Merge pull request 'fix: fix: red-team.sh V3_FACTORY hardcodes Base mainnet address instead of Sepolia (#854)' (#870) from fix/issue-854 into master

2026-03-16 13:26:05 +01:00 · 2026-03-16 13:26:05 +01:00 · 3d8bbb0975
commit 3d8bbb0975
parent 740a871ddc a2f89968db
2 changed files with 18 additions and 13 deletions
--- a/scripts/harb-evaluator/bootstrap-light.sh
+++ b/scripts/harb-evaluator/bootstrap-light.sh
@ -47,13 +47,21 @@ LM=$(echo "$DEPLOY_OUT" | grep -oP 'LiquidityManager deployed: \K0x[a-fA-F0-9]+'

 [[ -n "$LM" ]] || die "Could not extract LiquidityManager address from deploy output"

+POOL=$(echo "$DEPLOY_OUT" | grep -oP 'Pool: \K0x[a-fA-F0-9]+' | head -1)
+[[ -n "$POOL" ]] || die "Could not extract Pool address from deploy output"
+
+# Base Sepolia Uniswap V3 Factory — must match v3Factory constant in DeployLocal.sol
+V3_FACTORY="0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24"
+
 cat > "$ONCHAIN_DIR/deployments-local.json" << EOF
 {
  "contracts": {
    "Kraiken": "$KRK",
    "Stake": "$STAKE",
    "LiquidityManager": "$LM",
-    "OptimizerProxy": "$OPT"
+    "OptimizerProxy": "$OPT",
+    "Pool": "$POOL",
+    "V3Factory": "$V3_FACTORY"
  }
 }
 EOF
--- a/scripts/harb-evaluator/red-team.sh
+++ b/scripts/harb-evaluator/red-team.sh
@ -45,8 +45,6 @@ RECENTER_PK=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a
 WETH=0x4200000000000000000000000000000000000006
 # Base mainnet SwapRouter02 — https://basescan.org/address/0x2626664c2603336E57B271c5C0b26F421741e481
 SWAP_ROUTER=0x2626664c2603336E57B271c5C0b26F421741e481
-# Base mainnet Uniswap V3 Factory — https://basescan.org/address/0x33128a8fC17869897dcE68Ed026d694621f6FDfD
-V3_FACTORY=0x33128a8fC17869897dcE68Ed026d694621f6FDfD
 # Base mainnet NonfungiblePositionManager — https://basescan.org/address/0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3
 NPM=0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3
 POOL_FEE=10000
@ -78,17 +76,21 @@ KRK=$(jq -r '.contracts.Kraiken'         "$DEPLOYMENTS")
 STAKE=$(jq -r '.contracts.Stake'         "$DEPLOYMENTS")
 LM=$(jq -r '.contracts.LiquidityManager' "$DEPLOYMENTS")
 OPT=$(jq -r '.contracts.OptimizerProxy'  "$DEPLOYMENTS")
+V3_FACTORY=$(jq -r '.contracts.V3Factory' "$DEPLOYMENTS")
+POOL=$(jq -r '.contracts.Pool'            "$DEPLOYMENTS")

-for var in KRK STAKE LM OPT; do
+for var in KRK STAKE LM OPT V3_FACTORY POOL; do
  val="${!var}"
  [[ -n "$val" && "$val" != "null" ]] \
    || die "$var address missing from deployments-local.json — was bootstrap successful?"
 done

-log "  KRK:   $KRK"
-log "  STAKE: $STAKE"
-log "  LM:    $LM"
-log "  OPT:   $OPT"
+log "  KRK:        $KRK"
+log "  STAKE:      $STAKE"
+log "  LM:         $LM"
+log "  OPT:        $OPT"
+log "  V3_FACTORY: $V3_FACTORY"
+log "  Pool:       $POOL"

 # Derive Anvil account addresses from their private keys
 ADV_ADDR=$("$CAST" wallet address --private-key "$ADV_PK")
@ -96,11 +98,6 @@ RECENTER_ADDR=$("$CAST" wallet address --private-key "$RECENTER_PK")
 log "  Adversary: $ADV_ADDR  (account 8)"
 log "  Recenter:  $RECENTER_ADDR  (account 2)"

-# Get Uniswap V3 Pool address
-POOL=$("$CAST" call "$V3_FACTORY" "getPool(address,address,uint24)(address)" \
-       "$WETH" "$KRK" "$POOL_FEE" --rpc-url "$RPC_URL" | sed 's/\[.*//;s/[[:space:]]//g')
-log "  Pool:  $POOL"
-
 # ── 3a. recenter() is now public (no recenterAccess needed) ──
 # Any address can call recenter() — TWAP oracle enforces safety.
 log "recenter() is public — no access grant needed"