0fd13..f44b387 100644 --- a/test/invariant-tests/AccessControl.Invariant.sol +++ b/test/invariant-tests/AccessControl.Invariant.sol @@ -15,6 +15,7 @@ contract AccessControlHandlerInvariant is Setup { /// @notice nonce snapshot for assertions uint256 public localNonceState; + uint256 public localAddState; function setUp() public override { /// @dev calls setup to spin up test contracts @@ -31,10 +32,30 @@ contract AccessControlHandlerInvariant is Setup { targetContract(address(handler)); } + /// @notice invariant-1: only authorized callers can execute calls + /// @notice invariant-2: only the global owner should be able to add an adapter to the allowed lis function invariant_test_acess_control_src() public { - if (handler.lastCaller() == MessageSenderGAC(contractAddress[SRC_CHAIN_ID]["GAC"]).authorisedCaller()) { + if ( + handler.lastCaller() == MessageSenderGAC(contractAddress[SRC_CHAIN_ID]["GAC"]).authorisedCaller() + && handler.lastCalledFunction() == 1 + ) { ++localNonceState; } + + if ( + handler.lastCaller() == MessageSenderGAC(contractAddress[SRC_CHAIN_ID]["GAC"]).authorisedCaller() + && handler.lastCalledFunction() == 2 + ) { + ++localAddState; + } + assertEq(MultiBridgeMessageSender(contractAddress[SRC_CHAIN_ID]["MMA_SENDER"]).nonce(), localNonceState); + + if (localAddState > 0) { + assertTrue( + MultiBridgeMessageSender(contractAddress[SRC_CHAIN_ID]["MMA_SENDER"]).senderAdapters(localAddState - 1) + != address(0) + ); + } } } diff --git a/test/invariant-tests/AdapterList.Invariant.sol b/test/invariant-tests/AdapterList.Invariant.sol index 5c73430..3c615ec 100644 --- a/test/invariant-tests/AdapterList.Invariant.sol +++ b/test/invariant-tests/AdapterList.Invariant.sol @@ -8,7 +8,7 @@ import {Vm, Test} from "forge-std/Test.sol"; import "test/Setup.t.sol"; /// handler import -import {AdapterListHandler} from "test/invariant-tests/handlers/AdapterList.handler.sol"; +import {AdapterListHandler} from "test/invariant-tests/handlers/AdapterList.Handler.sol"; /// @notice invariants for maintaining adapter list on `MultiBridgeMessageSender` contract AdapterListInvariant is Setup { @@ -37,7 +37,7 @@ contract AdapterListInvariant is Setup { /// @notice invariant-5: removing an adapter should always decrease the length of the adapter list /// @notice invariant-6: once a trusted executor is removed, it should not persist in the adapter list - function invariant_test_adapter_additions() public { + function invariant_test_adapter_mutations() public { MultiBridgeMessageSender targetContract = MultiBridgeMessageSender(contractAddress[SRC_CHAIN_ID]["MMA_SENDER"]); if (handler.success()) { diff --git a/test/invariant-tests/handlers/AccessControlSender.Handler.sol b/test/invariant-tests/handlers/AccessControlSender.Handler.sol index 834a796..a8427e0 100644 --- a/test/invariant-tests/handlers/AccessControlSender.Handler.sol +++ b/test/invariant-tests/handlers/AccessControlSender.Handler.sol @@ -16,6 +16,7 @@ contract AccessControlSenderHandler is Test { /// @notice logs last caller for validations address public lastCaller; + uint8 public lastCalledFunction; /// @notice modifier to prank caller modifier prank(address _prankster) { @@ -43,6 +44,7 @@ contract AccessControlSenderHandler is Test { uint256 _successThreshold, address[] memory _excludedAdapters ) external prank(simulatedCaller) { + lastCalledFunction = 1; multiBridgeMessageSender.remoteCall( _dstChainId, _target, @@ -55,4 +57,16 @@ contract AccessControlSenderHandler is Test { _excludedAdapters ); } + + /// @notice for sender adapter addition + function addSenderAdapters(address simulatedCaller, address _newSenderAdapter) external prank(simulatedCaller) { + vm.assume(_newSenderAdapter != address(0)); + + address[] memory _additions = new address[](1); + _additions[0] = _newSenderAdapter; + + try multiBridgeMessageSender.addSenderAdapters(_additions) { + lastCalledFunction = 2; + } catch {} + } }