From b4b08be6880afb097a31621c1673e339f56cadcc Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Fri, 13 Oct 2023 15:32:58 +0200 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=94=92=20Remove=20the=20`multicall=5F?= =?UTF-8?q?value=5Fself`=20Function?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pascal Marco Caversaccio --- .gas-snapshot | 145 ++++++++++--------- CHANGELOG.md | 5 + src/utils/Multicall.vy | 51 +------ test/utils/Multicall.t.sol | 204 --------------------------- test/utils/interfaces/IMulticall.sol | 10 -- 5 files changed, 77 insertions(+), 338 deletions(-) diff --git a/.gas-snapshot b/.gas-snapshot index 5ba0d9bb..ee8e1864 100644 --- a/.gas-snapshot +++ b/.gas-snapshot @@ -60,8 +60,8 @@ BatchDistributorTest:testDistributeTokenMultipleAddressesSuccess() (gas: 615999) BatchDistributorTest:testDistributeTokenOneAddressSuccess() (gas: 578324) BatchDistributorTest:testDistributeTokenRevertWithInsufficientAllowance() (gas: 574065) BatchDistributorTest:testDistributeTokenRevertWithInsufficientBalance() (gas: 574851) -BatchDistributorTest:testFuzzDistributeEtherMultipleAddressesSuccess(((address,uint256)[]),uint256) (runs: 256, μ: 1789117, ~: 1662544) -BatchDistributorTest:testFuzzDistributeTokenMultipleAddressesSuccess(((address,uint256)[]),address,uint256) (runs: 256, μ: 1322121, ~: 1285243) +BatchDistributorTest:testFuzzDistributeEtherMultipleAddressesSuccess(((address,uint256)[]),uint256) (runs: 256, μ: 1780314, ~: 1661052) +BatchDistributorTest:testFuzzDistributeTokenMultipleAddressesSuccess(((address,uint256)[]),address,uint256) (runs: 256, μ: 1322216, ~: 1285243) Create2AddressTest:testComputeAddress() (gas: 550238) Create2AddressTest:testComputeAddressSelf() (gas: 558561) Create2AddressTest:testFuzzComputeAddress(bytes32,address) (runs: 256, μ: 550833, ~: 550833) @@ -87,26 +87,26 @@ CreateAddressTest:testComputeAddressSelfNonceUint56() (gas: 539025) CreateAddressTest:testComputeAddressSelfNonceUint64() (gas: 539142) CreateAddressTest:testComputeAddressSelfNonceUint8() (gas: 538748) CreateAddressTest:testComputeAddressSelfRevertTooHighNonce() (gas: 8836) -CreateAddressTest:testFuzzComputeAddressNonce0x7f(uint64,address) (runs: 256, μ: 538183, ~: 538346) -CreateAddressTest:testFuzzComputeAddressNonceUint16(uint64,address) (runs: 256, μ: 537672, ~: 537811) -CreateAddressTest:testFuzzComputeAddressNonceUint24(uint64,address) (runs: 256, μ: 537830, ~: 537937) -CreateAddressTest:testFuzzComputeAddressNonceUint32(uint64,address) (runs: 256, μ: 537815, ~: 537944) -CreateAddressTest:testFuzzComputeAddressNonceUint40(uint64,address) (runs: 256, μ: 537938, ~: 538036) -CreateAddressTest:testFuzzComputeAddressNonceUint48(uint64,address) (runs: 256, μ: 537920, ~: 538020) +CreateAddressTest:testFuzzComputeAddressNonce0x7f(uint64,address) (runs: 256, μ: 538182, ~: 538346) +CreateAddressTest:testFuzzComputeAddressNonceUint16(uint64,address) (runs: 256, μ: 537675, ~: 537811) +CreateAddressTest:testFuzzComputeAddressNonceUint24(uint64,address) (runs: 256, μ: 537827, ~: 537937) +CreateAddressTest:testFuzzComputeAddressNonceUint32(uint64,address) (runs: 256, μ: 537816, ~: 537944) +CreateAddressTest:testFuzzComputeAddressNonceUint40(uint64,address) (runs: 256, μ: 537935, ~: 538036) +CreateAddressTest:testFuzzComputeAddressNonceUint48(uint64,address) (runs: 256, μ: 537917, ~: 538020) CreateAddressTest:testFuzzComputeAddressNonceUint56(uint64,address) (runs: 256, μ: 537939, ~: 538049) -CreateAddressTest:testFuzzComputeAddressNonceUint64(uint64,address) (runs: 256, μ: 537947, ~: 538153) -CreateAddressTest:testFuzzComputeAddressNonceUint8(uint64,address) (runs: 256, μ: 537706, ~: 537811) +CreateAddressTest:testFuzzComputeAddressNonceUint64(uint64,address) (runs: 256, μ: 537952, ~: 538153) +CreateAddressTest:testFuzzComputeAddressNonceUint8(uint64,address) (runs: 256, μ: 537710, ~: 537811) CreateAddressTest:testFuzzComputeAddressRevertTooHighNonce(uint256,address) (runs: 256, μ: 13368, ~: 13340) -CreateAddressTest:testFuzzComputeAddressSelfNonce0x7f(uint64) (runs: 256, μ: 544077, ~: 544185) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint16(uint64) (runs: 256, μ: 