added unit tests for transaction initiater changing #81
Conversation
added unit tests for transaction initiater changing
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
There was a problem hiding this comment.
Thanks for putting this together. The code looks the same but noticed two inconsistencies:
- override multiple inheritance
deploymentTimestampin constructor
I am concerned basing tests on commenting in/out code is error prone. Since this is going to production imminently, I'm in favour of building a higher level of confidence with the tests cases - Wdyt?
I wrote a non-exhuastive list of test cases that I was envisioning. Thinking here is we would cover every case and all tests would pass:
Unit
Constructor
- Modified constructor test to assert
deploymentTimestampwas set correctly
setTransactionInitiator
- Reverts if not owner
- Sets non-zero address to true
- Sets non-zero address to false after setting it to true (could be combined with 2.)
- Sets zero address to true
- Sets zero address to false after setting it to true (could be combined with 4.)
acceptGuardian
- Reverts when transaction initiator is not set
- Fails when exactly 6 * 30 days - 1 seconds has passed
- Succeeds when transaction initiator is set
- Succeeds when exactly 6 * 30 days has passed
- Succeeds when exactly 6 * 30 days + 1 seconds has passed
- Succeeds when zero address for transaction initiator is set to true
processRecovery
- Reverts when transaction initiator is not set
- Fails when exactly 6 * 30 days - 1 seconds has passed
- Succeeds when transaction initiator is set
- Succeeds when exactly 6 * 30 days has passed
- Succeeds when exactly 6 * 30 days + 1 seconds has passed
- Succeeds when zero address for transaction initiator is set to true
Integration
- Unapproved account cannot recover account (call initial acceptGuardian)
- Can recover account with unapproved account(s) after 6 months (full recovery flow)
- Can acceptGuardian or processRecovery with approved account -> permission is revoked for that account -> cannot processRecovery or acceptGuardian again
- Can acceptGuardian or processRecovery with approved account -> permission is revoked for that account -> cannot processRecovery or acceptGuardian again -> permission is given to new account and recovery can continue
- Any others you can think of
| ) | ||
| internal | ||
| override(EmailRecoveryManager) | ||
| onlyWhenActive |
There was a problem hiding this comment.
Was there a reason onlyWhenActive was added here? onlyWhenActive will be called twice so can be safely removed here and for processRecovery. Unless you wanted to execute it twice but always show the KillSwitchEnabled first if that error occurrs at the same time as "Only allowed accounts can call this function"
| bytes32 nullifier | ||
| ) | ||
| internal | ||
| override(EmailRecoveryManager) |
There was a problem hiding this comment.
Hmm do you know why this contract only requires override(EmailRecoveryManager), but the production module in clave-email-recovery requires override(EmailAccountRecovery, EmailRecoveryManager)?
|
Thanks Alim. Resolved by #82 |
WHAT
added the 'transactionInitiator' change to the EmailRecoveryModule contract
added unit tests for changes.
TEST
To test the changes, please uncomment the commented lines in the test/integration/OwnableValidatorRecovery/EmailRecoveryModule/EmailRecoveryModuleBase.t.sol (lines 123-149) and test/unit/modules/EmailRecoveryModule/EmailRecoveryModuleBase.t.sol (lines 78-102) files. Don't forget to comment out the previous one each time.
0- No changes were made to the old existing tests. We can see the failed tests along with the changes made to the Email Recovery Module contract. (Expect 15 tests to fail under this condition.)
1- After deploying the EmailRecoveryModule, assign the address that will call the acceptGuardian and processRecovery functions as the transactionInitiator. (All tests must be passed successfully)
2- Verify that everyone can initiate transactions after 6 months, even if no transactionInitiator is assigned. (All tests must be passed successfully)
3- Verify that the setTransactionInitiator function works as expected. (Expect 15 tests to fail under this condition.)
4- Validate the behavior when the transaction initiator flag is set to true first, then changed to false, and the contract is working after a waiting period of 6 months. (All tests must be passed successfully)
5- Verify that only the killSwitchAuthorizer can set the transaction initiator. (The setup phase of the tests must be failed.)
-- New --
6- Verify that it does not work before 6 months when the transaction initiator flag is not true. (Expect 15 tests to fail under this condition.)