@layerzerolabs/protocol-starknet-v2 0.0.34

package/layerzero/tests/workers/dvn/test_dvn.cairo

@@ -0,0 +1,1101 @@
+//! DVN tests
+
+use layerzero::common::constants::ZERO_ADDRESS;
+use layerzero::workers::access_control::{ADMIN_ROLE, DEFAULT_ADMIN_ROLE, MESSAGE_LIB_ROLE};
+use layerzero::workers::dvn::dvn::Dvn;
+use layerzero::workers::dvn::interface::{IDvnDispatcherTrait, IDvnSafeDispatcherTrait};
+use layerzero::workers::dvn::structs::{DstConfig, ExecuteParam, SetDstConfigParams};
+use layerzero::workers::dvn::{errors, events};
+use layerzero::workers::interface::ILayerZeroWorkerDispatcher;
+use multisig::MultisigComponent;
+use multisig::errors::{err_only_multisig, err_signature_error};
+use multisig::events::{SignerSet, ThresholdSet};
+use multisig::interface::{IMultisigDispatcher, IMultisigDispatcherTrait};
+use openzeppelin::access::accesscontrol::AccessControlComponent;
+use openzeppelin::access::accesscontrol::interface::IAccessControlDispatcherTrait;
+use snforge_std::fuzzable::{FuzzableU16, FuzzableU32, FuzzableU64};
+use snforge_std::{
+    DeclareResultTrait, EventSpyAssertionsTrait, EventSpyTrait, declare, get_class_hash, spy_events,
+    start_cheat_block_timestamp, start_cheat_caller_address, stop_cheat_block_timestamp,
+    stop_cheat_caller_address,
+};
+use starknet::account::Call;
+use starknet::{ContractAddress, EthAddress};
+use starkware_utils_testing::test_utils::{assert_panic_with_error, cheat_caller_address_once};
+use crate::fuzzable::contract_address::{
+    ContractAddressArrayList, FuzzableContractAddress, FuzzableContractAddresses,
+};
+use crate::fuzzable::dst_config::FuzzableDvnDstConfig;
+use crate::fuzzable::eid::{Eid, FuzzableEid};
+use crate::fuzzable::eth_address::FuzzableEthAddress;
+use crate::fuzzable::expiry::{Expiry, FuzzableExpiry};
+use crate::fuzzable::felt_array::{Felt252ArrayList, FuzzableFelt252Array};
+use crate::fuzzable::keys::FuzzableKeyPair;
+use crate::fuzzable::role_admin::{FuzzableRoleAdmin, RoleAdmin};
+use crate::mocks::workers::dvn::MockDVN;
+use crate::workers::dvn::utils::{
+    DvnDeploy, KeyPair, deploy_dvn, deploy_dvn_with_additional_roles, sign_for_test_k1,
+    sort_signatures,
+};
+
+/// Default multiplier basis points (120%)
+const DEFAULT_MULTIPLIER_BPS: u16 = 12000;
+
+/// Initial roles are set correctly
+#[test]
+#[fuzzer(runs: 10)]
+fn sets_initial_roles(
+    role_admin: RoleAdmin,
+    vid: u32,
+    message_libs: ContractAddressArrayList,
+    admins: ContractAddressArrayList,
+) {
+    let role_admin = role_admin.address;
+    let DvnDeploy {
+        access_control, ..,
+    } = deploy_dvn(message_libs.arr.span(), vid, role_admin, admins.arr.span());
+
+    // Check that role admin was set correctly
+    assert(access_control.has_role(DEFAULT_ADMIN_ROLE, role_admin), 'Role admin should be set');
+    assert(!access_control.has_role(ADMIN_ROLE, role_admin), 'Role admin should not be admin');
+    assert!(
+        !access_control.has_role(MESSAGE_LIB_ROLE, role_admin), "Role admin should not be msg lib",
+    );
+
+    // Check that admin roles were set correctly
+    for admin in admins.arr {
+        assert(access_control.has_role(ADMIN_ROLE, admin), 'Admin role should be set');
+        assert(!access_control.has_role(MESSAGE_LIB_ROLE, admin), 'Admin should not be msg lib');
+        assert(
+            !access_control.has_role(DEFAULT_ADMIN_ROLE, admin), 'Admin should not be role admin',
+        );
+    }
+
+    // Check that message lib roles were set correctly
+    for msg_lib in message_libs.arr {
+        assert(access_control.has_role(MESSAGE_LIB_ROLE, msg_lib), 'Msg lib role should be set');
+        assert(!access_control.has_role(ADMIN_ROLE, msg_lib), 'Msg lib should not be admin');
+        assert!(
+            !access_control.has_role(DEFAULT_ADMIN_ROLE, msg_lib),
+            "Msg lib should not be role admin",
+        );
+    }
+}
+
+/// Set dst configs succeeds when caller is admin
+#[test]
+#[fuzzer(runs: 10)]
+fn should_set_dst_config_when_caller_is_admin(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    dst_eid_1: Eid,
+    dst_eid_2: Eid,
+    config_1: DstConfig,
+    config_2: DstConfig,
+) {
