Section 5: T-Swap | DeFi Introduction (10:42:39) - Patrick Encountered a TransferFrom Error, but I Received a Deposit Error

[Basha-dude]

https://github.com/Basha-dude/foundry-security-course-errorGiving-different

[PatrickAlphaC]

Hello! Thanks for making this issue.

Can you:

1. Could you please remember to follow this section to format your questions? https://youtu.be/umepbfKp5rI?t=22464

[Basha-dude]

these are the wo contracts 1) Handler.t.sol

         //SPDX-License-Identifier:MIT
pragma solidity ^0.8.20;

import {Test, console} from "forge-std/Test.sol";
import {StdInvariant} from "forge-std/StdInvariant.sol";
import {HandlerStatefulFuzzCatches} from "../../../src/invariant-break/HandlerStatefulFuzzCatches.sol";
import {MockUSDC} from "../../mocks/MockUSDC.sol";
import {YeildERC20} from "../../mocks/YeildERC20.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";

contract Handler is StdInvariant,Test{
   HandlerStatefulFuzzCatches handlerStatefulFuzzCatches;
   YeildERC20 yeildERC20;
   MockUSDC mockUSDC;
   address user;
   constructor(HandlerStatefulFuzzCatches _handlerStatefulFuzzCatches,
   YeildERC20 _yeildERC20,
   MockUSDC _mockUSDC,
   address _user
   ) {
       handlerStatefulFuzzCatches = _handlerStatefulFuzzCatches;
       yeildERC20 =_yeildERC20;
       mockUSDC = _mockUSDC;
       user = _user;
   }
   function depositYeildERC20(uint256 _amount) public {
       uint256 amount = bound(_amount,0,yeildERC20.balanceOf(user));
       vm.startPrank(user);
       yeildERC20.approve(address(handlerStatefulFuzzCatches),amount);
       handlerStatefulFuzzCatches.depositToken(yeildERC20,amount);
       vm.stopPrank();
   }
    function depositMockUSDC(uint256 _amount) public {
       uint256 amount = bound(_amount,0,mockUSDC.balanceOf(user));
       vm.startPrank(user);
       mockUSDC.approve(address(handlerStatefulFuzzCatches),amount);
       handlerStatefulFuzzCatches.depositToken(mockUSDC,amount);
       vm.stopPrank();
   }
   function withdrawYeildERC20()  public {
               vm.startPrank(user);
         handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
               vm.stopPrank();

   }
    function withdrawMockUSDC()  public {
               vm.startPrank(user);
         handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
               vm.stopPrank();

   }
}

and 2) Invariant.t.sol

// SPDX-License-Identifier:MIT
pragma solidity ^0.8.20;

import {Test, console} from "forge-std/Test.sol";
import {StdInvariant} from "forge-std/StdInvariant.sol";
import {HandlerStatefulFuzzCatches} from "../../../src/invariant-break/HandlerStatefulFuzzCatches.sol";
import {MockUSDC} from "../../mocks/MockUSDC.sol";
import {YeildERC20} from "../../mocks/YeildERC20.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {Handler} from "./Handler.t.sol";

contract Invariant is StdInvariant, Test {
   HandlerStatefulFuzzCatches handlerStatefulFuzzCatches;
   MockUSDC mockUSDC;
   YeildERC20 yeildERC20;
   IERC20[] supposedTokens;
   uint256 startingAmount;
   address user = makeAddr("user");
   Handler handler;

   function setUp() external {
       vm.startPrank(user);
       yeildERC20 = new YeildERC20();
       mockUSDC = new MockUSDC();
       
       startingAmount = yeildERC20.INITIAL_SUPPLY();
       mockUSDC.mint(user, startingAmount);
   
       vm.stopPrank();
       supposedTokens.push(mockUSDC);
       supposedTokens.push(yeildERC20);
       handlerStatefulFuzzCatches = new HandlerStatefulFuzzCatches(supposedTokens);
       targetContract(address(handlerStatefulFuzzCatches));
          
          handler = new Handler(handlerStatefulFuzzCatches,yeildERC20,mockUSDC,user); 

           bytes4[] memory selectors = new bytes4[](4);
            selectors[0] = handler.depositYeildERC20.selector; 
            selectors[1] = handler.depositMockUSDC.selector;
            selectors[2] = handler.withdrawMockUSDC.selector;
           selectors[3]  = handler.withdrawYeildERC20.selector; 
            targetSelector(FuzzSelector({addr : address(handler),selectors:selectors }));  

