finish tests

contracts/mocks/MockFactory.sol

@@ -2,8 +2,12 @@
 pragma solidity 0.8.19;
 
 import {Create2} from "@openzeppelin/contracts/utils/Create2.sol";
+import {IERC721} from "@openzeppelin/contracts/token/ERC721/IERC721.sol";
 
 contract MockFactory {
+    bytes private constant mockDisguisedEOABytecode =
+        hex"608060405234801561001057600080fd5b5060405161021338038061021383398101604081905261002f91610054565b600080546001600160a01b0319166001600160a01b0392909216919091179055610084565b60006020828403121561006657600080fd5b81516001600160a01b038116811461007d57600080fd5b9392505050565b610180806100936000396000f3fe608060405234801561001057600080fd5b50600436106100365760003560e01c80639d76ea581461003b578063e58ef8a81461006a575b600080fd5b60005461004e906001600160a01b031681565b6040516001600160a01b03909116815260200160405180910390f35b61007d61007836600461010e565b61007f565b005b6000546040516323b872dd60e01b81526001600160a01b038581166004830152848116602483015260448201849052909116906323b872dd90606401600060405180830381600087803b1580156100d557600080fd5b505af11580156100e9573d6000803e3d6000fd5b50505050505050565b80356001600160a01b038116811461010957600080fd5b919050565b60008060006060848603121561012357600080fd5b61012c846100f2565b925061013a602085016100f2565b915060408401359050925092509256fea2646970667358221220cc26e879b9dbccdd8ff34bda1c5675a4b1a8497cba91bea35b6b744a41374a9a64736f6c63430008130033";
+
     function computeAddress(bytes32 salt, bytes32 codeHash) public view returns (address) {
         return Create2.computeAddress(salt, codeHash);
     }
@@ -12,4 +16,20 @@ contract MockFactory {
         // slither-disable-next-line unused-return
         Create2.deploy(0, salt, code);
     }
+
+    function deployMockEOAWithERC721Address(IERC721 tokenAddress, bytes32 salt) external returns (address) {
+        bytes memory encodedParams = abi.encode(address(tokenAddress));
+        bytes memory constructorBytecode = abi.encodePacked(bytes(mockDisguisedEOABytecode), encodedParams);
+        address mockDisguisedEOAAddress = Create2.deploy(0, salt, constructorBytecode);
+
+        return mockDisguisedEOAAddress;
+    }
+
+    function computeMockDisguisedEOAAddress(IERC721 tokenAddress, bytes32 salt) external view returns (address) {
+        bytes memory encodedParams = abi.encode(address(tokenAddress));
+        bytes memory constructorBytecode = abi.encodePacked(bytes(mockDisguisedEOABytecode), encodedParams);
+        address computedAddress = Create2.computeAddress(salt, keccak256(constructorBytecode));
+
+        return computedAddress;
+    }
 }

test/allowlist/AllowlistERC721TransferApprovals.t.sol

@@ -4,6 +4,7 @@ import "forge-std/Test.sol";
 
 import {MockWallet} from "../../contracts/mocks/MockWallet.sol";
 import {MockWalletFactory} from "../../contracts/mocks/MockWalletFactory.sol";
+import {MockFactory} from "../../contracts/mocks/MockFactory.sol";
 import {ImmutableERC721} from "../../contracts/token/erc721/preset/ImmutableERC721.sol";
 import {IImmutableERC721Errors} from "../../contracts/errors/Errors.sol";
 import {OperatorAllowlistEnforcementErrors} from "../../contracts/errors/Errors.sol";
@@ -12,16 +13,18 @@ import {Sign} from "../utils/Sign.sol";
 import {DeployOperatorAllowlist} from  "../utils/DeployAllowlistProxy.sol";
 import {DeploySCWallet} from "../utils/DeploySCW.sol";
 import {DeployMockMarketPlace} from "../utils/DeployMockMarketPlace.sol";
-import {MockMarketplace} from "../../contracts/mocks/MockMarketPlace.sol";
-import {DeployFakeEOA} from "../utils/DeployFakeEOA.sol";
+import {MockMarketplace} from "../../contracts/mocks/MockMarketplace.sol";
+import {MockDisguisedEOA} from "../../contracts/mocks/MockDisguisedEOA.sol";
+import {MockOnReceive} from "../../contracts/mocks/MockOnReceive.sol";
+
 
 contract AllowlistERC721TransferApprovals is Test {
     OperatorAllowlistUpgradeable public allowlist;
     ImmutableERC721 public immutableERC721;
     DeploySCWallet public deploySCWScript;
     DeployMockMarketPlace public deployMockMarketPlaceScript;
-    DeployFakeEOA public deployFakeEOAScript;
     MockMarketplace public mockMarketPlace;
+    MockFactory mockEOAFactory;
 
     uint256 feeReceiverKey = 1;
 
@@ -54,12 +57,15 @@ contract AllowlistERC721TransferApprovals is Test {
             0
         );
 
+        mockEOAFactory = new MockFactory();
+
         nonAuthorizedWallet = address(0x2);
 
         deploySCWScript = new DeploySCWallet();
 
         deployMockMarketPlaceScript = new DeployMockMarketPlace();
         mockMarketPlace = deployMockMarketPlaceScript.run(address(immutableERC721));
+
         _giveMinterRole();
     }
 
@@ -226,6 +232,37 @@ contract AllowlistERC721TransferApprovals is Test {
         vm.stopPrank();
     }
 
+    function testDisguisedEOAApprovalTransfer() public {
+        vm.startPrank(minter, minter);
+        immutableERC721.safeMint(minter, 1);
+        bytes32 salt = keccak256(abi.encodePacked("0x1234"));
+
+        address create2Addr = mockEOAFactory.computeMockDisguisedEOAAddress(immutableERC721, salt);
+
+        immutableERC721.setApprovalForAll(create2Addr, true);
+        mockEOAFactory.deployMockEOAWithERC721Address(immutableERC721, salt);
+
+        assertTrue(immutableERC721.isApprovedForAll(minter, create2Addr));
+
+        MockDisguisedEOA disguisedEOA = MockDisguisedEOA(create2Addr);
+
+        vm.expectRevert(abi.encodeWithSignature("CallerNotInAllowlist(address)", create2Addr));
+        disguisedEOA.executeTransfer(minter, admin, 1);
+        vm.stopPrank();
+    }
+
+    // Here the malicious contract attempts to transfer the token out of the contract by calling transferFrom in onERC721Received
+    // However, sending to the contract will fail as the contract is not in the allowlist.
+    function testOnReceiveTransferFrom() public {
+        MockOnReceive onReceive = new MockOnReceive(immutableERC721, admin);
+
+        vm.startPrank(minter, minter);
+        immutableERC721.safeMint(minter, 1);
+        vm.expectRevert(abi.encodeWithSignature("TransferToNotInAllowlist(address)", address(onReceive)));
+        immutableERC721.safeTransferFrom(minter, address(onReceive), 1, "");
+        vm.stopPrank();
+    }
+
 
 
 }