+    let role_admin = role_admin.address;
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } = deploy_dvn(array![].span(), vid, role_admin, array![admin].span());
+
+    let dst_eid_1 = dst_eid_1.eid;
+    let dst_eid_2 = dst_eid_2.eid;
+    let params = array![
+        SetDstConfigParams { dst_eid: dst_eid_1, config: config_1 },
+        SetDstConfigParams { dst_eid: dst_eid_2, config: config_2 },
+    ];
+
+    // Set the dst configs
+    // Caller has admin role
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.set_dst_config(params);
+
+    // Check that the configs were set correctly
+    assert(dispatcher.get_dst_config(dst_eid_1) == config_1, 'Config 1 should be set');
+    assert(dispatcher.get_dst_config(dst_eid_2) == config_2, 'Config 2 should be set');
+}
+
+/// Execute call data succeeds when caller is admin
+#[test]
+#[fuzzer(runs: 10)]
+fn should_execute_call_data_when_caller_is_admin(
+    role_admin: RoleAdmin,
+    admins: ContractAddressArrayList,
+    vid: u32,
+    dst_eid: Eid,
+    config: DstConfig,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let dst_eid = dst_eid.eid;
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, admins.arr.span(),
+        );
+
+    // create call data for set dst config
+    let set_dst_config_params = array![SetDstConfigParams { dst_eid, config }];
+
+    let mut serialized_config = array![];
+    set_dst_config_params.serialize(ref serialized_config);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_dst_config"), calldata: serialized_config.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    // Execute with the given params for each admin
+    for admin in admins.arr {
+        // Caller has admin role
+        start_cheat_caller_address(dvn, admin);
+        dispatcher.execute(execute_params.clone());
+
+        // Check that the config was set correctly
+        assert(dispatcher.get_dst_config(dst_eid) == config, 'Config should be set');
+        dispatcher.set_dst_config(array![Default::default()]);
+
+        stop_cheat_caller_address(dvn);
+    }
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn should_skip_if_vid_is_invalid(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    dst_eid: Eid,
+    config: DstConfig,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let dst_eid = dst_eid.eid;
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+    let set_dst_config_params = array![SetDstConfigParams { dst_eid, config }];
+
+    let mut serialized_config = array![];
+    set_dst_config_params.serialize(ref serialized_config);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_dst_config"), calldata: serialized_config.into(),
+    };
+
+    // Use an invalid vid
+    let invalid_vid = vid + 1;
+    let hash = dispatcher.hash_call_data(invalid_vid, call_data, expiration);
+
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid: invalid_vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    // Execute with the given params
+    // Caller has admin role
+    start_cheat_caller_address(dvn, admin);
+    dispatcher.execute(execute_params);
+    stop_cheat_caller_address(dvn);
+
+    // Check that the config was not set
+    assert(dispatcher.get_dst_config(dst_eid) == Default::default(), 'Config should not be set');
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn should_skip_if_expired(
+    role_admin: RoleAdmin,
+    admins: ContractAddressArrayList,
+    vid: u32,
+    dst_eid: Eid,
+    config: DstConfig,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let dst_eid = dst_eid.eid;
+    let role_admin = role_admin.address;
+    let expiration = expiry.expiry;
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, admins.arr.span(),
+        );
+
+    let set_dst_config_params = array![SetDstConfigParams { dst_eid, config }];
+    let mut serialized_config = array![];
+    set_dst_config_params.serialize(ref serialized_config);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_dst_config"), calldata: serialized_config.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration.into());
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam {
+            vid, call_data, expiration: expiration.into(), signatures: signatures.into(),