   }

    function statefulFuzz_testInvariantsBreakHandler() public {
       vm.startPrank(user);
       handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
       handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
       vm.stopPrank();
                  
         assert(mockUSDC.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
       assert(yeildERC20.balanceOf(address(handlerStatefulFuzzCatches)) == 0);

       assert(yeildERC20.balanceOf(user) == startingAmount);
       assert(mockUSDC.balanceOf(user) == startingAmount);
       
   }

}

and this is the error :

[⠢] Compiling...
No files changed, compilation skipped

Ran 1 test for test/invariant-break/handler/Invariant.t.sol:Invariant
[FAIL. Reason: custom error 43d95d07:]
        [Sequence]
                sender=0x00000000000000000000000000000000000025c5 addr=[src/invariant-break/HandlerStatefulFuzzCatches.sol:HandlerStatefulFuzzCatches]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositToken(address,uint256) args=[0xFAF443257a656507D4b35506c5229DC96050d63E, 183]
 statefulFuzz_testInvariantsBreakHandler() (runs: 1, calls: 1, reverts: 1)
Traces:
  [3057620] Invariant::setUp()
    ├─ [0] VM::startPrank(user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D])
    │   └─ ← [Return] 
    ├─ [564670] → new YeildERC20@0x7BD1119CEC127eeCDBa5DCA7d1Bd59986f6d7353
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Return] 2351 bytes of code
    ├─ [430367] → new MockUSDC@0x5929B14F2984bBE5309c2eC9E7819060C31c970f
    │   └─ ← [Return] 1924 bytes of code
    ├─ [251] YeildERC20::INITIAL_SUPPLY() [staticcall]
    │   └─ ← [Return] 1000000000000000000000000 [1e24]
    ├─ [46789] MockUSDC::mint(user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], 1000000000000000000000000 [1e24])
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Stop] 
    ├─ [0] VM::stopPrank()
    │   └─ ← [Return] 
    ├─ [323357] → new HandlerStatefulFuzzCatches@0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f
    │   └─ ← [Return] 1387 bytes of code
    ├─ [1239699] → new Handler@0x2e234DAe75C793f67A35089C9d99245E1C58470b
    │   └─ ← [Return] 5526 bytes of code
    └─ ← [Stop] 

  [2555] HandlerStatefulFuzzCatches::depositToken(0xFAF443257a656507D4b35506c5229DC96050d63E, 183)
    └─ ← [Revert] HandlerStatefulFuzzCatches__UnsupportedToken()

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 14.22ms (3.54ms CPU time)

Ran 1 test suite in 1.69s (14.22ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:
Encountered 1 failing test in test/invariant-break/handler/Invariant.t.sol:Invariant
[FAIL. Reason: custom error 43d95d07:]
        [Sequence]
                sender=0x00000000000000000000000000000000000025c5 addr=[src/invariant-break/HandlerStatefulFuzzCatches.sol:HandlerStatefulFuzzCatches]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositToken(address,uint256) args=[0xFAF443257a656507D4b35506c5229DC96050d63E, 183]
 statefulFuzz_testInvariantsBreakHandler() (runs: 1, calls: 1, reverts: 1)

Encountered a total of 1 failing tests, 0 tests succeeded
rebelbash@LAPTOP-QQLIBCSB:~/f23/security-courses-patrick/sc-exploits-minimized$ forge test --mt statefulFuzz_testInvariantsBreakHandler -vvvv
[⠒] Compiling...
[⠒] Compiling 2 files with 0.8.20
[⠑] Solc 0.8.20 finished in 1.42s
Compiler run successful!

