prefer fuzzing where possible

Author: amiecorso

test/EIP7702Proxy/coinbaseImplementation.t.sol

@@ -134,11 +134,12 @@ contract CoinbaseImplementationTest is Test {
         );
     }
 
-    function test_isValidSignature_succeeds_withValidOwnerSignature() public {
-        bytes32 testHash = keccak256("test message");
+    function test_isValidSignature_succeeds_withValidOwnerSignature(
+        bytes32 message
+    ) public {
         assertTrue(
             wallet.isOwnerAddress(_newOwner),
-            "New owner should be set after initialization"
+            "New owner should be owner after initialization"
         );
         assertEq(
             wallet.ownerAtIndex(0),
@@ -147,23 +148,28 @@ contract CoinbaseImplementationTest is Test {
         );
 
         bytes memory signature = _createOwnerSignature(
-            testHash,
+            message,
             address(wallet),
             _NEW_OWNER_PRIVATE_KEY,
             0 // First owner
         );
 
-        bytes4 result = wallet.isValidSignature(testHash, signature);
+        bytes4 result = wallet.isValidSignature(message, signature);
         assertEq(
             result,
             ERC1271_MAGIC_VALUE,
             "Should accept valid contract owner signature"
         );
     }
 
-    function test_execute_transfersEth_whenCalledByOwner() public {
-        address recipient = address(0xBEEF);
-        uint256 amount = 1 ether;
+    function test_execute_transfersEth_whenCalledByOwner(
+        address recipient,
+        uint256 amount
+    ) public {
+        vm.assume(recipient != address(0));
+        assumeNotPrecompile(recipient);
+        assumePayable(recipient);
+        vm.assume(amount > 0 && amount <= 100 ether);
 
         vm.deal(address(_eoa), amount);
 
@@ -181,10 +187,15 @@ contract CoinbaseImplementationTest is Test {
         );
     }
 
-    function test_upgradeToAndCall_reverts_whenCalledByNonOwner() public {
+    function test_upgradeToAndCall_reverts_whenCalledByNonOwner(
+        address nonOwner
+    ) public {
+        vm.assume(nonOwner != address(0));
+        vm.assume(nonOwner != _newOwner); // Ensure caller isn't the actual owner
+
         address newImpl = address(new CoinbaseSmartWallet());
 
-        vm.prank(address(0xBAD));
+        vm.prank(nonOwner);
         vm.expectRevert(); // Coinbase wallet specific access control
         wallet.upgradeToAndCall(newImpl, "");
     }

test/EIP7702Proxy/delegate.t.sol

@@ -28,8 +28,9 @@ contract DelegateTest is EIP7702ProxyBase {
         MockImplementation(payable(_eoa)).mockFunction();
     }
 
-    function test_preservesReturnData_whenReturningBytes() public {
-        bytes memory testData = hex"deadbeef";
+    function test_preservesReturnData_whenReturningBytes(
+        bytes memory testData
+    ) public {
         bytes memory returnedData = MockImplementation(payable(_eoa))
             .returnBytesData(testData);
 
@@ -40,11 +41,10 @@ contract DelegateTest is EIP7702ProxyBase {
         );
     }
 
-    function test_guardedInitializer_reverts_whenCalledDirectly() public {
-        bytes memory initData = abi.encodeWithSelector(
-            MockImplementation.initialize.selector,
-            _newOwner
-        );
+    function test_guardedInitializer_reverts_whenCalledDirectly(
+        bytes memory initData
+    ) public {
+        vm.assume(initData.length >= 4); // At least a function selector
 
         vm.expectRevert(EIP7702Proxy.InvalidInitializer.selector);
         address(_eoa).call(initData);
@@ -55,8 +55,11 @@ contract DelegateTest is EIP7702ProxyBase {
         MockImplementation(payable(_eoa)).revertingFunction();
     }
 
-    function test_reverts_whenWriteReverts() public {
-        vm.prank(address(0xBAD));
+    function test_reverts_whenWriteReverts(address unauthorized) public {
+        vm.assume(unauthorized != address(0));
+        vm.assume(unauthorized != _newOwner); // Not the owner
+
+        vm.prank(unauthorized);
         vm.expectRevert(MockImplementation.Unauthorized.selector);
         MockImplementation(payable(_eoa)).mockFunction();
 

test/EIP7702Proxy/initialize.t.sol

@@ -7,22 +7,27 @@ import {MockImplementation, RevertingInitializerMockImplementation} from "../moc
 import {ECDSA} from "openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol";
 
 contract InitializeTest is EIP7702ProxyBase {
-    function test_succeeds_withValidSignatureAndArgs() public {
-        bytes memory initArgs = _createInitArgs(_newOwner);
+    function test_succeeds_withValidSignatureAndArgs(address newOwner) public {
+        vm.assume(newOwner != address(0));
+        assumeNotPrecompile(newOwner);
+
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = _signInitData(_EOA_PRIVATE_KEY, initArgs);
 