+        },
+    ];
+
+    // Set the block timestamp to be past expiration
+    start_cheat_block_timestamp(dvn, expiration + 1);
+
+    // Execute with the given params
+    for admin in admins.arr {
+        // Caller has admin role
+        start_cheat_caller_address(dvn, admin);
+        dispatcher.execute(execute_params.clone());
+        stop_cheat_caller_address(dvn);
+
+        // Check that the config was not set
+        assert(
+            dispatcher.get_dst_config(dst_eid) == Default::default(), 'Config should not be set',
+        );
+    }
+
+    stop_cheat_block_timestamp(dvn);
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn should_emit_verify_signatures_failed(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    key_pair_3: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_dst_config"), calldata: array![].into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = array![sign_for_test_k1(key_pair_3.private_key, hash.into(), 3)];
+
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    let mut spy = spy_events();
+
+    // Execute with the given params
+    // Caller has admin role
+    start_cheat_caller_address(dvn, admin);
+    dispatcher.execute(execute_params);
+    stop_cheat_caller_address(dvn);
+
+    // Check that the VerifySignaturesFailed event was emitted
+    spy
+        .assert_emitted(
+            @array![
+                (
+                    dvn,
+                    Dvn::Event::VerifySignaturesFailed(
+                        events::VerifySignaturesFailed { error: err_signature_error() },
+                    ),
+                ),
+            ],
+        );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn should_emit_hash_already_used(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    dst_eid: Eid,
+    config: DstConfig,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let dst_eid = dst_eid.eid;
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    let set_dst_config_params = array![SetDstConfigParams { dst_eid, config }];
+    let mut serialized_config = array![];
+    set_dst_config_params.serialize(ref serialized_config);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_dst_config"), calldata: serialized_config.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    let mut spy = spy_events();
+
+    // Execute the same call twice
+    // Caller has admin role
+    start_cheat_caller_address(dvn, admin);
+    dispatcher.execute(array![execute_param.clone(), execute_param.clone()]);
+    stop_cheat_caller_address(dvn);
+
+    // Check that the HashAlreadyUsed event was emitted
+    spy
+        .assert_emitted(
+            @array![
+                (dvn, Dvn::Event::HashAlreadyUsed(events::HashAlreadyUsed { execute_param, hash })),
+            ],
+        );
+}
+
+////////////////////
+// Multisig tests //
+////////////////////
+
+#[test]
+#[fuzzer(runs: 10)]
+fn mutlisig_set_signer_should_succeed_on_valid_signer(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    new_signer: EthAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    // Serialize calldata
+    let mut serialized_calldata = array![];
+    let active = true;
+
+    new_signer.serialize(ref serialized_calldata);
+    active.serialize(ref serialized_calldata);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_signer"), calldata: serialized_calldata.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    let mut spy = spy_events();
+
+    // Execute with the given params
+    // Caller must be an admin for only the first call to satisfy the permissions of execute
+    // Since upgrade is permissioned by multisig, we need that call to come from the dvn contract
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.execute(execute_params);
+
+    // Check that the signer was set
+    let multisig_dispatcher = IMultisigDispatcher { contract_address: dvn };
+    assert(multisig_dispatcher.is_signer(new_signer), 'Signer should be set');
+
+    // Check that the SignerSet event was emitted
+    spy
+        .assert_emitted(
+            @array![
+                (
+                    dvn,
+                    Dvn::Event::MultisigEvent(