Ran 1 test for test/invariant-break/handler/Invariant.t.sol:Invariant
[FAIL. Reason: custom error 43d95d07:]
        [Sequence]
                sender=0x0000000000000000000000000000000000000966 addr=[src/invariant-break/HandlerStatefulFuzzCatches.sol:HandlerStatefulFuzzCatches]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositToken(address,uint256) args=[0xFAF443257a656507D4b35506c5229DC96050d63E, 183]
 statefulFuzz_testInvariantsBreakHandler() (runs: 1, calls: 1, reverts: 1)
Traces:
  [3057620] Invariant::setUp()
    ├─ [0] VM::startPrank(user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D])
    │   └─ ← [Return] 
    ├─ [564670] → new YeildERC20@0x7BD1119CEC127eeCDBa5DCA7d1Bd59986f6d7353
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Return] 2351 bytes of code
    ├─ [430367] → new MockUSDC@0x5929B14F2984bBE5309c2eC9E7819060C31c970f
    │   └─ ← [Return] 1924 bytes of code
    ├─ [251] YeildERC20::INITIAL_SUPPLY() [staticcall]
    │   └─ ← [Return] 1000000000000000000000000 [1e24]
    ├─ [46789] MockUSDC::mint(user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], 1000000000000000000000000 [1e24])
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: user: [0x6CA6d1e2D5347Bfab1d91e883F1915560e09129D], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Stop] 
    ├─ [0] VM::stopPrank()
    │   └─ ← [Return] 
    ├─ [323357] → new HandlerStatefulFuzzCatches@0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f
    │   └─ ← [Return] 1387 bytes of code
    ├─ [1239699] → new Handler@0x2e234DAe75C793f67A35089C9d99245E1C58470b
    │   └─ ← [Return] 5526 bytes of code
    └─ ← [Stop] 

  [2555] HandlerStatefulFuzzCatches::depositToken(0xFAF443257a656507D4b35506c5229DC96050d63E, 183)
    └─ ← [Revert] HandlerStatefulFuzzCatches__UnsupportedToken()

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 7.26ms (3.65ms CPU time)

Ran 1 test suite in 1.14s (7.26ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:
Encountered 1 failing test in test/invariant-break/handler/Invariant.t.sol:Invariant
[FAIL. Reason: custom error 43d95d07:]
        [Sequence]
                sender=0x0000000000000000000000000000000000000966 addr=[src/invariant-break/HandlerStatefulFuzzCatches.sol:HandlerStatefulFuzzCatches]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositToken(address,uint256) args=[0xFAF443257a656507D4b35506c5229DC96050d63E, 183]
 statefulFuzz_testInvariantsBreakHandler() (runs: 1, calls: 1, reverts: 1)

Encountered a total of 1 failing tests, 0 tests succeeded

when i run this forge test --mt statefulFuzz_testInvariantsBreakHandler -vvvv command
but you got transferFrom error , at here DeFi Introduction 10:42:39, thanks for responding, and i tried make as hard as to format this question.``` if not good enough sorry for making you trouble.: 😔 and here is the Github link to it

[Basha-dude]

and if this does not make sense ,this is the link to it https://github.com/Basha-dude/foundry-security-course-errorGiving-different

[EngrPips]

Hello @Basha-dude, Your code is not the same as the code in Patrick's codebase. You can compare your Invariant to the one below and see where you got it wrong. Why is your targetSelector coming after your targetContract, though?

pragma solidity 0.8.20;

import {Test} from "forge-std/Test.sol";
import {StdInvariant} from "forge-std/StdInvariant.sol";
import {HandlerStatefulFuzzCatches} from "../../../src/invariant-break/HandlerStatefulFuzzCatches.sol";
import {YeildERC20} from "../../mocks/YeildERC20.sol";
import {MockUSDC} from "../../mocks/MockUSDC.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {Handler} from "./Handler.t.sol";

contract InvariantBreakHardTest is StdInvariant, Test {
    HandlerStatefulFuzzCatches handlerStatefulFuzzCatches;
    YeildERC20 yeildERC20;
    MockUSDC mockUSDC;
    IERC20[] public supportedTokens;
    uint256 public startingAmount;

    address owner = makeAddr("owner");

    Handler handler;

    function setUp() public {
        vm.startPrank(owner);
        // Give our owner 1M tokens each
        yeildERC20 = new YeildERC20();
        startingAmount = yeildERC20.INITIAL_SUPPLY();
        mockUSDC = new MockUSDC();
        mockUSDC.mint(owner, startingAmount);

        supportedTokens.push(mockUSDC);
        supportedTokens.push(yeildERC20);
        handlerStatefulFuzzCatches = new HandlerStatefulFuzzCatches(supportedTokens);
        vm.stopPrank();

        handler = new Handler(handlerStatefulFuzzCatches, yeildERC20, mockUSDC);

        bytes4[] memory selectors = new bytes4[](3);
        selectors[0] = handler.depositYeildERC20.selector;
        selectors[1] = handler.withdrawYeildERC20.selector;
        selectors[2] = handler.withdrawMockUSDC.selector;

        targetSelector(FuzzSelector({addr: address(handler), selectors: selectors}));
        targetContract(address(handler));
    }