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
 
-        // Verify implementation was set
-        assertEq(
-            _getERC1967Implementation(address(_eoa)),
-            address(_implementation),
-            "Implementation should be set after initialization"
+        // Verify owner was set correctly
+        assertTrue(
+            MockImplementation(payable(_eoa)).owner() == newOwner,
+            "Owner should be set to fuzzed address"
         );
     }
 
-    function test_setsERC1967ImplementationSlot() public {
-        bytes memory initArgs = _createInitArgs(_newOwner);
+    function test_setsERC1967ImplementationSlot(address newOwner) public {
+        vm.assume(newOwner != address(0));
+        assumeNotPrecompile(newOwner);
+
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = _signInitData(_EOA_PRIVATE_KEY, initArgs);
 
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
@@ -44,8 +49,8 @@ contract InitializeTest is EIP7702ProxyBase {
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenSignatureLengthInvalid() public {
-        bytes memory initArgs = _createInitArgs(_newOwner);
+    function test_reverts_whenSignatureLengthInvalid(address newOwner) public {
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = hex"deadbeef"; // Too short to be valid ECDSA signature
 
         vm.expectRevert(
@@ -54,17 +59,19 @@ contract InitializeTest is EIP7702ProxyBase {
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenSignatureInvalid() public {
-        bytes memory initArgs = _createInitArgs(_newOwner);
+    function test_reverts_whenSignatureInvalid(address newOwner) public {
+        bytes memory initArgs = _createInitArgs(newOwner);
         // 65 bytes of invalid signature data
         bytes memory signature = new bytes(65);
 
         vm.expectRevert(abi.encodeWithSignature("ECDSAInvalidSignature()"));
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenSignerWrong() public {
-        uint256 wrongPk = 0xC0FFEE;
+    function test_reverts_whenSignerWrong(uint128 wrongPk) public {
+        vm.assume(wrongPk != 0);
+        vm.assume(wrongPk != _EOA_PRIVATE_KEY); // Not the valid signer
+
         bytes memory initArgs = _createInitArgs(_newOwner);
         bytes32 initHash = keccak256(abi.encode(_eoa, initArgs));
         (uint8 v, bytes32 r, bytes32 s) = vm.sign(wrongPk, initHash);
@@ -74,7 +81,10 @@ contract InitializeTest is EIP7702ProxyBase {
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenDelegatecallFails() public {
+    function test_reverts_whenDelegatecallFails(address newOwner) public {
+        vm.assume(newOwner != address(0));
+        assumeNotPrecompile(newOwner);
+
         // Deploy reverting implementation
         _implementation = new RevertingInitializerMockImplementation();
         _initSelector = RevertingInitializerMockImplementation
@@ -91,34 +101,49 @@ contract InitializeTest is EIP7702ProxyBase {
         vm.etch(_eoa, proxyCode);
 
         // Try to initialize with valid signature but reverting implementation
-        bytes memory initArgs = _createInitArgs(_newOwner);
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = _signInitData(_EOA_PRIVATE_KEY, initArgs);
 
         vm.expectRevert("InitializerReverted");
         EIP7702Proxy(_eoa).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenSignatureReplayedWithDifferentProxy() public {
+    function test_reverts_whenSignatureReplayedWithDifferentProxy(
+        address payable secondProxy,
+        address newOwner
+    ) public {
+        vm.assume(address(secondProxy) != address(0));
+        vm.assume(address(secondProxy) != address(_eoa));
+        assumeNotPrecompile(address(secondProxy));
+        assumeNotPrecompile(newOwner);
+
         // Get signature for first proxy
-        bytes memory initArgs = _createInitArgs(_newOwner);
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = _signInitData(_EOA_PRIVATE_KEY, initArgs);
 
         // Deploy a second proxy with same implementation
-        address payable secondProxy = payable(address(0xBEEF));
         _deployProxy(secondProxy);
 
         // Try to use same signature with different proxy
         vm.expectRevert(EIP7702Proxy.InvalidSignature.selector);
         EIP7702Proxy(secondProxy).initialize(initArgs, signature);
     }
 