+                        MultisigComponent::Event::SignerSet(
+                            SignerSet { signer: new_signer, active },
+                        ),
+                    ),
+                ),
+            ],
+        );
+}
+
+// This test ensures that setting the zero address as a signer fails with the expected error
+// Can't use assert_panic_with_error because it doesn't work with syscall errors
+#[test]
+#[fuzzer(runs: 10)]
+fn multisig_set_signer_should_fail_on_invalid_signer(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    let mut serialized_calldata = array![];
+    let signer_0 = ZERO_ADDRESS;
+    let active = true;
+    signer_0.serialize(ref serialized_calldata);
+    active.serialize(ref serialized_calldata);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_signer"), calldata: serialized_calldata.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    let mut spy = spy_events();
+
+    // Attempt to execute with the given params
+    // Caller must be an admin for only the first call to satisfy the permissions of execute
+    // Since upgrade is permissioned by multisig, we need that call to come from the dvn contract
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.execute(execute_params);
+
+    let event = spy.get_events();
+
+    // TODO(Levi): find a way to check that it is execute failed emitted
+    // this happens because current event returns array of of internal error
+    assert(event.events.len() == 1, 'ExecuteFailed not emitted');
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn multisig_set_threshold_should_succeed_when_valid(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    // This is the only valid threshold for 2 signers
+    let threshold = 1;
+
+    // Serialize calldata
+    let mut serialized_calldata = array![];
+    threshold.serialize(ref serialized_calldata);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_threshold"), calldata: serialized_calldata.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    let mut spy = spy_events();
+
+    // Execute with the given params
+    // Caller must be an admin for only the first call to satisfy the permissions of execute
+    // Since upgrade is permissioned by multisig, we need that call to come from the dvn contract
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.execute(execute_params);
+
+    // Check that the threshold was set
+    let multisig_dispatcher = IMultisigDispatcher { contract_address: dvn };
+    assert(multisig_dispatcher.get_threshold() == threshold, 'Threshold should be set');
+
+    // Check that the ThresholdSet event was emitted
+    spy
+        .assert_emitted(
+            @array![
+                (
+                    dvn,
+                    Dvn::Event::MultisigEvent(
+                        MultisigComponent::Event::ThresholdSet(ThresholdSet { threshold }),
+                    ),
+                ),
+            ],
+        );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn multisig_set_threshold_should_fail_when_invalid(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    // Serialize calldata
+    let threshold = 0;
+    let mut serialized_calldata = array![];
+    threshold.serialize(ref serialized_calldata);
+
+    let call_data = Call {
+        to: dvn, selector: selector!("set_threshold"), calldata: serialized_calldata.into(),
+    };
+
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    let mut spy = spy_events();
+
+    // Attempt to execute with the given params
+    // Caller must be an admin for only the first call to satisfy the permissions of execute
+    // Since upgrade is permissioned by multisig, we need that call to come from the dvn contract
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.execute(execute_params);
+
+    let event = spy.get_events();
+
+    // TODO(Levi): find a way to check that it is execute failed emitted
+    // this happens because current event returns array of of internal error
+    assert(event.events.len() == 1, 'ExecuteFailed not emitted');
+}
+
+///////////////////
+// Upgrade tests //
+///////////////////
+
+#[test]
+#[fuzzer(runs: 10)]
