@inco/lightning 0.8.0-devnet-2 → 0.8.0-devnet-3

package/src/lightning-parts/primitives/test/SignatureVerifier.t.sol

@@ -212,7 +212,7 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
         assertFalse(isValidSignature(digest, signatures));
     }
 
-    function testInvalidSignatureDuplicateSigner() public {
+    function testDuplicateSignerReturnsFalse() public {
         exposedAddSigner(alice);
         exposedAddSigner(bob);
         exposedSetThreshold(2);
@@ -223,19 +223,11 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
         privKeys[1] = alicePrivKey; // Duplicate
         bytes[] memory signatures = getSortedSignatures(digest, privKeys);
 
-        // Should revert because duplicate signers violate the ascending order requirement
-        // Using try-catch to handle the revert from a view function
-        try this.isValidSignature(digest, signatures) returns (bool result) {
-            assertFalse(result, "Expected signature validation to fail with duplicates");
-        } catch (bytes memory reason) {
-            // Verify it's the correct error
-            bytes4 expectedSelector = SignatureVerifier.SignersNotInAscendingOrder.selector;
-            bytes4 receivedSelector = bytes4(reason);
-            assertEq(receivedSelector, expectedSelector, "Wrong error selector");
-        }
+        // Duplicate signers should return false (not revert)
+        assertFalse(isValidSignature(digest, signatures), "Duplicate signer should return false");
     }
 
-    function testRevertWhenSignaturesNotInAscendingOrder() public {
+    function testUnsortedSignaturesStillWork() public {
         exposedAddSigner(alice);
         exposedAddSigner(bob);
         exposedAddSigner(carol);
@@ -259,17 +251,11 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
             signatures[1] = getSignatureForDigest(digest, bobPrivKey);
         }
 
-        // Should revert with SignersNotInAscendingOrder
-        try this.isValidSignature(digest, signatures) returns (bool result) {
-            fail("Expected revert for signatures not in ascending order");
-        } catch (bytes memory reason) {
-            bytes4 expectedSelector = SignatureVerifier.SignersNotInAscendingOrder.selector;
-            bytes4 receivedSelector = bytes4(reason);
-            assertEq(receivedSelector, expectedSelector, "Wrong error selector");
-        }
+        // Unsorted signatures should now work (optimistic sorting pattern)
+        assertTrue(isValidSignature(digest, signatures), "Unsorted signatures should work");
     }
 
-    function testRevertWhenThreeSignaturesOutOfOrder() public {
+    function testThreeUnsortedSignaturesStillWork() public {
         exposedAddSigner(alice);
         exposedAddSigner(bob);
         exposedAddSigner(carol);
@@ -337,14 +323,8 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
             }
         }
 
-        // Should revert with SignersNotInAscendingOrder
-        try this.isValidSignature(digest, signatures) returns (bool result) {
-            fail("Expected revert for signatures not in ascending order");
-        } catch (bytes memory reason) {
-            bytes4 expectedSelector = SignatureVerifier.SignersNotInAscendingOrder.selector;
-            bytes4 receivedSelector = bytes4(reason);
-            assertEq(receivedSelector, expectedSelector, "Wrong error selector");
-        }
+        // Unsorted signatures should now work (optimistic sorting pattern)
+        assertTrue(isValidSignature(digest, signatures), "Unsorted signatures should work");
     }
 
     function testSignaturesInCorrectAscendingOrderPasses() public {
@@ -835,4 +815,449 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
         assertFalse(isValidSignature(digest, sigs));
     }
 
