bosonprotocol / boson-protocol-contracts / 27278811497
98%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 55
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 98.389% (+0.003%) from 98.386%
27278811497

push

github

web-flow 
test(reentrancy): add global nonReentrant guard matrix test suite (#1155)

* test(reentrancy): add global nonReentrant guard matrix test suite

Adds a comprehensive reentrancy regression test that exercises every
external/public state-modifying entry point on the diamond (~50 TO
targets) from every untrusted-callback surface (~7 FROM categories: ETH
receive, malicious ERC20, ERC721/1155 receiver hooks, external price
discovery, sequential commit, DR fee mutualizer) and asserts the global
`nonReentrant` modifier blocks each attempted re-entry.

The malicious mock self-disarms after a single attempt and bubbles the
inner revert when needed; verification is via `ReentryAttempted` events
for outer-survives flows (A–D) and `revertedWithCustomError` for
bubble-up flows (E, E', F). Twin-transfer flows (C, D) also verify the
expected `TwinTransferFailed` / `DisputeRaised` follow-up.

If a future change drops `nonReentrant` from any TO function, the
matching cases fail fast with a clear assertion.

CI gains a new `test:reentrancy` job that runs in parallel with `test`,
`integration-test`, and `coverage`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Fix failing tests

* update test chunks

* test(reentrancy): rebuild calldata per attacker for orchestration wrappers

The previous skip-based approach for the six `createSellerAnd*With…`
orchestration wrappers left a hole in the regression guard: removing the
`nonReentrant` modifier from one of their inner delegates would have
silently passed.

Replace `PROBE_SKIPPED_WITH_REASON` with `ATTACKER_DEPENDENT_OVERRIDES`
and a runtime `rebuildCalldataForAttacker()` helper that swaps the
`_seller.assistant`/`admin`/`treasury`/`active` fields with the malicious
contract's address. `createSellerInternal` then passes its `_msgSender()`
pre-checks inside the reentry attempt and execution actually reaches the
inner `nonReentrant` guard.

All 749 cases now pass (was 707 passing + 42 pending), exercising every
wra... (continued)

1889 of 1974 branches covered (95.69%)

Branch coverage included in aggregate %.

3303 of 3303 relevant lines covered (100.0%)

1246.31 hits per line

Jobs
ID Job ID Ran Files Coverage
1 27278811497.1 55
98.39
 GitHub Action Run
Source Files on build 27278811497