+fn upgrade_succeeds(role_admin: RoleAdmin, vid: u32, key_pair_1: KeyPair, key_pair_2: KeyPair) {
+    let role_admin = role_admin.address;
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    let new_class_hash = declare("MockBaseWorker").unwrap().contract_class().class_hash;
+
+    // Upgrade
+    start_cheat_caller_address(dvn, dvn);
+    dispatcher.upgrade(*new_class_hash);
+    stop_cheat_caller_address(dvn);
+
+    // Check that the contract was upgraded
+    assert(get_class_hash(dvn) == *new_class_hash, 'Upgrade should succeed');
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+fn upgrade_via_execute_succeeds(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers = array![key_pair_1.public_address.clone(), key_pair_2.public_address.clone()];
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![admin].span(),
+        );
+
+    let new_class_hash = declare("MockBaseWorker").unwrap().contract_class().class_hash;
+
+    let mut calldata = array![];
+    new_class_hash.serialize(ref calldata);
+
+    let call_data = Call { to: dvn, selector: selector!("upgrade"), calldata: calldata.into() };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+
+    let execute_params = array![
+        ExecuteParam { vid, call_data, expiration, signatures: signatures.into() },
+    ];
+
+    // Execute with the given params
+    // Caller must be an admin for only the first call to satisfy the permissions of execute
+    // Since upgrade is permissioned by multisig, we need that call to come from the dvn contract
+    cheat_caller_address_once(dvn, admin);
+    dispatcher.execute(execute_params);
+
+    // Check that the contract was upgraded
+    assert(get_class_hash(dvn) == *new_class_hash, 'Upgrade should succeed');
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn upgrade_fails_when_not_multisig(role_admin: ContractAddress, vid: u32) {
+    let DvnDeploy {
+        safe_dispatcher, ..,
+    } = deploy_dvn(array![].span(), vid, role_admin, array![].span());
+    let new_class_hash = declare("MockBaseWorker").unwrap().contract_class().class_hash;
+    let res = safe_dispatcher.upgrade(*new_class_hash);
+
+    // Check that the upgrade failed
+    assert_panic_with_error(res, err_only_multisig());
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn upgrade_and_call_succeeds(role_admin: RoleAdmin, admin: ContractAddress, vid: u32) {
+    let role_admin = role_admin.address;
+    let DvnDeploy {
+        dvn, dispatcher, ..,
+    } = deploy_dvn(array![].span(), vid, role_admin, array![admin].span());
+
+    // Deploy mock DVN contract
+    let new_class_hash = declare("MockDVN").unwrap().contract_class().class_hash;
+
+    // Upgrade and call from self
+    start_cheat_caller_address(dvn, dvn);
+    let mut serialized_res = dispatcher
+        .upgrade_and_call(
+            *new_class_hash, selector!("get_dst_config"), array![1_u32.into()].span(),
+        );
+    stop_cheat_caller_address(dvn);
+
+    // Check that the function was called correctly
+    let res: DstConfig = Serde::deserialize(ref serialized_res).unwrap();
+    assert(res == MockDVN::DST_CONFIG_2, 'Function should be called');
+
+    // Check that the contract was upgraded
+    assert(get_class_hash(dvn) == *new_class_hash, 'Upgrade should succeed');
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn upgrade_and_call_fails_when_not_multisig(role_admin: ContractAddress, vid: u32) {
+    let DvnDeploy {
+        safe_dispatcher, ..,
+    } = deploy_dvn(array![].span(), vid, role_admin, array![].span());
+    let new_class_hash = declare("MockBaseWorker").unwrap().contract_class().class_hash;
+    let res = safe_dispatcher.upgrade_and_call(*new_class_hash, 0, array![].span());
+
+    // Check that the upgrade failed
+    assert_panic_with_error(res, err_only_multisig());
+}
+
+///////////////////////////////
+// Quorum change admin tests //
+///////////////////////////////
+
+#[test]
+#[fuzzer(runs: 10)]
+fn quorum_should_change_admin(
+    role_admin: RoleAdmin,
+    new_admin: ContractAddress,
+    sender: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, access_control, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Serialize the new admin address
