karmacoma-eth/bayc-invariant-testing

Uses dapptools to find that the max supply invariant can be violated by the contract owner

BAYC Max Supply Invariant Testing

Based on:

• https://github.com/gakonst/dapptools-template
• https://github.com/dapphub/dapptools/tree/master/src/dapp#invariant-testing
• https://twitter.com/nnnnicholas/status/1488956145872130052

You can see an example of the failed invariant test in invariantFailure.log

The test in src/test/BoredApeYachtClub.t.sol has this:

    function invariantTotalSupply() public {
        assertLe(bayc.totalSupply(), MAX_APES);
    }

It ensures that the totalSupply() of bored apes remains under the defined maximum. However the test fails, and gives an example that shows how to violate that invariant: the owner can call bayc.reserveApes() at any time and bypass the MAX_APES check, therefore the supply of bored apes is actually unlimited.

Building and testing

make # This installs the project's dependencies.
make test

Installing the toolkit

If you do not have DappTools already installed, you'll need to run the below commands

Install Nix

# User must be in sudoers
curl -L https://nixos.org/nix/install | sh

# Run this or login again to use Nix
. "$HOME/.nix-profile/etc/profile.d/nix.sh"

Install DappTools

curl https://dapp.tools/install | sh

DappTools Resources

• DappTools
  • Hevm Docs
  • Dapp Docs
  • Seth Docs
• DappTools Overview
• Awesome-DappTools