Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add regression test on malicious stETH recovery by recoverERC721 (selfOwnedStETHBurner) #444

Merged
merged 3 commits into from
Dec 1, 2022
Merged

Add regression test on malicious stETH recovery by recoverERC721 (selfOwnedStETHBurner) #444

merged 3 commits into from
Dec 1, 2022

Conversation

TheDZhon
Copy link
Contributor

Add a test to address issue #443 regarding missing explicit check
on the possibility to recover stETH through the recoverERC721 func.

@TheDZhon
Merge pull request #426 from lidofinance/develop
df95e56 
Feat: merge-ready protocol
@TheDZhon
test: add recoverERC721 check for stETH (coverage)
ade1bb6 
Add a test to address the issue #443 regarding missing explicit check
on the posibility to recover stETH through the `recoverERC721` func.
@TheDZhon TheDZhon linked an issue Aug 11, 2022 that may be closed by this pull request
SelfOwnedStETHBurner::recoverERC721 may allow moving ERC20s #443
Closed
@TheDZhon TheDZhon removed a link to an issue Aug 11, 2022
SelfOwnedStETHBurner::recoverERC721 may allow moving ERC20s #443
Closed
folkyatina
folkyatina reviewed Nov 23, 2022
View reviewed changes
test/0.8.9/self-owned-steth-burner.test.js Outdated
Comment on lines 809 to 826
assertBn(await lido.balanceOf(anotherAccount), stETH(0))
// submit 10 ETH to mint 10 stETH
await web3.eth.sendTransaction({ from: anotherAccount, to: lido.address, value: ETH(10) })
// check 10 stETH minted on balance
assertBn(await lido.balanceOf(anotherAccount), stETH(10))
// transfer 5 stETH to the burner account
await lido.transfer(burner.address, stETH(5), { from: anotherAccount })
// transfer 5 stETH to voting
await lido.transfer(voting, stETH(5), { from: anotherAccount })

// request 5 stETH to be burned later
await lido.approve(burner.address, stETH(5), { from: voting })
await burner.requestBurnMyStETH(stETH(5), { from: voting })

// check balances one last time
assertBn(await lido.balanceOf(anotherAccount), stETH(0))
assertBn(await lido.balanceOf(voting), stETH(0))
assertBn(await lido.balanceOf(burner.address), stETH(10))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not clear for me, why we need to put 10 stETH and trying to recover only 1 and why a such complicated way was used to top up the burner.

Copy link
Contributor Author

@TheDZhon TheDZhon Nov 30, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, addressed the issues within the updated code, thank you 🙏

The top-up process is rather complicated because of design requirements (only voting can request the burning & explicit allowance required).

Please check out the updated code 👍

@TheDZhon TheDZhon merged commit debd941 into develop Dec 1, 2022
@TheDZhon TheDZhon deleted the test/nft_recovery_burner branch December 1, 2022 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@folkyatina folkyatina folkyatina approved these changes

@arwer13 arwer13 Awaiting requested review from arwer13

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheDZhon @folkyatina