    // THIS however, catches our bug!!!
    function statefulFuzz_testInvariantBreakHandler() public {
        vm.startPrank(owner);
        handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
        handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
        vm.stopPrank();

        assert(mockUSDC.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(yeildERC20.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(mockUSDC.balanceOf(owner) == startingAmount);
        assert(yeildERC20.balanceOf(owner) == startingAmount);
    }
}

[Basha-dude]

you can see my code, I did not write this:

  targetSelector(FuzzSelector({addr: address(handler), selectors: selectors}));
        targetContract(address(handler));

i only wrote this

      targetSelector(FuzzSelector({addr: address(handler), selectors: selectors}));

in this Invariants.t.sol in the link or above images

  // SPDX-License-Identifier:MIT
pragma solidity ^0.8.20;

import {Test, console} from "forge-std/Test.sol";
import {StdInvariant} from "forge-std/StdInvariant.sol";
import {HandlerStatefulFuzzCatches} from "../../../src/invariant-break/HandlerStatefulFuzzCatches.sol";
import {MockUSDC} from "../../mocks/MockUSDC.sol";
import {YeildERC20} from "../../mocks/YeildERC20.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {Handler} from "./Handler.t.sol";

contract Invariant is StdInvariant, Test {
    HandlerStatefulFuzzCatches handlerStatefulFuzzCatches;
    MockUSDC mockUSDC;
    YeildERC20 yeildERC20;
    IERC20[] supposedTokens;
    uint256 startingAmount;
    address user = makeAddr("user");
    Handler handler;

    function setUp() external {
        vm.startPrank(user);
        yeildERC20 = new YeildERC20();
        mockUSDC = new MockUSDC();

        startingAmount = yeildERC20.INITIAL_SUPPLY();
        mockUSDC.mint(user, startingAmount);

        vm.stopPrank();
        supposedTokens.push(mockUSDC);
        supposedTokens.push(yeildERC20);
        handlerStatefulFuzzCatches = new HandlerStatefulFuzzCatches(supposedTokens);
        targetContract(address(handlerStatefulFuzzCatches));

        handler = new Handler(handlerStatefulFuzzCatches, yeildERC20, mockUSDC, user);

        bytes4[] memory selectors = new bytes4[](4);
        selectors[0] = handler.depositYeildERC20.selector;
        selectors[1] = handler.depositMockUSDC.selector;
        selectors[2] = handler.withdrawMockUSDC.selector;
        selectors[3] = handler.withdrawYeildERC20.selector;
        targetSelector(FuzzSelector({addr: address(handler), selectors: selectors}));
    }

    function statefulFuzz_testInvariantsBreakHandler() public {
        vm.startPrank(user);
        handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
        handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
        vm.stopPrank();

        assert(mockUSDC.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(yeildERC20.balanceOf(address(handlerStatefulFuzzCatches)) == 0);

        assert(yeildERC20.balanceOf(user) == startingAmount);
        assert(mockUSDC.balanceOf(user) == startingAmount);
    }
}

AND thanks for responding 🥰

[EngrPips]

I don't understand what you meant. But for you to get the same result as Patrick, your code needs to be the same as Patrick's.

[Basha-dude]

Hey buddy ,I wanted to apologize for doubting your help earlier. I initially thought you was wrong, but I realize now that the mistake was on my end. Thank you for your assistance and for taking the time to help me. I appreciate your expertise and patience.

[EngrPips]

Anytime, Friend. I am glad you caught the issue. Keep crushing it!

[Basha-dude]

will you help me, i don't understand the targetSelector topic
and here

    
    function statefulFuzz_testInvariantsBreakHandler() public {
        vm.startPrank(user);
        handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
        handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
        vm.stopPrank();

        assert(mockUSDC.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(yeildERC20.balanceOf(address(handlerStatefulFuzzCatches)) == 0);

        assert(yeildERC20.balanceOf(user) == startingAmount);
        assert(mockUSDC.balanceOf(user) == startingAmount);
    }
}

i don't understand the how it is withdrawing the tokens without depositing the tokens and In which order the INVARIANT TEST CALLS the selectors randomly or like first, second etc... ? will you explain it

[EngrPips]

The fuzzer calls the target contract randomly, and that is why it is called fuzzing because there is no order of call, and the targetSelector tells the fuzzer the functions it is allowed to call on our targetContract and about how we are able to withdraw without deposit that is us just assuming that the fuzzer will call the deposit function on the first call to the targetContract and also the withdrawToken function doesn't revert if balance is 0 I assume.

