From a2f89968dbf52e71ab6a897d035ca3c642ffb555 Mon Sep 17 00:00:00 2001 From: openhands Date: Mon, 16 Mar 2026 12:02:17 +0000 Subject: [PATCH] fix: fix: red-team.sh V3_FACTORY hardcodes Base mainnet address instead of Sepolia (#854) bootstrap-light.sh now extracts the Uniswap V3 pool address from DeployLocal.sol deploy output and writes both Pool and V3Factory (Base Sepolia: 0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24) into deployments-local.json alongside the existing contract addresses. red-team.sh now reads V3_FACTORY and POOL from deployments-local.json instead of hardcoding the Base mainnet factory address (0x33128a8fC17869897dcE68Ed026d694621f6FDfD), and removes the getPool() RPC call that always failed with "contract does not have any code" on the Sepolia fork. Co-Authored-By: Claude Sonnet 4.6 --- scripts/harb-evaluator/bootstrap-light.sh | 10 +++++++++- scripts/harb-evaluator/red-team.sh | 21 +++++++++------------ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/scripts/harb-evaluator/bootstrap-light.sh b/scripts/harb-evaluator/bootstrap-light.sh index 4c6fd7f..745f993 100755 --- a/scripts/harb-evaluator/bootstrap-light.sh +++ b/scripts/harb-evaluator/bootstrap-light.sh @@ -47,13 +47,21 @@ LM=$(echo "$DEPLOY_OUT" | grep -oP 'LiquidityManager deployed: \K0x[a-fA-F0-9]+' [[ -n "$LM" ]] || die "Could not extract LiquidityManager address from deploy output" +POOL=$(echo "$DEPLOY_OUT" | grep -oP 'Pool: \K0x[a-fA-F0-9]+' | head -1) +[[ -n "$POOL" ]] || die "Could not extract Pool address from deploy output" + +# Base Sepolia Uniswap V3 Factory — must match v3Factory constant in DeployLocal.sol +V3_FACTORY="0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24" + cat > "$ONCHAIN_DIR/deployments-local.json" << EOF { "contracts": { "Kraiken": "$KRK", "Stake": "$STAKE", "LiquidityManager": "$LM", - "OptimizerProxy": "$OPT" + "OptimizerProxy": "$OPT", + "Pool": "$POOL", + "V3Factory": "$V3_FACTORY" } } EOF diff --git a/scripts/harb-evaluator/red-team.sh b/scripts/harb-evaluator/red-team.sh index 3d68662..9f27438 100755 --- a/scripts/harb-evaluator/red-team.sh +++ b/scripts/harb-evaluator/red-team.sh @@ -45,8 +45,6 @@ RECENTER_PK=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a WETH=0x4200000000000000000000000000000000000006 # Base mainnet SwapRouter02 — https://basescan.org/address/0x2626664c2603336E57B271c5C0b26F421741e481 SWAP_ROUTER=0x2626664c2603336E57B271c5C0b26F421741e481 -# Base mainnet Uniswap V3 Factory — https://basescan.org/address/0x33128a8fC17869897dcE68Ed026d694621f6FDfD -V3_FACTORY=0x33128a8fC17869897dcE68Ed026d694621f6FDfD # Base mainnet NonfungiblePositionManager — https://basescan.org/address/0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3 NPM=0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3 POOL_FEE=10000 @@ -78,17 +76,21 @@ KRK=$(jq -r '.contracts.Kraiken' "$DEPLOYMENTS") STAKE=$(jq -r '.contracts.Stake' "$DEPLOYMENTS") LM=$(jq -r '.contracts.LiquidityManager' "$DEPLOYMENTS") OPT=$(jq -r '.contracts.OptimizerProxy' "$DEPLOYMENTS") +V3_FACTORY=$(jq -r '.contracts.V3Factory' "$DEPLOYMENTS") +POOL=$(jq -r '.contracts.Pool' "$DEPLOYMENTS") -for var in KRK STAKE LM OPT; do +for var in KRK STAKE LM OPT V3_FACTORY POOL; do val="${!var}" [[ -n "$val" && "$val" != "null" ]] \ || die "$var address missing from deployments-local.json — was bootstrap successful?" done -log " KRK: $KRK" -log " STAKE: $STAKE" -log " LM: $LM" -log " OPT: $OPT" +log " KRK: $KRK" +log " STAKE: $STAKE" +log " LM: $LM" +log " OPT: $OPT" +log " V3_FACTORY: $V3_FACTORY" +log " Pool: $POOL" # Derive Anvil account addresses from their private keys ADV_ADDR=$("$CAST" wallet address --private-key "$ADV_PK") @@ -96,11 +98,6 @@ RECENTER_ADDR=$("$CAST" wallet address --private-key "$RECENTER_PK") log " Adversary: $ADV_ADDR (account 8)" log " Recenter: $RECENTER_ADDR (account 2)" -# Get Uniswap V3 Pool address -POOL=$("$CAST" call "$V3_FACTORY" "getPool(address,address,uint24)(address)" \ - "$WETH" "$KRK" "$POOL_FEE" --rpc-url "$RPC_URL" | sed 's/\[.*//;s/[[:space:]]//g') -log " Pool: $POOL" - # ── 3a. recenter() is now public (no recenterAccess needed) ── # Any address can call recenter() — TWAP oracle enforces safety. log "recenter() is public — no access grant needed"