`deal` call won't revert on ERC20 total supply overflow
LilaRest opened this issue · comments
Component
Forge
Have you ensured that all of these are up to date?
- Foundry
- Foundryup
What version of Foundry are you on?
forge 0.2.0
What command(s) is the bug in?
forge test
Operating System
Linux
Describe the bug
Hi!
Just figured that overflowing the total supply of an ERC20 won't revert if done with the deal
cheatcode. Instead it will cause total supply to became 0, while some wallets may still have balances > 0.
Here is a minimal reproduction:
function testFuzz_dealWontRevert(uint256 amount1, uint256 amount2) public {
deal(address(myToken), address(1234), amount1);
deal(address(myToken), address(1234), amount2);
}
This fuzz test contains a lot of possible scenarios where deal
call would make the total supply exceeds type(uint256).max
. However, this test passes successfully.
I just spent 1 hour trying to figure this out, it was totally breaking the behavior of my contract 😅
If this can be easily solved by bounding amount2
(see below), it'd be awesome to have clean error report to makes tests debugging easier.
function testFuzz_dealWontRevert(uint256 amount1, uint256 amount2) public {
deal(address(myToken), address(1234), amount1);
amount2 = bound(amount2, 0, type(uint256).max - myToken.totalSupply());
deal(address(myToken), address(1234), amount2);
}
The version of deal
you are using does not adjust total supply. If you also want that to be adjusted use this version with adjust
set to true
The total supply will then be adjusted here which should overflow if you're on solidity 0.8.0 or later
Closing since that should resolve the issue but if you have other questions let me know