[Basha-dude]

Thanks for answering, now i understood, Are you working in a job?

[EngrPips]

Hello @Basha-dude, I need clarification on what he said at that timestamp you provided. Please let me know what you need help understanding so I can try to help you.

[Basha-dude]

he talked about Traverse community and forums which is i don't understand

[EngrPips]

I can't remember correctly, but I think that should mean you should learn to connect with people and use all necessary channels to unblock yourself whenever you get blocked. Programming is more about connecting and discussing with like-minded people than coding, and especially Web3 encourages connecting and exploring.

[Basha-dude]

thanks for answering!

[EngrPips]

You are always welcome. Friend.

[Basha-dude]

Hey @EngrPips, I want to contribute to open source. Will you guide me on how to contribute? or suggest some open source videos only for web3.

[EngrPips]

Hello @Basha-dude, I suggest you start by contributing to the cyfrin updraft course since it is a resource you have been heavily using. There is no super guide to contributing to an open-source project. Just keep using all of the open-source resources you have been using, and whenever you see what could be improved, make a PR to contribute. Nothing is too small as a contribution; even a typography error is a good start for contributing to an open-source resource.

[Basha-dude]

Hey @EngrPips, I don't even know how to contribute to it., i am very new to it

[EngrPips]

Hello @Basha-dude, Contributing basically means making a PR(pull request) to the repo you want to contribute to.

[allwin199]

@Basha-dude If you see a typo in a code base you can raise a PR to fix this. Then you can move on to bigger issues.
You can search for how to contribute to open-source videos. You will get answers.

[EngrPips]

Honestly, I haven't opened the codebase yet to see what the contract does, but from the error in this line of code (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance(); we can conclude that yes the contract is an escrow contract.

[Basha-dude]

hey @EngrPips buddy, i ran into a issue ,in handler.t.sol it is not logging , but in the invaiant.t.sol it is logging, this is the github link

[EngrPips]

You mean console.log() is not working inside handler.t.sol but it is working inside invariant.t.sol?

[Basha-dude]

@EngrPips Yep!

[EngrPips]

That's weird. I will first of all run foundryup retry and see if the problem persists.

[Basha-dude]

@EngrPips yeah I did, still it is not logging

[EngrPips]

When you get errors, you need to figure out why you get errors and leave Patrick out of your own error. Figure out what you have done wrongly. That is why you are a programmer. You solve problems and figure out stuff.

[21675] Invariant::testDeposit()
    ├─ [16463] TSwapPoolHandler::deposit(1000000000 [1e9])
    │   ├─ [11369] TSwapPool::getPoolTokensToDepositBasedOnWeth(1000000000 [1e9]) [staticcall]
    │   │   ├─ [2562] ERC20Mock::balanceOf(TSwapPool: [0x4f81992FCe2E1846dD528eC0102e6eE1f61ed3e2]) [staticcall]
    │   │   │   └─ ← [Return] 0
    │   │   ├─ [2562] ERC20Mock::balanceOf(TSwapPool: [0x4f81992FCe2E1846dD528eC0102e6eE1f61ed3e2]) [staticcall]
    │   │   │   └─ ← [Return] 0
    │   │   └─ ← [Revert] panic: division or modulo by zero (0x12)
    │   └─ ← [Revert] panic: division or modulo by zero (0x12)
    └─ ← [Revert] panic: division or modulo by zero (0x12)

Are your ERC20Mock balance of the pool supposed to be returning 0? Because the ERC20Mock balance of the pool returns 0 as shown in the below output

├─ [2562] ERC20Mock::balanceOf(TSwapPool: [0x4f81992FCe2E1846dD528eC0102e6eE1f61ed3e2]) [staticcall]
    │   │   │   └─ ← [Return] 0
    │   │   ├─ [2562] ERC20Mock::balanceOf(TSwapPool: [0x4f81992FCe2E1846dD528eC0102e6eE1f61ed3e2]) [staticcall]
    │   │   │   └─ ← [Return] 0

Is this expected?