543307, ~: 543221) +CreateAddressTest:testFuzzComputeAddressSelfNonce0x7f(uint64) (runs: 256, μ: 544073, ~: 544185) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint16(uint64) (runs: 256, μ: 543306, ~: 543221) CreateAddressTest:testFuzzComputeAddressSelfNonceUint24(uint64) (runs: 256, μ: 543584, ~: 543675) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint32(uint64) (runs: 256, μ: 543658, ~: 543771) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint40(uint64) (runs: 256, μ: 543673, ~: 543755) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint48(uint64) (runs: 256, μ: 543716, ~: 543829) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint56(uint64) (runs: 256, μ: 543811, ~: 543899) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint64(uint64) (runs: 256, μ: 543876, ~: 544029) -CreateAddressTest:testFuzzComputeAddressSelfNonceUint8(uint64) (runs: 256, μ: 543385, ~: 543466) -CreateAddressTest:testFuzzComputeAddressSelfRevertTooHighNonce(uint256) (runs: 256, μ: 13210, ~: 13179) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint32(uint64) (runs: 256, μ: 543672, ~: 543771) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint40(uint64) (runs: 256, μ: 543665, ~: 543755) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint48(uint64) (runs: 256, μ: 543718, ~: 543829) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint56(uint64) (runs: 256, μ: 543806, ~: 543899) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint64(uint64) (runs: 256, μ: 543865, ~: 544029) +CreateAddressTest:testFuzzComputeAddressSelfNonceUint8(uint64) (runs: 256, μ: 543394, ~: 543466) +CreateAddressTest:testFuzzComputeAddressSelfRevertTooHighNonce(uint256) (runs: 256, μ: 13194, ~: 13179) ECDSATest:testEthSignedMessageHash() (gas: 5846) ECDSATest:testFuzzEthSignedMessageHash(string) (runs: 256, μ: 6436, ~: 6438) ECDSATest:testFuzzRecoverWithInvalidSignature(bytes,string) (runs: 256, μ: 15163, ~: 15164) @@ -132,7 +132,7 @@ ECDSATest:testToTypedDataHash() (gas: 5937) EIP712DomainSeparatorTest:testCachedDomainSeparatorV4() (gas: 7562) EIP712DomainSeparatorTest:testDomainSeparatorV4() (gas: 11305) EIP712DomainSeparatorTest:testEIP712Domain() (gas: 13629) -EIP712DomainSeparatorTest:testFuzzDomainSeparatorV4(uint8) (runs: 256, μ: 11460, ~: 11480) +EIP712DomainSeparatorTest:testFuzzDomainSeparatorV4(uint8) (runs: 256, μ: 11459, ~: 11480) EIP712DomainSeparatorTest:testFuzzEIP712Domain(bytes1,uint8,bytes32,uint256[]) (runs: 256, μ: 19162, ~: 19122) EIP712DomainSeparatorTest:testFuzzHashTypedDataV4(address,address,uint256,uint256,uint64) (runs: 256, μ: 7698, ~: 7698) EIP712DomainSeparatorTest:testHashTypedDataV4() (gas: 13017) @@ -170,19 +170,19 @@ ERC1155Test:testFuzzRenounceOwnershipSuccess(address) (runs: 256, μ: 48431, ~: ERC1155Test:testFuzzSafeBatchTransferFromByApprovedOperator(address,address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 225334, ~: 225315) ERC1155Test:testFuzzSafeBatchTransferFromEOAReceiver(address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 190443, ~: 190428) ERC1155Test:testFuzzSafeBatchTransferFromNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 564088, ~: 564088) -ERC1155Test:testFuzzSafeBatchTransferFromWithData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 564635, ~: 564245) +ERC1155Test:testFuzzSafeBatchTransferFromWithData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 564656, ~: 564245) ERC1155Test:testFuzzSafeMintBatchEOAReceiver(address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 152354, ~: 152346) -ERC1155Test:testFuzzSafeMintBatchNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 519865, ~: 519875) +ERC1155Test:testFuzzSafeMintBatchNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 519875, ~: 519875) ERC1155Test:testFuzzSafeMintBatchNonMinter(address) (runs: 256, μ: 40926, ~: 40926) -ERC1155Test:testFuzzSafeMintBatchWithData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 520205, ~: 519990) +ERC1155Test:testFuzzSafeMintBatchWithData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 520204, ~: 519990) ERC1155Test:testFuzzSafeMintEOAReceiver(address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 