+    // ============ Tests for Malformed Signatures ============
+
+    function testMalformedSignatureIsSkipped() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        bytes32 digest = keccak256("test message");
+
+        // Create valid signatures
+        uint256[] memory privKeys = new uint256[](2);
+        privKeys[0] = alicePrivKey;
+        privKeys[1] = bobPrivKey;
+        bytes[] memory validSigs = getSortedSignatures(digest, privKeys);
+
+        // Create array with malformed signature in the middle
+        bytes[] memory signatures = new bytes[](3);
+        signatures[0] = validSigs[0];
+        signatures[1] = hex"deadbeef"; // Malformed signature
+        signatures[2] = validSigs[1];
+
+        // Should still pass - malformed signature is skipped
+        assertTrue(isValidSignature(digest, signatures), "Malformed signature should be skipped");
+    }
+
+    function testAllMalformedSignaturesFails() public {
+        exposedAddSigner(alice);
+        exposedSetThreshold(1);
+
+        bytes32 digest = keccak256("test message");
+
+        bytes[] memory signatures = new bytes[](2);
+        signatures[0] = hex"deadbeef";
+        signatures[1] = hex"cafebabe";
+
+        // Should fail - no valid signatures
+        assertFalse(isValidSignature(digest, signatures), "All malformed should fail");
+    }
+
+    function testEmptySignatureIsSkipped() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        bytes32 digest = keccak256("test message");
+
+        uint256[] memory privKeys = new uint256[](2);
+        privKeys[0] = alicePrivKey;
+        privKeys[1] = bobPrivKey;
+        bytes[] memory validSigs = getSortedSignatures(digest, privKeys);
+
+        // Create array with empty signature
+        bytes[] memory signatures = new bytes[](3);
+        signatures[0] = validSigs[0];
+        signatures[1] = ""; // Empty signature
+        signatures[2] = validSigs[1];
+
+        // Should pass - empty signature is skipped
+        assertTrue(isValidSignature(digest, signatures), "Empty signature should be skipped");
+    }
+
+    function testUnsortedSignaturesWithMalformedInMiddle() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        bytes32 digest = keccak256("test message");
+
+        // Get individual signatures
+        bytes memory aliceSig = getSignatureForDigest(digest, alicePrivKey);
+        bytes memory bobSig = getSignatureForDigest(digest, bobPrivKey);
+
+        // Determine addresses to create descending order
+        address aliceAddr = vm.addr(alicePrivKey);
+        address bobAddr = vm.addr(bobPrivKey);
+
+        // Create array: [higherAddr, malformed, lowerAddr] - descending order with invalid in middle
+        bytes[] memory signatures = new bytes[](3);
+        if (aliceAddr > bobAddr) {
+            // Alice > Bob, so put Alice first (descending)
+            signatures[0] = aliceSig;
+            signatures[1] = hex"deadbeef"; // Malformed signature in middle
+            signatures[2] = bobSig;
+        } else {
+            // Bob > Alice, so put Bob first (descending)
+            signatures[0] = bobSig;
+            signatures[1] = hex"deadbeef"; // Malformed signature in middle
+            signatures[2] = aliceSig;
+        }
+
+        // Should pass: unsorted valid signatures with malformed skipped
+        // This tests that fallback duplicate detection works correctly when
+        // malformed signatures create gaps in processing
+        assertTrue(isValidSignature(digest, signatures), "Unsorted with malformed in middle should work");
+    }
+
+    // ============ Tests for validCount tracking ============
+
+    /// @notice Tests that validCount correctly tracks only valid signatures, not array indices
+    /// @dev This is critical for the duplicate detection fallback loop which iterates over validCount
+    function testValidCountWithMultipleMalformedSignatures() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedAddSigner(carol);
+        exposedSetThreshold(3);
+
+        bytes32 digest = keccak256("test message");
+
+        // Get sorted valid signatures
+        uint256[] memory privKeys = new uint256[](3);
+        privKeys[0] = alicePrivKey;
+        privKeys[1] = bobPrivKey;
+        privKeys[2] = carolPrivKey;
+        bytes[] memory validSigs = getSortedSignatures(digest, privKeys);
+
+        // Create array with multiple malformed signatures interspersed
+        // [malformed, valid0, malformed, malformed, valid1, malformed, valid2]