[Basha-dude]

hey @EngrPips , i just tried the sc minimum exploits invariant testing

and here is the error

rebelbash@LAPTOP-QQLIBCSB:~/MEN-ARE-BRAVE/security-coursesP1-patrick/sc-exploits-minimized$ forge test --mt statefulFuzz_testInvariantBreakHandler -vvvvv
[⠢] Compiling...
No files changed, compilation skipped

Ran 1 test for test/invariant-break/HandlerStatefulFuzz/Invariant.t.sol:InvariantBreakHardTest
[FAIL. Reason: statefulFuzz_testInvariantBreakHandler replay failure]
        [Sequence]
                sender=0x000000000000000000000000000000000000025A addr=[test/invariant-break/HandlerStatefulFuzz/Handler.t.sol:Handler]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositYeildERC20(uint256) args=[17612427828164252899567375131083675060321490699781413 [1.761e52]]
 statefulFuzz_testInvariantBreakHandler() (runs: 1, calls: 1, reverts: 1)
Logs:
  Bound result 655846896068591132423895

Traces:
  [3291354] InvariantBreakHardTest::setUp()
    ├─ [0] VM::startPrank(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266])
    │   └─ ← [Return] 
    ├─ [564670] → new YeildERC20@0x88F59F8826af5e695B13cA934d6c7999875A9EeA
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Return] 2351 bytes of code
    ├─ [251] YeildERC20::INITIAL_SUPPLY() [staticcall]
    │   └─ ← [Return] 1000000000000000000000000 [1e24]
    ├─ [430367] → new MockUSDC@0xCeF98e10D1e80378A9A74Ce074132B66CDD5e88d
    │   └─ ← [Return] 1924 bytes of code
    ├─ [46789] MockUSDC::mint(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], 1000000000000000000000000 [1e24])
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], value: 1000000000000000000000000 [1e24])
    │   └─ ← [Stop] 
    ├─ [323357] → new HandlerStatefulFuzzCatches@0x72cC13426cAfD2375FFABE56498437927805d3d2
    │   └─ ← [Return] 1387 bytes of code
    ├─ [0] VM::stopPrank()
    │   └─ ← [Return] 
    ├─ [1490101] → new Handler@0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f
    │   └─ ← [Return] 6886 bytes of code
    └─ ← [Stop] 

  [105608] Handler::depositYeildERC20(17612427828164252899567375131083675060321490699781413 [1.761e52])
    ├─ [0] VM::startPrank(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266])
    │   └─ ← [Return] 
    ├─ [2552] YeildERC20::balanceOf(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266]) [staticcall]
    │   └─ ← [Return] 1000000000000000000000000 [1e24]
    ├─ [0] console::log("Bound result", 655846896068591132423895 [6.558e23]) [staticcall]
    │   └─ ← [Stop] 
    ├─ [24784] YeildERC20::approve(HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2], 655846896068591132423895 [6.558e23])
    │   ├─ emit Approval(owner: owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], spender: HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2], value: 655846896068591132423895 [6.558e23])
    │   └─ ← [Return] true
    ├─ [77630] HandlerStatefulFuzzCatches::depositToken(YeildERC20: [0x88F59F8826af5e695B13cA934d6c7999875A9EeA], 655846896068591132423895 [6.558e23])
    │   ├─ [51236] YeildERC20::transferFrom(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2], 655846896068591132423895 [6.558e23])
    │   │   ├─ emit Transfer(from: owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], to: HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2], value: 655846896068591132423895 [6.558e23])
    │   │   └─ ← [Return] true
    │   └─ ← [Stop] 
    ├─ [0] VM::stopPrank()
    │   └─ ← [Return] 
    └─ ← [Stop] 

  [37554] InvariantBreakHardTest::statefulFuzz_testInvariantBreakHandler()
    ├─ [0] VM::startPrank(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266])
    │   └─ ← [Return] 
    ├─ [16107] HandlerStatefulFuzzCatches::withdrawToken(MockUSDC: [0xCeF98e10D1e80378A9A74Ce074132B66CDD5e88d])
    │   ├─ [7288] MockUSDC::transfer(owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], 0)
    │   │   ├─ emit Transfer(from: HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2], to: owner: [0x7c8999dC9a822c1f0Df42023113EDB4FDd543266], value: 0)
    │   │   └─ ← [Return] true
    │   └─ ← [Stop] 
    ├─ [0] VM::stopPrank()
    │   └─ ← [Return] 
    ├─ [562] MockUSDC::balanceOf(HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2]) [staticcall]
    │   └─ ← [Return] 0
    ├─ [2552] YeildERC20::balanceOf(HandlerStatefulFuzzCatches: [0x72cC13426cAfD2375FFABE56498437927805d3d2]) [staticcall]
    │   └─ ← [Return] 655846896068591132423895 [6.558e23]
    └─ ← [Revert] panic: assertion failed (0x01)

