Improved bounty tests. (#1350)

* Improved bounty tests. * Fixed linter errors. * Addressed review comments.

Improved bounty tests. (#1350)
* Improved bounty tests. * Fixed linter errors. * Addressed review comments.
ae109f69 · Nicolás Venturo · Francisco Giordano · 5fdeaa81 · ae109f69 · 5fdeaa81
Commit ae109f69 authored Sep 26, 2018 by Nicolás Venturo Committed by Francisco Giordano Sep 26, 2018
3 changed files
--- a/contracts/mocks/InsecureInvariantTargetBounty.sol
+++ b/contracts/mocks/InsecureInvariantTargetBounty.sol
@@ -5,14 +5,24 @@ pragma solidity ^0.4.24;
 // solium-disable-next-line max-len
 import {BreakInvariantBounty, Target} from "../bounties/BreakInvariantBounty.sol";
-contract InsecureInvariantTargetMock is Target {
+contract TargetMock is Target {
-  function checkInvariant() public returns(bool) {
+  bool private exploited;
+  function exploitVulnerability() public {
+    exploited = true;
+  }
+  function checkInvariant() public returns (bool) {
+    if (exploited) {
      return false;
    }
+    return true;
+  }
 }
-contract InsecureInvariantTargetBounty is BreakInvariantBounty {
+contract BreakInvariantBountyMock is BreakInvariantBounty {
  function _deployContract() internal returns (address) {
-    return new InsecureInvariantTargetMock();
+    return new TargetMock();
  }
 }
--- a/contracts/mocks/SecureInvariantTargetBounty.sol
+++ b/contracts/mocks/SecureInvariantTargetBounty.sol
-pragma solidity ^0.4.24;
-// When this line is split, truffle parsing fails.
-// See: https://github.com/ethereum/solidity/issues/4871
-// solium-disable-next-line max-len
-import {BreakInvariantBounty, Target} from "../bounties/BreakInvariantBounty.sol";
-contract SecureInvariantTargetMock is Target {
-  function checkInvariant() public returns(bool) {
-    return true;
-  }
-}
-contract SecureInvariantTargetBounty is BreakInvariantBounty {
-  function _deployContract() internal returns (address) {
-    return new SecureInvariantTargetMock();
-  }
-}
--- a/test/BreakInvariantBounty.test.js
+++ b/test/BreakInvariantBounty.test.js
@@ -2,97 +2,104 @@ const { ethGetBalance, ethSendTransaction } = require('./helpers/web3');
 const expectEvent = require('./helpers/expectEvent');
 const { assertRevert } = require('./helpers/assertRevert');
-const SecureInvariantTargetBounty = artifacts.require('SecureInvariantTargetBounty');
+const BreakInvariantBountyMock = artifacts.require('BreakInvariantBountyMock');
-const InsecureInvariantTargetBounty = artifacts.require('InsecureInvariantTargetBounty');
+const TargetMock = artifacts.require('TargetMock');
 require('chai')
  .use(require('chai-bignumber')(web3.BigNumber))
  .should();
-const sendReward = async (from, to, value) => ethSendTransaction({
-  from,
-  to,
-  value,
-});
 const reward = new web3.BigNumber(web3.toWei(1, 'ether'));
-contract('BreakInvariantBounty', function ([_, owner, researcher, nonTarget]) {
+contract('BreakInvariantBounty', function ([_, owner, researcher, anyone, nonTarget]) {
-  context('against secure contract', function () {
  beforeEach(async function () {
-      this.bounty = await SecureInvariantTargetBounty.new({ from: owner });
+    this.bounty = await BreakInvariantBountyMock.new({ from: owner });
  });
  it('can set reward', async function () {
-      await sendReward(owner, this.bounty.address, reward);
+    await ethSendTransaction({ from: owner, to: this.bounty.address, value: reward });
+    (await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(reward);
-      const balance = await ethGetBalance(this.bounty.address);
-      balance.should.be.bignumber.equal(reward);
  });
  context('with reward', function () {
    beforeEach(async function () {
-        const result = await this.bounty.createTarget({ from: researcher });
+      await ethSendTransaction({ from: owner, to: this.bounty.address, value: reward });
-        const event = expectEvent.inLogs(result.logs, 'TargetCreated');
+    });
-        this.targetAddress = event.args.createdAddress;
-        await sendReward(owner, this.bounty.address, reward);
+    describe('destroy', function () {
+      it('returns all balance to the owner', async function () {
+        const ownerPreBalance = await ethGetBalance(owner);
+        await this.bounty.destroy({ from: owner, gasPrice: 0 });
+        const ownerPostBalance = await ethGetBalance(owner);
-        const balance = await ethGetBalance(this.bounty.address);
+        (await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(0);
