Smr 2459 invariant testing

[wcgcyx]

This PR adds invariant tests to the bridge and also enables invariant testing in CI.
Tests are created under test/invariant.
There are 9 invariant tests:

1. invariant_ERC20TokenBalanced - For every token, total deposited on L1 = total minted on L2.
2. invariant_IndividualERC20TokenBalanced - For every user and every token, deposited on L1 + minted on L2 stay unchanged.
3. invariant_IMXBalanced - For IMX, total deposited on L1 = total minted on L2.
4. invariant_IndividualIMXBalanced - For every user and IMX, deposited on L1 + minted on L2 stay unchanged.
5. invariant_ETHBalanced - For ETH, total deposited on L1 = total minted on L2.
6. invariant_IndividualETHBalanced - For every user and ETH, deposited on L1 + minted on L2 stay unchanged.
7. invariant_NoRemainingWETH - Every WETH is unwrapped automatically so WETH should have no remaining tokens.
8. invariant_NoRemainingWIMX - Every WIMX is unwrapped automatically so WIMX should have no remaining tokens.
9. invariant_GasBalanced - The balance of adaptors should match the total amount of gas received.

For each invariant test, forge is configured to generate 15 random calls (in 1 run) distributed uniformly across the following 16 functions and attest invariance after every call:

• childBridgeHandler.withdraw.selector;
• childBridgeHandler.withdrawTo.selector;
• childBridgeHandler.withdrawIMX.selector;
• childBridgeHandler.withdrawIMXTo.selector;
• childBridgeHandler.withdrawWIMX.selector;
• childBridgeHandler.withdrawWIMXTo.selector;
• childBridgeHandler.withdrawETH.selector;
• childBridgeHandler.withdrawETHTo.selector;
• rootBridgeHandler.deposit.selector;
• rootBridgeHandler.depositTo.selector;
• rootBridgeHandler.depositIMX.selector;
• rootBridgeHandler.depositIMXTo.selector;
• rootBridgeHandler.depositETH.selector;
• rootBridgeHandler.depositETHTo.selector;
• rootBridgeHandler.depositWETH.selector;
• rootBridgeHandler.depositWETHTo.selector;

Forge is configured to run 256 runs for each test.

[platform-sa]

📃CI Report

Compiling 156 files with 0.8.19
Solc 0.8.19 finished in 18.68s
Compiler run �[33msuccessful with warnings:�[0m
�[1;33mWarning (9302)�[0m�[1;37m: Return value of low-level calls not used.�[0m
�[34m |�[0m
�[34m361 |�[0m �[33muser.call{value: amount}("")�[0m;
�[34m |�[0m �[1;33m^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m

�[1;33mWarning (9302)�[0m�[1;37m: Return value of low-level calls not used.�[0m
�[34m |�[0m
�[34m174 |�[0m �[33muser.call{value: amount}("")�[0m;
�[34m |�[0m �[1;33m^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m

Analysing contracts...
Running tests...
�[2m2024-03-06T04:16:03.924632Z�[0m �[31mERROR�[0m �[2mforge::runner�[0m�[2m:�[0m setUp failed �[3mreason�[0m�[2m=�[0mCould not instantiate forked environment with fork url: http://127.0.0.1:8500 �[3mcontract�[0m�[2m=�[0m0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496

File	% Lines	% Statements	% Branches	% Funcs
src/child/ChildAxelarBridgeAdaptor.sol	100.00% (51/51)	100.00% (68/68)	100.00% (24/24)	100.00% (8/8)
src/child/ChildERC20.sol	100.00% (14/14)	100.00% (15/15)	100.00% (2/2)	100.00% (7/7)
src/child/ChildERC20Bridge.sol	99.23% (129/130)	99.43% (175/176)	98.44% (63/64)	100.00% (21/21)
src/child/WIMX.sol	100.00% (19/19)	100.00% (22/22)	100.00% (8/8)	100.00% (6/6)
src/common/AdaptorRoles.sol	100.00% (6/6)	100.00% (6/6)	100.00% (0/0)	100.00% (6/6)
src/common/BridgeRoles.sol	100.00% (8/8)	100.00% (8/8)	100.00% (0/0)	100.00% (8/8)
src/lib/EIP712MetaTransaction.sol	8.00% (2/25)	9.68% (3/31)	8.33% (1/12)	14.29% (1/7)
src/lib/EIP712Upgradeable.sol	73.33% (11/15)	60.87% (14/23)	0.00% (0/2)	50.00% (2/4)
src/lib/WETH.sol	89.47% (17/19)	86.36% (19/22)	87.50% (7/8)	66.67% (4/6)
src/root/RootAxelarBridgeAdaptor.sol	100.00% (51/51)	100.00% (68/68)	100.00% (24/24)	100.00% (8/8)
src/root/RootERC20Bridge.sol	94.07% (127/135)	95.83% (184/192)	87.93% (51/58)	91.30% (21/23)
src/root/flowrate/FlowRateDetection.sol	100.00% (30/30)	100.00% (33/33)	100.00% (14/14)	100.00% (4/4)
src/root/flowrate/FlowRateWithdrawalQueue.sol	100.00% (46/46)	100.00% (60/60)	78.57% (11/14)	100.00% (7/7)
src/root/flowrate/RootERC20BridgeFlowRate.sol	100.00% (42/42)	97.96% (48/49)	100.00% (10/10)	100.00% (9/9)

For a full HTML report run: forge coverage --report lcov && genhtml --ignore-errors category --branch-coverage --output-dir coverage lcov.info

[ermyas]

nit: can move outside of internal for-loop?

[wcgcyx]

Updated

[ermyas]

nit: suggest startPrank(...) and stopPrank() to avoid doing a separate prank for each call

[wcgcyx]

Yea, updated

[ermyas]

are these changes to the resetId fork necessary at the end of each invariant test? I removed all of them and run the tests a few times, and they pass.

[ermyas]

is this required?

[ermyas]

given the fork switch right below, is this fork change required?

[ermyas]

it doesn't look like this is required?

[openzeppelin-code]

Smr 2459 invariant testing

Generated at commit: d731c783975bdbbf65a80922bfd60e8b5631dba1

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	1 0 0 7 29 37
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector

[ermyas]

This is slightly confusing. Should this be an instance of WETH contract instead of WIMX, even though they are functionally similar?

[wcgcyx]

Good catch, yes, it is supposed to be WETH - though WIMX is adapted from WETH contract with very minimum change.

[wcgcyx]

Updated.

[ermyas]

is pranking this address required here?

[wcgcyx]

Yes, my thought is to deploy and mint tokens from a different address other than the testing contract itself so that it is not possible to further mint the token after the setup process in case we add some more logic in the future that may break the setup.

[ermyas]

can we add a one line comment on this pls? 🙏🏿

[ermyas]

I think we can remove the deployment of contracts on the reset chain. Tests should still pass.

[wcgcyx]

Yea, just have this removed and tests passed. I think this was to prevent an issue previously but maybe no longer required.

[ermyas]

I think we can remove the deployment and config of contracts on the reset chain. Tests should still pass.

[ermyas]

i think we can remove this

[ermyas]

Are these local configuration values for the invariant run actually used or is there a global config that overrides them? No matter what value I set, the tests alway run 256 times, with a depth of 15

[wcgcyx]

Yes, they are used, a different value actually gives a different run on my machine.

[ermyas]

I think we can avoid having three chains running, and just use a single chain with different forks from the the same chain?

[ermyas]

I think we can avoid having three chains running, and just use a single chain with different forks from the the same chain?

[wcgcyx]

Yes, good idea

[ermyas]

is this required?