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 3.87ms (1.57ms CPU time)

Ran 1 test suite in 1.46s (3.87ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:
Encountered 1 failing test in test/invariant-break/HandlerStatefulFuzz/Invariant.t.sol:InvariantBreakHardTest
[FAIL. Reason: statefulFuzz_testInvariantBreakHandler replay failure]
        [Sequence]
                sender=0x000000000000000000000000000000000000025A addr=[test/invariant-break/HandlerStatefulFuzz/Handler.t.sol:Handler]0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f calldata=depositYeildERC20(uint256) args=[17612427828164252899567375131083675060321490699781413 [1.761e52]]
 statefulFuzz_testInvariantBreakHandler() (runs: 1, calls: 1, reverts: 1)

Encountered a total of 1 failing tests, 0 tests succeeded

is this the invariant break or different error, patrick got insufficent balance error, but it gives me like this, is this correct

[EngrPips]

Hello @Basha-dude, console.log() the values you are using in assert and see what is different, and then you should look at the stack trace of your test to find out why they are different.

[Basha-dude]

Hey @EngrPips Thanks buddy, i just solved it 😁😁

[EngrPips]

Awesome 👍

[Basha-dude]

hey @EngrPips , i had a doubt in this InvariantBreakHardTest.t.sol

// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;

import {Test} from "forge-std/Test.sol";
import {StdInvariant} from "forge-std/StdInvariant.sol";
import {HandlerStatefulFuzzCatches} from "../../../src/invariant-break/HandlerStatefulFuzzCatches.sol";
import {YeildERC20} from "../../mocks/YeildERC20.sol";
import {MockUSDC} from "../../mocks/MockUSDC.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {Handler} from "./Handler.t.sol";

contract InvariantBreakHardTest is StdInvariant, Test {
    HandlerStatefulFuzzCatches handlerStatefulFuzzCatches;
    YeildERC20 yeildERC20;
    MockUSDC mockUSDC;
    IERC20[] public supportedTokens;
    uint256 public startingAmount;

    address owner = makeAddr("owner");

    Handler handler;

    function setUp() public {
        vm.startPrank(owner);
        // Give our owner 1M tokens each
        yeildERC20 = new YeildERC20();
        startingAmount = yeildERC20.INITIAL_SUPPLY();
        mockUSDC = new MockUSDC();
        mockUSDC.mint(owner, startingAmount);

        supportedTokens.push(mockUSDC);
        supportedTokens.push(yeildERC20);
        handlerStatefulFuzzCatches = new HandlerStatefulFuzzCatches(supportedTokens);
        vm.stopPrank();

        handler = new Handler(handlerStatefulFuzzCatches, yeildERC20, mockUSDC, owner);

        bytes4[] memory selectors = new bytes4[](4);
        selectors[0] = handler.depositYeildERC20.selector;
        selectors[1] = handler.depositUSDCERC20.selector;
        selectors[2] = handler.withdrawMockUSDC.selector;
        selectors[3] = handler.withdrawYeildERC20.selector;


        targetSelector(FuzzSelector({addr: address(handler), selectors: selectors}));
        targetContract(address(handler));
    }

    // THIS however, catches our bug!!!
    function statefulFuzz_testInvariantBreakHandler() public {
        vm.startPrank(owner);
        handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
        handlerStatefulFuzzCatches.withdrawToken(yeildERC20);
        vm.stopPrank();

        assert(mockUSDC.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(yeildERC20.balanceOf(address(handlerStatefulFuzzCatches)) == 0);
        assert(mockUSDC.balanceOf(owner) == startingAmount);
        assert(yeildERC20.balanceOf(owner) == startingAmount);
    }
}

what i understand here is

        selectors[0] = handler.depositYeildERC20.selector;
        selectors[1] = handler.depositUSDCERC20.selector;
        selectors[2] = handler.withdrawMockUSDC.selector;
        selectors[3] = handler.withdrawYeildERC20.selector;

it's get called in a sequence like above and here in this function InvariantBreakHardTest::statefulFuzz_testInvariantBreakHandler calling these

        handlerStatefulFuzzCatches.withdrawToken(mockUSDC);
        handlerStatefulFuzzCatches.withdrawToken(yeildERC20);

how will it's get called , i just did not understand

[EngrPips]