+        bytes[] memory signatures = new bytes[](7);
+        signatures[0] = hex"dead";
+        signatures[1] = validSigs[0];
+        signatures[2] = hex"beef";
+        signatures[3] = hex"cafe";
+        signatures[4] = validSigs[1];
+        signatures[5] = hex"babe";
+        signatures[6] = validSigs[2];
+
+        // Should pass: validCount should correctly track 3 valid signatures
+        // despite 4 malformed ones creating gaps in the array
+        assertTrue(isValidSignature(digest, signatures), "Should work with interspersed malformed signatures");
+    }
+
+    /// @notice Tests duplicate detection works when duplicates are separated by malformed signatures
+    /// @dev Validates that validCount-based iteration catches duplicates even with gaps
+    function testDuplicateDetectionWithMalformedGaps() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        bytes32 digest = keccak256("test message");
+
+        bytes memory aliceSig = getSignatureForDigest(digest, alicePrivKey);
+
+        // [alice, malformed, malformed, alice] - duplicate with gaps
+        bytes[] memory signatures = new bytes[](4);
+        signatures[0] = aliceSig;
+        signatures[1] = hex"dead";
+        signatures[2] = hex"beef";
+        signatures[3] = aliceSig; // Duplicate
+
+        // Should fail: duplicate alice signature should be detected
+        // even though malformed signatures create gaps in recoveredSigners
+        assertFalse(isValidSignature(digest, signatures), "Should detect duplicate with malformed gaps");
+    }
+
+    /// @notice Tests that unsorted duplicates are detected via fallback loop with malformed gaps
+    /// @dev Combines unsorted order + duplicates + malformed signatures
+    function testUnsortedDuplicateWithMalformedGaps() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedAddSigner(carol);
+        exposedSetThreshold(3);
+
+        bytes32 digest = keccak256("test message");
+
+        bytes memory aliceSig = getSignatureForDigest(digest, alicePrivKey);
+        bytes memory bobSig = getSignatureForDigest(digest, bobPrivKey);
+
+        address aliceAddr = vm.addr(alicePrivKey);
+        address bobAddr = vm.addr(bobPrivKey);
+
+        // Create: [higher, malformed, lower, malformed, higher(duplicate)]
+        // This forces fallback path AND tests duplicate detection across gaps
+        bytes[] memory signatures = new bytes[](5);
+        if (aliceAddr > bobAddr) {
+            signatures[0] = aliceSig; // Higher first (will set lastSigner)
+            signatures[1] = hex"dead";
+            signatures[2] = bobSig; // Lower (triggers fallback)
+            signatures[3] = hex"beef";
+            signatures[4] = aliceSig; // Duplicate of signatures[0]
+        } else {
+            signatures[0] = bobSig;
+            signatures[1] = hex"dead";
+            signatures[2] = aliceSig;
+            signatures[3] = hex"beef";
+            signatures[4] = bobSig; // Duplicate
+        }
+
+        // Should fail: duplicate should be caught by fallback loop
+        assertFalse(isValidSignature(digest, signatures), "Should detect unsorted duplicate with gaps");
+    }
+
+    /// @notice Tests edge case where all signatures before valid ones are malformed
+    function testAllMalformedBeforeValid() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        bytes32 digest = keccak256("test message");
+
+        uint256[] memory privKeys = new uint256[](2);
+        privKeys[0] = alicePrivKey;
+        privKeys[1] = bobPrivKey;
+        bytes[] memory validSigs = getSortedSignatures(digest, privKeys);
+
+        // [malformed, malformed, malformed, valid0, valid1]
+        bytes[] memory signatures = new bytes[](5);
+        signatures[0] = hex"11";
+        signatures[1] = hex"22";
+        signatures[2] = hex"33";
+        signatures[3] = validSigs[0];
+        signatures[4] = validSigs[1];
+
+        // Should pass: validCount starts at 0, first valid signature at index 3
+        // becomes recoveredSigners[0], second at index 4 becomes recoveredSigners[1]
+        assertTrue(isValidSignature(digest, signatures), "Should work with leading malformed signatures");
+    }
+
+    // ============ Tests for getSignerAtIndex and getSignersCount ============
+
+    function testGetSignersCount() public {
+        assertEq(this.getSignersCount(), 0);
+
+        exposedAddSigner(alice);
+        assertEq(this.getSignersCount(), 1);
+
+        exposedAddSigner(bob);
+        assertEq(this.getSignersCount(), 2);