+    let mut new_admin_serialized = array![];
+    new_admin.serialize(ref new_admin_serialized);
+
+    let call_data = Call {
+        to: dvn, selector: Default::default(), calldata: new_admin_serialized.into(),
+    };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    let mut spy = spy_events();
+
+    // Call the function
+    // Anyone can call this function, we need to know the caller address for the event assertion
+    start_cheat_caller_address(dvn, sender);
+    dispatcher.quorum_change_admin(param);
+    stop_cheat_caller_address(dvn);
+
+    // Check that the new admin has the admin role
+    assert!(access_control.has_role(ADMIN_ROLE, new_admin), "New admin should have admin role");
+
+    spy
+        .assert_emitted(
+            @array![
+                (
+                    dvn,
+                    Dvn::Event::AccessControlEvent(
+                        AccessControlComponent::Event::RoleGranted(
+                            AccessControlComponent::RoleGranted {
+                                role: ADMIN_ROLE, account: new_admin, sender,
+                            },
+                        ),
+                    ),
+                ),
+            ],
+        );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn quorum_should_fail_to_change_admin_if_expired(
+    role_admin: RoleAdmin,
+    new_admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, safe_dispatcher, access_control, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Serialize the new admin address
+    let mut new_admin_serialized = array![];
+    new_admin.serialize(ref new_admin_serialized);
+
+    // Create the call data & hash
+    let call_data = Call {
+        to: dvn, selector: Default::default(), calldata: new_admin_serialized.span(),
+    };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1.clone(), key_pair_2.clone(), hash);
+    let param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    // Call the function outside of the expiration time
+    start_cheat_block_timestamp(dvn, (expiration + 1).try_into().unwrap());
+    let res = safe_dispatcher.quorum_change_admin(param);
+    stop_cheat_block_timestamp(dvn);
+
+    // Check that the admin is not changed because the instruction is expired
+    assert_panic_with_error(res, errors::err_instruction_expired());
+    assert!(
+        !access_control.has_role(ADMIN_ROLE, new_admin), "New admin should not have admin role",
+    );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn quorum_should_fail_to_change_admin_if_invalid_vid(
+    role_admin: RoleAdmin,
+    new_admin: ContractAddress,
+    vid: u32,
+    invalid_vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    // Ensure that vid and invalid_vid are different
+    if vid == invalid_vid {
+        return;
+    }
+
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, safe_dispatcher, access_control, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Serialize the new admin address
+    let mut new_admin_serialized = array![];
+    new_admin.serialize(ref new_admin_serialized);
+
+    // Create the call data & hash
+    let call_data = Call {
+        to: dvn, selector: Default::default(), calldata: new_admin_serialized.span(),
+    };
+    let hash = dispatcher.hash_call_data(invalid_vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let param = ExecuteParam {
+        vid: invalid_vid, call_data, expiration, signatures: signatures.into(),
+    };
+
+    // Call the function with invalid VID
+    let res = safe_dispatcher.quorum_change_admin(param);
+
+    // Check that the admin is not changed because the VID is invalid
+    assert_panic_with_error(res, errors::err_invalid_vid(invalid_vid));
+    assert!(
+        !access_control.has_role(ADMIN_ROLE, new_admin), "New admin should not have admin role",
+    );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn quorum_should_fail_to_change_admin_if_invalid_target(
+    role_admin: RoleAdmin,
+    new_admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    invalid_target: ContractAddress,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, safe_dispatcher, access_control, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Ensure that the invalid target is different from the DVN