151277, ~: 151259) -ERC1155Test:testFuzzSafeMintNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 519908, ~: 519918) +ERC1155Test:testFuzzSafeMintNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 519918, ~: 519918) ERC1155Test:testFuzzSafeMintNonMinter(address) (runs: 256, μ: 33132, ~: 33132) -ERC1155Test:testFuzzSafeMintWithData(address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 521260, ~: 520809) +ERC1155Test:testFuzzSafeMintWithData(address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 521253, ~: 520809) ERC1155Test:testFuzzSafeTransferFromByApprovedOperator(address,address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 204218, ~: 204191) ERC1155Test:testFuzzSafeTransferFromEOAReceiver(address,address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 169414, ~: 169391) -ERC1155Test:testFuzzSafeTransferFromNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 606173, ~: 606183) -ERC1155Test:testFuzzSafeTransferFromWithData(address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 608248, ~: 607445) +ERC1155Test:testFuzzSafeTransferFromNoData(address,uint256,uint256,uint256,uint256) (runs: 256, μ: 606183, ~: 606183) +ERC1155Test:testFuzzSafeTransferFromWithData(address,uint256,uint256,uint256,uint256,bytes) (runs: 256, μ: 608258, ~: 607445) ERC1155Test:testFuzzSetApprovalForAllRevoke(address,address) (runs: 256, μ: 31052, ~: 31024) ERC1155Test:testFuzzSetApprovalForAllSuccess(address,address) (runs: 256, μ: 44181, ~: 44181) ERC1155Test:testFuzzSetMinterNonOwner(address,string) (runs: 256, μ: 15831, ~: 15845) @@ -266,8 +266,8 @@ ERC1155Test:testUriBaseAndTokenUriNotSet() (gas: 2768301) ERC1155Test:testUriBaseAndTokenUriSet() (gas: 65517) ERC1155Test:testUriNoBaseURI() (gas: 2818373) ERC1155Test:testUriNoTokenUri() (gas: 17407) -ERC20Invariants:invariantOwner() (runs: 256, calls: 3840, reverts: 3382) -ERC20Invariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3382) +ERC20Invariants:invariantOwner() (runs: 256, calls: 3840, reverts: 3384) +ERC20Invariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3384) ERC20Test:testApproveExceedingBalanceCase1() (gas: 40223) ERC20Test:testApproveExceedingBalanceCase2() (gas: 46478) ERC20Test:testApproveFromZeroAddress() (gas: 13220) @@ -388,8 +388,8 @@ ERC2981Test:testSupportsInterfaceSuccessGasCost() (gas: 6345) ERC2981Test:testTransferOwnershipNonOwner() (gas: 12649) ERC2981Test:testTransferOwnershipSuccess() (gas: 22091) ERC2981Test:testTransferOwnershipToZeroAddress() (gas: 15557) -ERC4626VaultInvariants:invariantTotalAssets() (runs: 256, calls: 3840, reverts: 3288) -ERC4626VaultInvariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3288) +ERC4626VaultInvariants:invariantTotalAssets() (runs: 256, calls: 3840, reverts: 3287) +ERC4626VaultInvariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3287) ERC4626VaultTest:testCachedDomainSeparator() (gas: 7676) ERC4626VaultTest:testDepositInsufficientAllowance() (gas: 82425) ERC4626VaultTest:testDepositWithNoApproval() (gas: 24740) @@ -400,12 +400,12 @@ ERC4626VaultTest:testEmptyVaultDeposit() (gas: 556789) ERC4626VaultTest:testEmptyVaultMint() (gas: 557600) ERC4626VaultTest:testEmptyVaultRedeem() (gas: 191988) ERC4626VaultTest:testEmptyVaultwithdraw() (gas: 204833) -ERC4626VaultTest:testFail_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 556456, ~: 559013) -ERC4626VaultTest:testFail_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 558304, ~: 560854) -ERC4626VaultTest:testFuzzDomainSeparator(uint8) (runs: 256, μ: 11557, ~: 11577) +ERC4626VaultTest:testFail_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 556559, ~: 559013) +ERC4626VaultTest:testFail_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 558305, ~: 560854) +ERC4626VaultTest:testFuzzDomainSeparator(uint8) (runs: 256, μ: 11555, ~: 11577) ERC4626VaultTest:testFuzzEIP712Domain(bytes1,uint8,bytes32,uint256[]) (runs: 256, μ: 19367, ~: 19328) -ERC4626VaultTest:testFuzzPermitInvalid(string,string,uint16) (runs: 256, μ: 45310, ~: 45212) -ERC4626VaultTest:testFuzzPermitSuccess(string,string,uint16) (runs: 256, μ: 70301, ~: 