+
+        exposedAddSigner(carol);
+        assertEq(this.getSignersCount(), 3);
+    }
+
+    function testGetSignerAtIndex() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedAddSigner(carol);
+
+        assertEq(this.getSignerAtIndex(0), alice);
+        assertEq(this.getSignerAtIndex(1), bob);
+        assertEq(this.getSignerAtIndex(2), carol);
+    }
+
+    function testGetSignerAtIndexAfterRemoval() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedAddSigner(carol);
+        exposedSetThreshold(1);
+
+        // Remove bob (middle element) - should move carol to bob's position
+        exposedRemoveSigner(bob);
+
+        assertEq(this.getSignersCount(), 2);
+        assertEq(this.getSignerAtIndex(0), alice);
+        assertEq(this.getSignerAtIndex(1), carol); // carol moved to index 1
+    }
+
+    /// @dev Test that getSignerAtIndex reverts when accessing out of bounds index
+    function testGetSignerAtIndexOutOfBounds() public {
+        // Empty signers array - any index should revert
+        vm.expectRevert();
+        this.getSignerAtIndex(0);
+
+        // Add one signer, then try to access index 1
+        exposedAddSigner(alice);
+        vm.expectRevert();
+        this.getSignerAtIndex(1);
+
+        // Add more signers, then try to access beyond the count
+        exposedAddSigner(bob);
+        exposedAddSigner(carol);
+        vm.expectRevert();
+        this.getSignerAtIndex(3);
+    }
+
+    function testGetThreshold() public {
+        exposedAddSigner(alice);
+        exposedAddSigner(bob);
+        exposedSetThreshold(2);
+
+        assertEq(this.getThreshold(), 2);
+    }
+
+    function testIsSigner() public {
+        assertFalse(this.isSigner(alice));
+
+        exposedAddSigner(alice);
+        assertTrue(this.isSigner(alice));
+        assertFalse(this.isSigner(bob));
+
+        exposedAddSigner(bob);
+        assertTrue(this.isSigner(bob));
+    }
+
+    // ============ Fuzz Tests for Signature Verification ============
+
+    /// @dev Fuzz test for threshold validation with varying number of signers
+    /// Tests that signatures meeting the threshold return true
+    function testFuzzValidSignaturesWithVaryingThreshold(uint8 numSigners, uint8 threshold) public {
+        // Constrain inputs to reasonable values
+        numSigners = uint8(bound(numSigners, 1, 10));
+        threshold = uint8(bound(threshold, 1, numSigners));
+
+        // Generate signers with unique private keys
+        uint256[] memory privKeys = new uint256[](numSigners);
+        for (uint256 i = 0; i < numSigners; i++) {
+            privKeys[i] = uint256(keccak256(abi.encodePacked("signer", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(privKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        exposedSetThreshold(threshold);
+
+        // Create signatures from exactly threshold number of signers
+        bytes32 digest = keccak256("fuzz test message");
+        uint256[] memory signingKeys = new uint256[](threshold);
+        for (uint256 i = 0; i < threshold; i++) {
+            signingKeys[i] = privKeys[i];
+        }
+        bytes[] memory signatures = getSortedSignatures(digest, signingKeys);
+
+        assertTrue(isValidSignature(digest, signatures), "Valid signatures meeting threshold should pass");
+    }
+
+    /// @dev Fuzz test that signatures below threshold return false
+    function testFuzzInsufficientSignatures(uint8 numSigners, uint8 threshold, uint8 sigCount) public {
+        // Constrain inputs
+        numSigners = uint8(bound(numSigners, 2, 10));
+        threshold = uint8(bound(threshold, 2, numSigners));
+        sigCount = uint8(bound(sigCount, 1, threshold - 1)); // Always below threshold
+
+        // Generate signers
+        uint256[] memory privKeys = new uint256[](numSigners);
+        for (uint256 i = 0; i < numSigners; i++) {
+            privKeys[i] = uint256(keccak256(abi.encodePacked("signer_insuf", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(privKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        exposedSetThreshold(threshold);
+
+        // Create fewer signatures than threshold
+        bytes32 digest = keccak256("fuzz insufficient test");
+        uint256[] memory signingKeys = new uint256[](sigCount);
+        for (uint256 i = 0; i < sigCount; i++) {
+            signingKeys[i] = privKeys[i];
+        }
+        bytes[] memory signatures = getSortedSignatures(digest, signingKeys);
+