+    if invalid_target == dvn {
+        return;
+    }
+
+    // Serialize the new admin address
+    let mut new_admin_serialized = array![];
+    new_admin.serialize(ref new_admin_serialized);
+
+    // Create the call data & hash
+    let call_data = Call {
+        to: invalid_target, selector: Default::default(), calldata: new_admin_serialized.span(),
+    };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    // Call the function with invalid target
+    let res = safe_dispatcher.quorum_change_admin(param);
+
+    // Check that the admin is not changed because the target is invalid
+    assert_panic_with_error(res, errors::err_invalid_target(invalid_target));
+    assert!(
+        !access_control.has_role(ADMIN_ROLE, new_admin), "New admin should not have admin role",
+    );
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn quorum_should_fail_to_change_admin_if_duplicated_hash(
+    role_admin: RoleAdmin,
+    admin: ContractAddress,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    expiry: Expiry,
+) {
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, safe_dispatcher, access_control, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Serialize the admin address
+    let mut admin_serialized = array![];
+    admin.serialize(ref admin_serialized);
+
+    // Create the call data & hash
+    let call_data = Call {
+        to: dvn, selector: Default::default(), calldata: admin_serialized.span(),
+    };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    // Call the function for the first time
+    dispatcher.quorum_change_admin(param.clone());
+
+    // Check that admin has the admin role
+    assert!(access_control.has_role(ADMIN_ROLE, admin), "Admin should have admin role");
+
+    // Call the function again with the same param
+    let res = safe_dispatcher.quorum_change_admin(param);
+
+    // Check that the function fails because the hash is duplicated
+    assert_panic_with_error(res, errors::err_duplicated_hash(hash));
+}
+
+#[test]
+#[fuzzer(runs: 10)]
+#[feature("safe_dispatcher")]
+fn quorum_should_fail_to_change_admin_if_invalid_calldata(
+    role_admin: RoleAdmin,
+    vid: u32,
+    key_pair_1: KeyPair,
+    key_pair_2: KeyPair,
+    invalid_calldata: Felt252ArrayList,
+    expiry: Expiry,
+) {
+    let invalid_calldata = invalid_calldata.arr;
+    // Ensure that invalid_calldata is not a serialized contract address
+    let mut serialized = invalid_calldata.span();
+    let res: Option<ContractAddress> = Serde::deserialize(ref serialized);
+    if res.is_some() {
+        return;
+    }
+
+    let role_admin = role_admin.address;
+    let expiration: u256 = expiry.expiry.into();
+
+    let signers: Array<EthAddress> = array![
+        key_pair_1.public_address.clone().into(), key_pair_2.public_address.clone().into(),
+    ];
+    let DvnDeploy {
+        dvn, dispatcher, safe_dispatcher, ..,
+    } =
+        deploy_dvn_with_additional_roles(
+            array![].span(), vid, signers, role_admin, array![].span(),
+        );
+
+    // Create the call data & hash
+    let call_data = Call {
+        to: dvn, selector: Default::default(), calldata: invalid_calldata.span(),
+    };
+    let hash = dispatcher.hash_call_data(vid, call_data, expiration);
+
+    // Create the execute param
+    let signatures = sort_signatures(key_pair_1, key_pair_2, hash);
+    let param = ExecuteParam { vid, call_data, expiration, signatures: signatures.into() };
+
+    // Call the function with invalid calldata
+    let res = safe_dispatcher.quorum_change_admin(param);
+
+    // Check that the function fails because the calldata is invalid
+    assert_panic_with_error(res, errors::err_invalid_quorum_admin());
+}
+
+//////////////////////////
+// Implementation tests //
+//////////////////////////
+
+#[test]
+fn impl_layer_zero_worker_interface() {
+    const VID: u32 = 1;
+    let DvnDeploy { dvn, .. } = deploy_dvn(array![].span(), VID, ZERO_ADDRESS, array![].span());
+
+    /// Runtime check that the dvn implements the ILayerZeroWorker interface
+    ILayerZeroWorkerDispatcher { contract_address: dvn };
+}