70336) +ERC4626VaultTest:testFuzzPermitInvalid(string,string,uint16) (runs: 256, μ: 45318, ~: 45349) +ERC4626VaultTest:testFuzzPermitSuccess(string,string,uint16) (runs: 256, μ: 70305, ~: 70336) ERC4626VaultTest:testInitialSetup() (gas: 5784605) ERC4626VaultTest:testMintWithNoApproval() (gas: 24769) ERC4626VaultTest:testMintZero() (gas: 37196) @@ -424,30 +424,30 @@ ERC4626VaultTest:testVaultInteractionsForSomeoneElse() (gas: 221714) ERC4626VaultTest:testWithdrawInsufficientAllowance() (gas: 122543) ERC4626VaultTest:testWithdrawInsufficientAssets() (gas: 117830) ERC4626VaultTest:testWithdrawWithNoAssets() (gas: 21327) -ERC4626VaultTest:test_RT_deposit_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473096, ~: 476788) -ERC4626VaultTest:test_RT_deposit_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 474542, ~: 478208) -ERC4626VaultTest:test_RT_mint_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473636, ~: 476872) -ERC4626VaultTest:test_RT_mint_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 474558, ~: 478620) -ERC4626VaultTest:test_RT_redeem_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473542, ~: 477190) -ERC4626VaultTest:test_RT_redeem_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473610, ~: 477395) -ERC4626VaultTest:test_RT_withdraw_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475446, ~: 479036) -ERC4626VaultTest:test_RT_withdraw_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475231, ~: 479085) -ERC4626VaultTest:test_asset((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423508, ~: 427947) -ERC4626VaultTest:test_convertToAssets((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 430062, ~: 432967) -ERC4626VaultTest:test_convertToShares((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 428941, ~: 432745) -ERC4626VaultTest:test_deposit((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 470778, ~: 473078) -ERC4626VaultTest:test_maxDeposit((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423521, ~: 427959) -ERC4626VaultTest:test_maxMint((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423546, ~: 427984) -ERC4626VaultTest:test_maxRedeem((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423661, ~: 428099) -ERC4626VaultTest:test_maxWithdraw((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 425231, ~: 429766) -ERC4626VaultTest:test_mint((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 471014, ~: 473343) -ERC4626VaultTest:test_previewDeposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 465314, ~: 468970) -ERC4626VaultTest:test_previewMint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 466302, ~: 469710) -ERC4626VaultTest:test_previewRedeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 467694, ~: 471199) -ERC4626VaultTest:test_previewWithdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 471220, ~: 472888) -ERC4626VaultTest:test_redeem((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 473832, ~: 475714) -ERC4626VaultTest:test_totalAssets((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 424112, ~: 428548) -ERC4626VaultTest:test_withdraw((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 475562, ~: 476993) +ERC4626VaultTest:test_RT_deposit_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 471961, ~: 476819) +ERC4626VaultTest:test_RT_deposit_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475339, ~: 478584) +ERC4626VaultTest:test_RT_mint_redeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473219, ~: 477074) +ERC4626VaultTest:test_RT_mint_withdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 474765, ~: 478503) +ERC4626VaultTest:test_RT_redeem_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473322, ~: 477054) +ERC4626VaultTest:test_RT_redeem_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 473671, ~: 477266) +ERC4626VaultTest:test_RT_withdraw_deposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 474985, ~: 478675) +ERC4626VaultTest:test_RT_withdraw_mint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 475125, ~: 479028) +ERC4626VaultTest:test_asset((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423570, ~: 