From f208bd4663ccdcb0d205b50397ea75c4300b5252 Mon Sep 17 00:00:00 2001 From: grandizzy Date: Tue, 29 Apr 2025 10:50:49 +0300 Subject: [PATCH 1/2] feat(forge): add script execution protection config --- crates/config/src/lib.rs | 4 ++++ crates/evm/evm/src/executors/mod.rs | 2 +- crates/forge/tests/cli/config.rs | 5 ++++- crates/forge/tests/cli/script.rs | 11 +++++++++++ crates/script/src/execute.rs | 3 +-- crates/script/src/runner.rs | 12 +++++++----- 6 files changed, 28 insertions(+), 9 deletions(-) diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs index b7d3f0f7e5c0d..562d846daae8c 100644 --- a/crates/config/src/lib.rs +++ b/crates/config/src/lib.rs @@ -523,6 +523,9 @@ pub struct Config { #[serde(default)] pub compilation_restrictions: Vec, + /// Whether to disable the script execution protection. + pub script_execution_protection: bool, + /// PRIVATE: This structure may grow, As such, constructing this structure should /// _always_ be done using a public constructor or update syntax: /// @@ -2412,6 +2415,7 @@ impl Default for Config { additional_compiler_profiles: Default::default(), compilation_restrictions: Default::default(), eof: false, + script_execution_protection: true, _non_exhaustive: (), } } diff --git a/crates/evm/evm/src/executors/mod.rs b/crates/evm/evm/src/executors/mod.rs index 9c4b27e0377dc..5937912e17601 100644 --- a/crates/evm/evm/src/executors/mod.rs +++ b/crates/evm/evm/src/executors/mod.rs @@ -258,7 +258,7 @@ impl Executor { } #[inline] - pub fn set_script(&mut self, script_address: Address) { + pub fn set_script_execution(&mut self, script_address: Address) { self.inspector_mut().script(script_address); } diff --git a/crates/forge/tests/cli/config.rs b/crates/forge/tests/cli/config.rs index 46dd731df9e45..799365fcd1b03 100644 --- a/crates/forge/tests/cli/config.rs +++ b/crates/forge/tests/cli/config.rs @@ -169,6 +169,7 @@ forgetest!(can_extract_config_values, |prj, cmd| { additional_compiler_profiles: Default::default(), compilation_restrictions: Default::default(), eof: false, + script_execution_protection: true, _non_exhaustive: (), }; prj.write_config(input.clone()); @@ -1041,6 +1042,7 @@ transaction_timeout = 120 eof = false additional_compiler_profiles = [] compilation_restrictions = [] +script_execution_protection = true [profile.default.rpc_storage_caching] chains = "all" @@ -1298,7 +1300,8 @@ exclude = [] "transaction_timeout": 120, "eof": false, "additional_compiler_profiles": [], - "compilation_restrictions": [] + "compilation_restrictions": [], + "script_execution_protection": true } "#]]); diff --git a/crates/forge/tests/cli/script.rs b/crates/forge/tests/cli/script.rs index 607158d571bb9..19e5db589b411 100644 --- a/crates/forge/tests/cli/script.rs +++ b/crates/forge/tests/cli/script.rs @@ -2668,6 +2668,17 @@ Error: Usage of `address(this)` detected in script contract. Script contracts ar Error: script failed: ... +"#]]); + + // Disable script protection. + prj.update_config(|config| { + config.script_execution_protection = false; + }); + cmd.assert_success().stdout_eq(str![[r#" +... +Script ran successfully. +... + "#]]); }); diff --git a/crates/script/src/execute.rs b/crates/script/src/execute.rs index 48d37cfca4329..9317381a91632 100644 --- a/crates/script/src/execute.rs +++ b/crates/script/src/execute.rs @@ -144,9 +144,8 @@ impl PreExecutionState { &self.build_data.predeploy_libraries, self.execution_data.bytecode.clone(), needs_setup(&self.execution_data.abi), - self.script_config.sender_nonce, + &self.script_config, self.args.broadcast, - self.script_config.evm_opts.fork_url.is_none(), )?; if setup_result.success { diff --git a/crates/script/src/runner.rs b/crates/script/src/runner.rs index d45a97139dae4..b568cbce28632 100644 --- a/crates/script/src/runner.rs +++ b/crates/script/src/runner.rs @@ -1,4 +1,4 @@ -use super::ScriptResult; +use super::{ScriptConfig, ScriptResult}; use crate::build::ScriptPredeployLibraries; use alloy_eips::eip7702::SignedAuthorization; use alloy_primitives::{Address, Bytes, TxKind, U256}; @@ -33,9 +33,8 @@ impl ScriptRunner { libraries: &ScriptPredeployLibraries, code: Bytes, setup: bool, - sender_nonce: u64, + script_config: &ScriptConfig, is_broadcast: bool, - need_create2_deployer: bool, ) -> Result<(Address, ScriptResult)> { trace!(target: "script", "executing setUP()"); @@ -45,11 +44,12 @@ impl ScriptRunner { self.executor.set_balance(self.evm_opts.sender, U256::MAX)?; } - if need_create2_deployer { + if script_config.evm_opts.fork_url.is_none() { self.executor.deploy_create2_deployer()?; } } + let sender_nonce = script_config.sender_nonce; self.executor.set_nonce(self.evm_opts.sender, sender_nonce)?; // We max out their balance so that they can deploy and make calls. @@ -158,7 +158,9 @@ impl ScriptRunner { } // set script address to be used by execution inspector - self.executor.set_script(address); + if script_config.config.script_execution_protection { + self.executor.set_script_execution(address); + } traces.extend(constructor_traces.map(|traces| (TraceKind::Deployment, traces))); From 32a6f7be89cca7687c9f72d65ce3efd4d008d6f1 Mon Sep 17 00:00:00 2001 From: grandizzy <38490174+grandizzy@users.noreply.github.com> Date: Wed, 30 Apr 2025 16:25:37 +0300 Subject: [PATCH 2/2] Update crates/config/src/lib.rs Co-authored-by: DaniPopes <57450786+DaniPopes@users.noreply.github.com> --- crates/config/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs index 562d846daae8c..c78bde6d8d8e7 100644 --- a/crates/config/src/lib.rs +++ b/crates/config/src/lib.rs @@ -523,7 +523,7 @@ pub struct Config { #[serde(default)] pub compilation_restrictions: Vec, - /// Whether to disable the script execution protection. + /// Whether to enable script execution protection. pub script_execution_protection: bool, /// PRIVATE: This structure may grow, As such, constructing this structure should