-        balance.should.be.bignumber.equal(reward);
+        ownerPostBalance.sub(ownerPreBalance).should.be.bignumber.equal(reward);
      });
-      it('cannot claim reward', async function () {
+      it('reverts when called by anyone', async function () {
-        await assertRevert(
+        await assertRevert(this.bounty.destroy({ from: anyone }));
-          this.bounty.claim(this.targetAddress, { from: researcher }),
-        );
      });
    });
+    describe('claim', function () {
+      it('is initially unclaimed', async function () {
+        (await this.bounty.claimed()).should.equal(false);
      });
-  context('against broken contract', function () {
+      it('can create claimable target', async function () {
-    beforeEach(async function () {
+        const { logs } = await this.bounty.createTarget({ from: researcher });
-      this.bounty = await InsecureInvariantTargetBounty.new();
+        expectEvent.inLogs(logs, 'TargetCreated');
+      });
-      const result = await this.bounty.createTarget({ from: researcher });
+      context('with target', async function () {
-      const event = expectEvent.inLogs(result.logs, 'TargetCreated');
+        beforeEach(async function () {
+          const { logs } = await this.bounty.createTarget({ from: researcher });
+          const event = expectEvent.inLogs(logs, 'TargetCreated');
+          this.target = TargetMock.at(event.args.createdAddress);
+        });
-      this.targetAddress = event.args.createdAddress;
+        context('before exploiting vulnerability', async function () {
-      await sendReward(owner, this.bounty.address, reward);
+          it('reverts when claiming reward', async function () {
+            await assertRevert(this.bounty.claim(this.target.address, { from: researcher }));
+          });
        });
-    it('can claim reward', async function () {
+        context('after exploiting vulnerability', async function () {
-      await this.bounty.claim(this.targetAddress, { from: researcher });
+          beforeEach(async function () {
-      const claim = await this.bounty.claimed();
+            await this.target.exploitVulnerability({ from: researcher });
+          });
-      claim.should.equal(true);
+          it('sends the reward to the researcher', async function () {
+            await this.bounty.claim(this.target.address, { from: anyone });
-      const researcherPrevBalance = await ethGetBalance(researcher);
+            const researcherPreBalance = await ethGetBalance(researcher);
+            await this.bounty.withdrawPayments(researcher);
+            const researcherPostBalance = await ethGetBalance(researcher);
-      await this.bounty.withdrawPayments(researcher, { gasPrice: 0 });
+            researcherPostBalance.sub(researcherPreBalance).should.be.bignumber.equal(reward);
-      const updatedBalance = await ethGetBalance(this.bounty.address);
+            (await ethGetBalance(this.bounty.address)).should.be.bignumber.equal(0);
-      updatedBalance.should.be.bignumber.equal(0);
+          });
-      const researcherCurrBalance = await ethGetBalance(researcher);
+          context('after claiming', async function () {
-      researcherCurrBalance.sub(researcherPrevBalance).should.be.bignumber.equal(reward);
+            beforeEach(async function () {
+              await this.bounty.claim(this.target.address, { from: researcher });
            });
-    it('cannot claim reward from non-target', async function () {
+            it('is claimed', async function () {
-      await assertRevert(
+              (await this.bounty.claimed()).should.equal(true);
-        this.bounty.claim(nonTarget, { from: researcher })
-      );
            });
-    context('reward claimed', function () {
+            it('no longer accepts rewards', async function () {
-      beforeEach(async function () {
+              await assertRevert(ethSendTransaction({ from: owner, to: this.bounty.address, value: reward }));
-        await this.bounty.claim(this.targetAddress, { from: researcher });
+            });
+          });
+        });
      });
-      it('should no longer be payable', async function () {
+      context('with non-target', function () {
-        await assertRevert(
+        it('reverts when claiming reward', async function () {
-          sendReward(owner, this.bounty.address, reward)
+          await assertRevert(this.bounty.claim(nonTarget, { from: researcher }));
-        );
+        });
      });
    });
  });