fix: red-team.sh and AttackRunner.s.sol still use Base mainnet addresses (#939)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 07:33:54 +00:00 · 2026-03-18 07:33:54 +00:00 · 13f406b5a9
commit 13f406b5a9
parent 79b98feef9
2 changed files with 47 additions and 17 deletions
--- a/scripts/harb-evaluator/red-team.sh
+++ b/scripts/harb-evaluator/red-team.sh
@ -43,12 +43,31 @@ RECENTER_PK=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a

 # ── Infrastructure constants ───────────────────────────────────────────────────
 WETH=0x4200000000000000000000000000000000000006
-# Base Sepolia SwapRouter02 — https://sepolia.basescan.org/address/0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
-SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
-# Base Sepolia NonfungiblePositionManager — https://sepolia.basescan.org/address/0x27F971cb582BF9E50F397e4d29a5C7A34f11faA2
-NPM=0x27F971cb582BF9E50F397e4d29a5C7A34f11faA2
+# SwapRouter02 and NonfungiblePositionManager — resolved by detect_periphery() after Anvil is verified
+SWAP_ROUTER_SEPOLIA=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
+SWAP_ROUTER_MAINNET=0x2626664c2603336E57B271c5C0b26F421741e481
+NPM_SEPOLIA=0x27F971cb582BF9E50F397e4d29a5C7A34f11faA2
+NPM_MAINNET=0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3
+SWAP_ROUTER=""
+NPM=""
 POOL_FEE=10000

+# Detect chain ID and select the correct periphery addresses (mirrors bootstrap-common.sh).
+# Must be called after Anvil is verified to be accessible.
+detect_periphery() {
+  local chain_id
+  chain_id=$("$CAST" chain-id --rpc-url "$RPC_URL" 2>/dev/null || echo "")
+  if [[ "$chain_id" == "8453" ]]; then
+    SWAP_ROUTER="$SWAP_ROUTER_MAINNET"
+    NPM="$NPM_MAINNET"
+    log "Detected Base mainnet (chain ID 8453) — using mainnet periphery addresses"
+  else
+    SWAP_ROUTER="$SWAP_ROUTER_SEPOLIA"
+    NPM="$NPM_SEPOLIA"
+    log "Using Base Sepolia periphery addresses (chain ID: ${chain_id:-unknown})"
+  fi
+}
+
 # ── Logging helpers ────────────────────────────────────────────────────────────
 log()  { echo "[red-team] $*"; }
 die()  { echo "[red-team] ERROR: $*" >&2; exit 2; }
@ -69,6 +88,9 @@ bash "$SCRIPT_DIR/bootstrap-light.sh" || die "bootstrap-light failed"
 "$CAST" chain-id --rpc-url "$RPC_URL" >/dev/null 2>&1 \
  || die "Anvil not accessible at $RPC_URL after bootstrap-light"

+# Select network-appropriate periphery addresses
+detect_periphery
+
 # ── 2. Read contract addresses ─────────────────────────────────────────────────
 [[ -f "$DEPLOYMENTS" ]] || die "deployments-local.json not found at $DEPLOYMENTS (bootstrap not complete)"

@ -695,6 +717,8 @@ if [[ $EXPORT_EXIT -eq 0 && -f "$ATTACK_EXPORT" && -s "$ATTACK_EXPORT" ]]; then
  (cd "$REPO_ROOT/onchain" && \
    ATTACK_FILE="$ATTACK_EXPORT" \
    DEPLOYMENTS_FILE="deployments-local.json" \
+    SWAP_ROUTER="$SWAP_ROUTER" \
+    NPM_ADDR="$NPM" \
    "$FORGE" script script/backtesting/AttackRunner.s.sol \
      --rpc-url "$RPC_URL" --broadcast 2>&1 \
    | grep '^{' >"$ATTACK_SNAPSHOTS")