427926) +ERC4626VaultTest:test_convertToAssets((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 430186, ~: 432725) +ERC4626VaultTest:test_convertToShares((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 429075, ~: 432608) +ERC4626VaultTest:test_deposit((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 470557, ~: 472955) +ERC4626VaultTest:test_maxDeposit((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423583, ~: 427939) +ERC4626VaultTest:test_maxMint((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423608, ~: 427964) +ERC4626VaultTest:test_maxRedeem((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 423723, ~: 428078) +ERC4626VaultTest:test_maxWithdraw((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 425256, ~: 429594) +ERC4626VaultTest:test_mint((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 471159, ~: 473431) +ERC4626VaultTest:test_previewDeposit((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 464685, ~: 469176) +ERC4626VaultTest:test_previewMint((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 465886, ~: 469620) +ERC4626VaultTest:test_previewRedeem((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 467821, ~: 471173) +ERC4626VaultTest:test_previewWithdraw((address[4],uint256[4],uint256[4],int256),uint256) (runs: 256, μ: 470824, ~: 472793) +ERC4626VaultTest:test_redeem((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 473319, ~: 475686) +ERC4626VaultTest:test_totalAssets((address[4],uint256[4],uint256[4],int256)) (runs: 256, μ: 424174, ~: 428528) +ERC4626VaultTest:test_withdraw((address[4],uint256[4],uint256[4],int256),uint256,uint256) (runs: 256, μ: 475521, ~: 476893) ERC721Invariants:invariantOwner() (runs: 256, calls: 3840, reverts: 3501) ERC721Invariants:invariantTotalSupply() (runs: 256, calls: 3840, reverts: 3501) ERC721Test:testApproveClearingApprovalWithNoPriorApproval() (gas: 177294) @@ -485,7 +485,7 @@ ERC721Test:testFuzzRenounceOwnershipNonOwner(address) (runs: 256, μ: 13938, ~: ERC721Test:testFuzzRenounceOwnershipSuccess(address) (runs: 256, μ: 48379, ~: 48364) ERC721Test:testFuzzSafeMintNonMinter(address) (runs: 256, μ: 15894, ~: 15894) ERC721Test:testFuzzSafeMintSuccess(address[]) (runs: 256, μ: 21195241, ~: 20542690) -ERC721Test:testFuzzSafeTransferFromWithData(address,address,address,bytes) (runs: 256, μ: 1428740, ~: 1429736) +ERC721Test:testFuzzSafeTransferFromWithData(address,address,address,bytes) (runs: 256, μ: 1428634, ~: 1429724) ERC721Test:testFuzzSetApprovalForAllSuccess(address,address) (runs: 256, μ: 188481, ~: 188481) ERC721Test:testFuzzSetMinterNonOwner(address,string) (runs: 256, μ: 15879, ~: 15895) ERC721Test:testFuzzSetMinterSuccess(string) (runs: 256, μ: 33247, ~: 33240) @@ -602,17 +602,14 @@ MerkleProofVerificationTest:testMultiProofEdgeCase2() (gas: 412458192) MerkleProofVerificationTest:testMultiProofVerify() (gas: 412482394) MerkleProofVerificationTest:testVerify() (gas: 67939391) MulticallTest:testMulticallRevert() (gas: 545382964) -MulticallTest:testMulticallSelfRevert() (gas: 1090186664) -MulticallTest:testMulticallSelfSuccess() (gas: 1635533990) -MulticallTest:testMulticallSuccess() (gas: 545386277) +MulticallTest:testMulticallSelfRevert() (gas: 1090186642) +MulticallTest:testMulticallSelfSuccess() (gas: 1635533968) +MulticallTest:testMulticallSuccess() (gas: 545386255) MulticallTest:testMulticallValueRevertCase1() (gas: 545926293) -MulticallTest:testMulticallValueRevertCase2() (gas: 545933683) -MulticallTest:testMulticallValueSelfCase1() (gas: 1091263516) -MulticallTest:testMulticallValueSelfCase2() (gas: 1091287257) -MulticallTest:testMulticallValueSelfSuccess() (gas: 1091295243) -MulticallTest:testMulticallValueSuccess() (gas: 545954649) -MulticallTest:testMultistaticcallRevert() (gas: 8937393460525252381) -MulticallTest:testMultistaticcallSuccess() (gas: 545350941) +MulticallTest:testMulticallValueRevertCase2() (gas: 545933655) +MulticallTest:testMulticallValueSuccess() (gas: 545954538) +MulticallTest:testMultistaticcallRevert() (gas: 8937393460525252382) +MulticallTest:testMultistaticcallSuccess() (gas: 545350963) Ownable2StepInvariants:invariantOwner() (runs: 256, calls: 3840, reverts: 