Frontrun is mostly an issue with every transaction. Honestly, I don't really think we can prevent being Frontrun, but you can only put measures in place to help avoid getting a bad deal. For example, if you want to swap 1BTC for USD and you are supposed to get $50,000 whenever you submit your transaction to make the swap, people can front-run you. You will get way less than you expect. Still, the protocol can have you set the minimum amount you are willing to take for the deal. Let's say you set $45,000 as the minimum USD you are willing to take for your BTC. If you get front-run and what you will get goes below the $45,000 you had set then the transaction gets reverted. Patrick did great work explaining front-running attack in the Auditing and Security course. You should see it.

[Basha-dude]

Yeah I saw that but I did not understand how we know that it can be front-run

[EngrPips]

In a simple term, explain front-run attack.

[Basha-dude]

Okay thanks 👍

[EngrPips]

You are always welcome. Friend

[Basha-dude]

i am trying to do shadow auditing to this contract , but i try to install the packages , it gives me a error of drafts-ERC20Permit but i when i try install the updated versions it is giving error, when i try to install old packages it giving error ERC20Votes etc...

[EngrPips]

Hello @Basha-dude, Why don't you just use the build guide on the codebase repo?

[Basha-dude]

I encountered errors,using the build guide.

[EngrPips]

If you having a difficult time building the codebase, you can maybe pick another codebase to shadow-audit

[Basha-dude]

Yeah,but it has 26 highs which means got ton to learn

[Basha-dude]

hey @EngrPips ,i did not understand this submission by 33audits, i tried a lot but i am not able to understand it

[EngrPips]

what is the purpose of loanRatio for the protocol?

uint256 loanRatio = (totalDebt * 10 ** 18) / loan.collateral;

[Basha-dude]

The purpose of the loanRatio in the protocol is to ensure that loans are adequately collateralized, meaning the borrower has posted enough collateral to cover the risk of default.

[EngrPips]

I will be asking you questions to understand the protocol, and hopefully, we can both make sense of the submission. I am supposed to go through the entire codebase or documentation of the protocol to understand the protocol but honestly, I don't have all the time for that. So please bear with me as I ask you questions to help me understand what is going on in the protocol.

[Basha-dude]

Ok go on

[EngrPips]

The title of the submission says, Precision loss allows users to giveLoans to pools with less collateral than required Does this mean that if I want to take a Loan from the protocol I need to first create a pool and deposit collateral in the pool?

[EngrPips]

It is a pool per lender, right?

[EngrPips]

The summary of the findings says the below

The **_calculateInterest** function is vulnerable to precision loss. Due to dividing twice the function will return zero for both interest and **protocolInterest**. This could lead to a lender giving their loan to another pool that doesn't have the balance to cover it. Leading to a loss for them and a gain for the future pools as they will have debts greater than their balance.
So my question now is what is the purpose of _calculateInterest?

[Basha-dude]

Yes

[Basha-dude]

The purpose of the _calculateInterestfunction in the protocol is to calculate the interest owed on a loan over a period of time

[EngrPips]

The purpose of the _calculateInterestfunction in the protocol is to calculate the interest owed on a loan over a period of time

Interest is tied to time, correct? The more time that pass the more interest owed, correct?

[Basha-dude]

Yes, that's correct. Interest in loan protocols is typically time-based. The longer the borrower holds the loan without repaying, the more interest accrues over time.

[EngrPips]

You wrote the protocol from scratch, so you just need to test what you want it to do.

[Basha-dude]

buddy @EngrPips , i just written the test code but it truncates like this 2.5 to 2,0.5 to 0

[EngrPips]

Yeah, that makes sense, I believe you know all along that solidity does not support decimal numbers.

[Basha-dude]

That is the reason I used precision, still it truncates

[EngrPips]

If you want to keep the decimals value in your contract, maybe you should start by reading this resource https://www.rareskills.io/post/solidity-fixed-point