+        assertFalse(isValidSignature(digest, signatures), "Insufficient signatures should fail");
+    }
+
+    /// @dev Fuzz test that more signatures than threshold still passes
+    function testFuzzExcessSignatures(uint8 numSigners, uint8 threshold) public {
+        // Constrain inputs - need at least one extra signature beyond threshold
+        numSigners = uint8(bound(numSigners, 2, 10));
+        threshold = uint8(bound(threshold, 1, numSigners - 1)); // At least one extra signer
+
+        // Generate signers
+        uint256[] memory privKeys = new uint256[](numSigners);
+        for (uint256 i = 0; i < numSigners; i++) {
+            privKeys[i] = uint256(keccak256(abi.encodePacked("signer_excess", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(privKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        exposedSetThreshold(threshold);
+
+        // Create signatures from ALL signers (more than threshold)
+        bytes32 digest = keccak256("fuzz excess test");
+        bytes[] memory signatures = getSortedSignatures(digest, privKeys);
+
+        assertTrue(isValidSignature(digest, signatures), "Excess valid signatures should pass");
+    }
+
+    /// @dev Fuzz test that threshold equal to number of signers works correctly
+    function testFuzzThresholdEqualsSignerCount(uint8 numSigners) public {
+        numSigners = uint8(bound(numSigners, 1, 10));
+
+        // Generate signers
+        uint256[] memory privKeys = new uint256[](numSigners);
+        for (uint256 i = 0; i < numSigners; i++) {
+            privKeys[i] = uint256(keccak256(abi.encodePacked("signer_equal", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(privKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        // Set threshold equal to signer count
+        exposedSetThreshold(numSigners);
+
+        bytes32 digest = keccak256("fuzz equal threshold test");
+        bytes[] memory signatures = getSortedSignatures(digest, privKeys);
+
+        assertTrue(isValidSignature(digest, signatures), "All signers signing should pass when threshold equals count");
+    }
+
+    /// @dev Fuzz test that mixing valid and invalid signers correctly counts only valid ones
+    function testFuzzMixedValidInvalidSigners(uint8 numValidSigners, uint8 numInvalidSigners, uint8 threshold) public {
+        // Constrain inputs
+        numValidSigners = uint8(bound(numValidSigners, 1, 5));
+        numInvalidSigners = uint8(bound(numInvalidSigners, 1, 5));
+        threshold = uint8(bound(threshold, 1, numValidSigners)); // Must be achievable with valid signers
+
+        // Generate and register valid signers
+        uint256[] memory validPrivKeys = new uint256[](numValidSigners);
+        for (uint256 i = 0; i < numValidSigners; i++) {
+            validPrivKeys[i] = uint256(keccak256(abi.encodePacked("valid_signer", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(validPrivKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        exposedSetThreshold(threshold);
+
+        // Generate invalid signer keys (not registered)
+        uint256[] memory invalidPrivKeys = new uint256[](numInvalidSigners);
+        for (uint256 i = 0; i < numInvalidSigners; i++) {
+            invalidPrivKeys[i] = uint256(keccak256(abi.encodePacked("invalid_signer", i))) % (type(uint256).max - 1) + 1;
+        }
+
+        // Create signatures from all valid signers (should pass regardless of invalid ones)
+        bytes32 digest = keccak256("fuzz mixed signers test");
+        bytes[] memory signatures = getSortedSignatures(digest, validPrivKeys);
+
+        assertTrue(isValidSignature(digest, signatures), "Valid signatures meeting threshold should pass");
+    }
+
+    /// @dev Fuzz test for digest variation - same signers, different messages
+    function testFuzzDifferentDigests(bytes32 digest, uint8 numSigners) public {
+        numSigners = uint8(bound(numSigners, 1, 5));
+
+        // Generate signers
+        uint256[] memory privKeys = new uint256[](numSigners);
+        for (uint256 i = 0; i < numSigners; i++) {
+            privKeys[i] = uint256(keccak256(abi.encodePacked("digest_signer", i))) % (type(uint256).max - 1) + 1;
+            address signerAddr = vm.addr(privKeys[i]);
+            exposedAddSigner(signerAddr);
+        }
+
+        exposedSetThreshold(numSigners);
+
+        // Sign the fuzzed digest
+        bytes[] memory signatures = getSortedSignatures(digest, privKeys);
+
+        assertTrue(isValidSignature(digest, signatures), "Valid signatures should pass for any digest");
+    }
+
 }