-    function test_reverts_whenSignatureReplayedWithDifferentArgs() public {
+    function test_reverts_whenSignatureReplayedWithDifferentArgs(
+        address differentOwner,
+        address newOwner
+    ) public {
+        vm.assume(differentOwner != address(0));
+        vm.assume(differentOwner != newOwner);
+        assumeNotPrecompile(differentOwner);
+        assumeNotPrecompile(newOwner);
+
         // Get signature for first initialization args
-        bytes memory initArgs = _createInitArgs(_newOwner);
+        bytes memory initArgs = _createInitArgs(newOwner);
         bytes memory signature = _signInitData(_EOA_PRIVATE_KEY, initArgs);
 
         // Try to use same signature with different args
-        bytes memory differentArgs = _createInitArgs(address(0xBEEF));
+        bytes memory differentArgs = _createInitArgs(differentOwner);
         vm.expectRevert(EIP7702Proxy.InvalidSignature.selector);
         EIP7702Proxy(_eoa).initialize(differentArgs, signature);
     }

test/EIP7702Proxy/isValidSignature.t.sol

@@ -22,12 +22,14 @@ abstract contract IsValidSignatureTestBase is EIP7702ProxyBase {
         wallet = _eoa;
     }
 
-    function test_succeeds_withValidEOASignature() public virtual {
-        (uint8 v, bytes32 r, bytes32 s) = vm.sign(_EOA_PRIVATE_KEY, testHash);
+    function test_succeeds_withValidEOASignature(
+        bytes32 message
+    ) public virtual {
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(_EOA_PRIVATE_KEY, message);
         bytes memory signature = abi.encodePacked(r, s, v);
 
         bytes4 result = MockImplementation(payable(wallet)).isValidSignature(
-            testHash,
+            message,
             signature
         );
         assertEq(
@@ -37,16 +39,18 @@ abstract contract IsValidSignatureTestBase is EIP7702ProxyBase {
         );
     }
 
-    function test_returnsExpectedValue_withInvalidEOASignature()
-        public
-        virtual
-    {
-        uint256 wrongPk = 0xB0B;
+    function test_returnsExpectedValue_withInvalidEOASignature(
+        uint128 wrongPk,
+        bytes32 message
+    ) public virtual {
+        vm.assume(wrongPk != 0);
+        vm.assume(wrongPk != _EOA_PRIVATE_KEY);
+
         (uint8 v, bytes32 r, bytes32 s) = vm.sign(wrongPk, testHash);
         bytes memory signature = abi.encodePacked(r, s, v);
 
         bytes4 result = MockImplementation(payable(wallet)).isValidSignature(
-            testHash,
+            message,
             signature
         );
         assertEq(
@@ -101,12 +105,12 @@ contract FailingImplementationTest is IsValidSignatureTestBase {
         return ERC1271_FAIL_VALUE;
     }
 
-    function test_returnsFailureValue_withEmptySignature() public {
-        bytes memory emptySignature = "";
-
+    function test_returnsFailureValue_withEmptySignature(
+        bytes32 message
+    ) public {
         bytes4 result = MockImplementation(payable(wallet)).isValidSignature(
-            testHash,
-            emptySignature
+            message,
+            ""
         );
         assertEq(result, ERC1271_FAIL_VALUE, "Should reject empty signature");
     }
@@ -146,17 +150,17 @@ contract SucceedingImplementationTest is IsValidSignatureTestBase {
         return ERC1271_MAGIC_VALUE; // Implementation always returns success
     }
 
-    function test_returnsSuccessValue_withEmptySignature() public {
-        bytes memory emptySignature = "";
-
+    function test_returnsSuccessValue_withEmptySignature(
+        bytes32 message
+    ) public {
         bytes4 result = MockImplementation(payable(wallet)).isValidSignature(
-            testHash,
-            emptySignature
+            message,
+            ""
         );
         assertEq(
             result,
             ERC1271_MAGIC_VALUE,
-            "Should return success for any EOA signature if implementation since `isValidSignature` always succeeds"
+            "Should return success for any EOA signature"
         );
     }
 }

test/EIP7702Proxy/upgradeToAndCall.t.sol

@@ -60,8 +60,12 @@ contract UpgradeToAndCallTest is EIP7702ProxyBase {
         );
     }
 
-    function test_reverts_whenCalledByNonOwner() public {
-        vm.prank(address(0xBAD));
+    function test_reverts_whenCalledByNonOwner(address nonOwner) public {
+        vm.assume(nonOwner != address(0));
+        vm.assume(nonOwner != _newOwner);
+        assumeNotPrecompile(nonOwner);
+
+        vm.prank(nonOwner);
         vm.expectRevert(MockImplementation.Unauthorized.selector); // From MockImplementation
         MockImplementation(payable(_eoa)).upgradeToAndCall(
             address(newImplementation),