3840) Ownable2StepInvariants:invariantPendingOwner() (runs: 256, calls: 3840, reverts: 3840) Ownable2StepTest:testAcceptOwnershipNonPendingOwner() (gas: 46604) @@ -655,8 +652,8 @@ SignatureCheckerTest:testEOAWithInvalidSignature2() (gas: 21022) SignatureCheckerTest:testEOAWithInvalidSigner() (gas: 20447) SignatureCheckerTest:testEOAWithTooHighSValue() (gas: 18068) SignatureCheckerTest:testEOAWithValidSignature() (gas: 19572) -SignatureCheckerTest:testFuzzEIP1271WithInvalidSigner(string,string) (runs: 256, μ: 35886, ~: 35896) +SignatureCheckerTest:testFuzzEIP1271WithInvalidSigner(string,string) (runs: 256, μ: 35890, ~: 35896) SignatureCheckerTest:testFuzzEIP1271WithValidSignature(string) (runs: 256, μ: 34432, ~: 34434) SignatureCheckerTest:testFuzzEOAWithInvalidSignature(bytes,string) (runs: 256, μ: 16841, ~: 16836) -SignatureCheckerTest:testFuzzEOAWithInvalidSigner(string,string) (runs: 256, μ: 21526, ~: 21527) -SignatureCheckerTest:testFuzzEOAWithValidSignature(string,string) (runs: 256, μ: 20667, ~: 20668) \ No newline at end of file +SignatureCheckerTest:testFuzzEOAWithInvalidSigner(string,string) (runs: 256, μ: 21524, ~: 21527) +SignatureCheckerTest:testFuzzEOAWithValidSignature(string,string) (runs: 256, μ: 20665, ~: 20668) \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index ce851c61..459e0b7c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## [`0.0.4`](https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.4) (Unreleased) +### 🔒 Security Fixes + +- **Utility Functions** + - [`Multicall`](https://github.com/pcaversaccio/snekmate/blob/v0.0.4/src/utils/Multicall.vy): Remove the `multicall_value_self` function as the `msg.value` should not be trusted. ([#167](https://github.com/pcaversaccio/snekmate/pull/167)) + ### 👀 Full Changelog - [`v0.0.3...v0.0.4`](https://github.com/pcaversaccio/snekmate/compare/v0.0.3...v0.0.4) diff --git a/src/utils/Multicall.vy b/src/utils/Multicall.vy index c1d86cba..10fea794 100644 --- a/src/utils/Multicall.vy +++ b/src/utils/Multicall.vy @@ -12,7 +12,7 @@ https://github.com/pcaversaccio/snekmate/discussions/82. The implementation is inspired by Matt Solomon's implementation here: https://github.com/mds1/multicall/blob/main/src/Multicall3.sol. -@custom:security Make sure you understand how `msg.sender` works in `CALL` vs +@custom:security Make sure you understand how `msg.sender` works in `CALL` vs. `DELEGATECALL` to the multicall contract, as well as the risks of using `msg.value` in a multicall. To learn more about the latter, see: - https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities#payable-multicall, @@ -42,14 +42,6 @@ struct BatchSelf: call_data: Bytes[max_value(uint16)] -# @dev Batch struct for `payable` function calls using this contract -# as destination address. -struct BatchValueSelf: - allow_failure: bool - value: uint256 - call_data: Bytes[max_value(uint16)] - - # @dev Result struct for function call results. struct Result: success: bool @@ -164,47 +156,6 @@ def multicall_self(data: DynArray[BatchSelf, max_value(uint8)]) -> DynArray[Resu return results -@external -@payable -def multicall_value_self(data: DynArray[BatchValueSelf, max_value(uint8)]) -> DynArray[Result, max_value(uint8)]: - """ - @dev Aggregates function calls with a `msg.value` using - `DELEGATECALL`, ensuring that each function returns - successfully if required. Since this function uses - `DELEGATECALL`, the `msg.sender` remains the same - account that invoked the function `multicall_value_self` - in the first place. - @notice Developers can include this function in their own - contract so that users can submit multiple function - calls in one transaction. Since the `msg.sender` is - preserved, it's equivalent to sending multiple transactions - from an EOA (externally-owned account, i.e. non-contract account). - - Furthermore, it is important to note that an external - call via `raw_call` does not perform an external code - size check on the target address. - @param data The array of `BatchValueSelf` structs. - @return DynArray The array of `Result` structs. - """ - value_accumulator: uint256 = empty(uint256) - results: DynArray[Result, max_value(uint8)] = [] - return_data: Bytes[max_value(uint8)] = b"" - success: bool = empty(bool) - for batch in data: - msg_value: uint256 = batch.value - value_accumulator = unsafe_add(value_accumulator, msg_value) - if (batch.allow_failure == False): - return_data = raw_call(self, batch.call_data, max_outsize=255, value=msg_value, is_delegate_call=True) - success = True - results.append(Result({success: success, return_data: return_data})) - else: - success, return_data = \ - raw_call(self, batch.call_data, max_outsize=255, value=msg_value, is_delegate_call=True, revert_on_failure=False) - results.append(Result({success: success, return_data: return_data})) - assert msg.value == value_accumulator, "Multicall: value mismatch" - return results - - @external @view def multistaticcall(data: DynArray[Batch, max_value(uint8)]) -> DynArray[Result, max_value(uint8)]: diff --git a/test/utils/Multicall.t.sol b/test/utils/Multicall.t.sol index c7bacab7..36d7f97a 100644 --- a/test/utils/Multicall.t.sol +++ b/test/utils/Multicall.t.sol @@ -302,210 +302,6 @@ contract MulticallTest is Test { multicall.multicall_self(batchSelf); } - function testMulticallValueSelfSuccess() public { - IMulticall.BatchValue[] memory batchValue = new IMulticall.BatchValue[]( - 4 - ); - batchValue[0] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batchValue[1] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("store(uint256)", type(uint256).max) - ); - batchValue[2] = IMulticall.BatchValue( - mockCalleeAddr, - true, - 0, - abi.encodeWithSignature("thisMethodReverts()") - ); - batchValue[3] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 1, - abi.encodeWithSignature("transferEther(address)", etherReceiverAddr) - ); - - IMulticall.Batch[] memory batch = new IMulticall.Batch[](2); - batch[0] = IMulticall.Batch( - mockCalleeAddr, - false, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batch[1] = IMulticall.Batch( - mockCalleeAddr, - true, - abi.encodeWithSignature("thisMethodReverts()") - ); - - IMulticall.BatchValueSelf[] - memory batchValueSelf = new IMulticall.BatchValueSelf[](2); - batchValueSelf[0] = IMulticall.BatchValueSelf( - false, - 1, - abi.encodeWithSignature( - "multicall_value((address,bool,uint256,bytes)[])", - batchValue - ) - ); - batchValueSelf[1] = IMulticall.BatchValueSelf( - true, - 0, - abi.encodeWithSignature( - "multistaticcall((address,bool,bytes)[])", - batch - ) - ); - - IMulticall.Result[] memory results = multicall.multicall_value_self{ - value: 1 - }(batchValueSelf); - assertTrue(results[0].success); - assertTrue(!results[1].success); - assertEq(etherReceiverAddr.balance, 1 wei); - } - - function testMulticallValueSelfCase1() public { - IMulticall.BatchValue[] memory batchValue = new IMulticall.BatchValue[]( - 4 - ); - batchValue[0] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batchValue[1] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("store(uint256)", type(uint256).max) - ); - /** - * @dev We don't allow for a failure. - */ - batchValue[2] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("thisMethodReverts()") - ); - batchValue[3] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 1, - abi.encodeWithSignature("transferEther(address)", etherReceiverAddr) - ); - - IMulticall.Batch[] memory batch = new IMulticall.Batch[](2); - batch[0] = IMulticall.Batch( - mockCalleeAddr, - false, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batch[1] = IMulticall.Batch( - mockCalleeAddr, - true, - abi.encodeWithSignature("thisMethodReverts()") - ); - - IMulticall.BatchValueSelf[] - memory batchValueSelf = new IMulticall.BatchValueSelf[](2); - batchValueSelf[0] = IMulticall.BatchValueSelf( - false, - 1, - abi.encodeWithSignature( - "multicall_value((address,bool,uint256,bytes)[])", - batchValue - ) - ); - batchValueSelf[1] = IMulticall.BatchValueSelf( - true, - 0, - abi.encodeWithSignature( - "multistaticcall((address,bool,bytes)[])", - batch - ) - ); - - vm.expectRevert( - abi.encodeWithSelector(Reverted.selector, mockCalleeAddr) - ); - multicall.multicall_value_self{value: 1}(batchValueSelf); - } - - function testMulticallValueSelfCase2() public { - IMulticall.BatchValue[] memory batchValue = new IMulticall.BatchValue[]( - 4 - ); - batchValue[0] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batchValue[1] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 0, - abi.encodeWithSignature("store(uint256)", type(uint256).max) - ); - batchValue[2] = IMulticall.BatchValue( - mockCalleeAddr, - true, - 0, - abi.encodeWithSignature("thisMethodReverts()") - ); - batchValue[3] = IMulticall.BatchValue( - mockCalleeAddr, - false, - 1, - abi.encodeWithSignature("transferEther(address)", etherReceiverAddr) - ); - - IMulticall.Batch[] memory batch = new IMulticall.Batch[](2); - batch[0] = IMulticall.Batch( - mockCalleeAddr, - false, - abi.encodeWithSignature("getBlockHash(uint256)", block.number) - ); - batch[1] = IMulticall.Batch( - mockCalleeAddr, - true, - abi.encodeWithSignature("thisMethodReverts()") - ); - - IMulticall.BatchValueSelf[] - memory batchValueSelf = new IMulticall.BatchValueSelf[](2); - batchValueSelf[0] = IMulticall.BatchValueSelf( - false, - 1, - abi.encodeWithSignature( - "multicall_value((address,bool,uint256,bytes)[])", - batchValue - ) - ); - batchValueSelf[1] = IMulticall.BatchValueSelf( - true, - 0, - abi.encodeWithSignature( - "multistaticcall((address,bool,bytes)[])", - batch - ) - ); - - vm.expectRevert(bytes("Multicall: value mismatch")); - /** - * @dev We send too much `msg.value`. - */ - multicall.multicall_value_self{value: 2}(batchValueSelf); - } - function testMultistaticcallSuccess() public { IMulticall.Batch[] memory batch = new IMulticall.Batch[](2); batch[0] = IMulticall.Batch( diff --git a/test/utils/interfaces/IMulticall.sol b/test/utils/interfaces/IMulticall.sol index eb02c62b..4151c69c 100644 --- a/test/utils/interfaces/IMulticall.sol +++ b/test/utils/interfaces/IMulticall.sol @@ -20,12 +20,6 @@ interface IMulticall { bytes callData; } - struct BatchValueSelf { - bool allowFailure; - uint256 value; - bytes callData; - } - struct Result { bool success; bytes returnData; @@ -43,10 +37,6 @@ interface IMulticall { BatchSelf[] calldata batchSelf ) external returns (Result[] memory results); - function multicall_value_self( - BatchValueSelf[] calldata batchValueSelf - ) external payable returns (Result[] memory results); - function multistaticcall( Batch[] calldata batch ) external pure returns (Result[] memory results); From fca6dcd4a8b900738f559d1d8e827c39dc5821c2 Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Fri, 13 Oct 2023 15:39:33 +0200 Subject: [PATCH 2/2] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=20Bump=20Release=20Nu?= =?UTF-8?q?mber=20to=20`0.0.4`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pascal Marco Caversaccio --- CHANGELOG.md | 2 +- lib/openzeppelin-contracts | 2 +- package.json | 2 +- pyproject.toml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 459e0b7c..14d937dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # 🕓 Changelog -## [`0.0.4`](https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.4) (Unreleased) +## [`0.0.4`](https://github.com/pcaversaccio/snekmate/releases/tag/v0.0.4) (13-10-2023) ### 🔒 Security Fixes diff --git a/lib/openzeppelin-contracts b/lib/openzeppelin-contracts index 7ef43333..6383299d 160000 --- a/lib/openzeppelin-contracts +++ b/lib/openzeppelin-contracts @@ -1 +1 @@ -Subproject commit 7ef43333011c9d9fae7ee35f5dd680db3c051b16 +Subproject commit 6383299d715d7cd3d697ab655b42f8e61e52e197 diff --git a/package.json b/package.json index cae32b63..2702834a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "snekmate", - "version": "0.0.4-rc.2", + "version": "0.0.4", "description": "State-of-the-art, highly opinionated, hyper-optimised, and secure 🐍Vyper smart contract building blocks.", "author": "Pascal Marco Caversaccio ", "license": "AGPL-3.0-only", diff --git a/pyproject.toml b/pyproject.toml index 45d2fb83..eaecad49 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "snekmate" -version = "0.0.4rc2" +version = "0.0.4" description = "State-of-the-art, highly opinionated, hyper-optimised, and secure 🐍Vyper smart contract building blocks." readme = {file = "README.md", content-type = "text/markdown"} requires-python = ">=3.10"