more testing. add reentrancy guard

Author: devinaconley

contracts/Geyser.sol

@@ -18,6 +18,7 @@ import "@openzeppelin/contracts/math/SafeMath.sol";
 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
 import "@openzeppelin/contracts/access/Ownable.sol";
+import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 
 import "./IGeyser.sol";
 import "./GeyserPool.sol";
@@ -26,7 +27,7 @@ import "./MathUtils.sol";
 /**
  * @title Geyser
  */
-contract Geyser is IGeyser {
+contract Geyser is IGeyser, ReentrancyGuard {
     using SafeMath for uint256;
     using SafeERC20 for IERC20;
     using MathUtils for int128;
@@ -279,7 +280,7 @@ contract Geyser is IGeyser {
     /**
      * @inheritdoc IGeyser
      */
-    function update() external override {
+    function update() external override nonReentrant {
         _update(msg.sender);
     }
 
@@ -325,7 +326,7 @@ contract Geyser is IGeyser {
         address staker,
         address beneficiary,
         uint256 amount
-    ) private {
+    ) private nonReentrant {
         // validate
         require(amount > 0, "Geyser: stake amount is zero");
         require(
@@ -370,7 +371,11 @@ contract Geyser is IGeyser {
      * @param gysr number of GYSR tokens applied to unstaking operation
      * @return number of reward tokens distributed
      */
-    function _unstake(uint256 amount, uint256 gysr) private returns (uint256) {
+    function _unstake(uint256 amount, uint256 gysr)
+        private
+        nonReentrant
+        returns (uint256)
+    {
         // validate
         require(amount > 0, "Geyser: unstake amount is zero");
         require(

contracts/test/TestERC20.sol

@@ -24,3 +24,13 @@ contract TestLiquidityToken is ERC20 {
         _mint(msg.sender, _totalSupply);
     }
 }
+
+contract TestIndivisibleToken is ERC20 {
+    uint256 DECIMALS = 0;
+    uint256 _totalSupply = 1000;
+
+    constructor() public ERC20("TestIndivisibleToken", "IND") {
+        _setupDecimals(uint8(DECIMALS));
+        _mint(msg.sender, _totalSupply);
+    }
+}

contracts/test/TestReentrant.sol

@@ -0,0 +1,111 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.6.12;
+
+import "@openzeppelin/contracts/token/ERC777/ERC777.sol";
+import "@openzeppelin/contracts/token/ERC777/IERC777Sender.sol";
+import "@openzeppelin/contracts/introspection/ERC1820Implementer.sol";
+import "@openzeppelin/contracts/introspection/IERC1820Registry.sol";
+import "../IGeyser.sol";
+
+contract TestReentrantToken is ERC777 {
+    uint256 _totalSupply = 10 * 10**6 * 10**18;
+
+    constructor() public ERC777("ReentrantToken", "RE", new address[](0)) {
+        _mint(msg.sender, _totalSupply, "", "");
+    }
+}
+
+contract TestReentrantProxy is IERC777Sender, ERC1820Implementer {
+    address private _geyser;
+    uint256 private _last;
+    uint256 private _amount;
+    uint256 private _mode;
+
+    constructor() public {
+        _geyser = address(0);
+        _last = 0;
+        _amount = 0;
+        _mode = 0;
+    }
+
+    function register(
+        bytes32 interfaceHash,
+        address addr,
+        address registry
+    ) external {
+        _registerInterfaceForAddress(interfaceHash, addr);
+        IERC1820Registry reg = IERC1820Registry(registry);
+        reg.setInterfaceImplementer(
+            address(this),
+            interfaceHash,
+            address(this)
+        );
+    }
+
+    function target(
+        address geyser,
+        uint256 amount,
+        uint256 mode
+    ) external {
+        _geyser = geyser;
+        _amount = amount;
+        _mode = mode;
+    }
+
+    function deposit(address token, uint256 amount) external {
+        IERC20 tkn = IERC20(token);
+        uint256 temp = _mode;
+        _mode = 0;
+        tkn.transferFrom(msg.sender, address(this), amount);
+        _mode = temp;
+        tkn.approve(_geyser, 100000 * 10**18);
+    }
+
+    function withdraw(address token, uint256 amount) external {
+        IERC20 tkn = IERC20(token);
+        uint256 temp = _mode;
+        _mode = 0;
+        tkn.transfer(msg.sender, amount);
+        _mode = temp;
+    }
+
+    function stake(uint256 amount) external {
+        IGeyser geyser = IGeyser(_geyser);
+        geyser.stake(amount, "");
+    }
+
+    function unstake(uint256 amount) external {
+        IGeyser geyser = IGeyser(_geyser);
+        geyser.unstake(amount, "");
+    }
+
+    function tokensToSend(
+        address,
+        address,
+        address,
+        uint256,
+        bytes calldata,
+        bytes calldata
+    ) external override {
+        if (block.timestamp == _last) {
+            return;
+        }
+        _last = block.timestamp;
+        _exploit();
+    }
+
+    function _exploit() private {
+        if (_geyser == address(0)) {
+            return;
+        }
+        IGeyser geyser = IGeyser(_geyser);
+        if (_mode == 1) {
+            geyser.stake(_amount, "");
+        } else if (_mode == 2) {
+            geyser.unstake(_amount, "");
+        } else if (_mode == 3) {
+            geyser.update();
+        }
+    }
+}

test/geyser.js

@@ -1162,6 +1162,82 @@ describe('geyser', function () {
         expect(mult).to.be.equal(3.0);
       });
     });
+
+    describe('when configured with 0 day time bonus period', function () {
+
+      beforeEach(async function () {
+        // owner creates geyser
+        this.geyser = await Geyser.new(
+          this.staking.address,
+          this.reward.address,
+          bonus(0.5),
+          bonus(2),
+          days(0),
+          this.gysr.address,
+          { from: owner }
+        );
+        // owner funds geyser
+        await this.reward.transfer(owner, tokens(10000), { from: org });
+        await this.reward.approve(this.geyser.address, tokens(100000), { from: owner });
+        await this.geyser.methods['fund(uint256,uint256)'](
+          tokens(1000), days(180),
+          { from: owner }
+        );
+      });
+
+      it('should be max time bonus for t = 0', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(0), 10, 18);
+        expect(mult).to.be.equal(3.0);
+      });
+
+      it('should be max time bonus for t > 0 days', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(days(30)), 10, 18);
+        expect(mult).to.be.equal(3.0);
+      });
+    });
+
+    describe('when configured with 0.0 max time bonus', function () {
+
+      beforeEach(async function () {
+        // owner creates geyser
+        this.geyser = await Geyser.new(
+          this.staking.address,
+          this.reward.address,
+          bonus(0.0),
+          bonus(0.0),
+          days(90),
+          this.gysr.address,
+          { from: owner }
+        );
+        // owner funds geyser
+        await this.reward.transfer(owner, tokens(10000), { from: org });
+        await this.reward.approve(this.geyser.address, tokens(100000), { from: owner });
+        await this.geyser.methods['fund(uint256,uint256)'](
+          tokens(1000), days(180),
+          { from: owner }
+        );
+      });
+
+      it('should be 1.0 time bonus for t = 0', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(0), 10, 18);
+        expect(mult).to.be.equal(1.0);
+      });
+
+      it('should be 1.0 time bonus for 0 < t < period', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(days(30)), 10, 18);
+        expect(mult).to.be.equal(1.0);
+      });
+
+      it('should be 1.0 time bonus for t = period', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(days(90)), 10, 18);
+        expect(mult).to.be.equal(1.0);
+      });
+
+      it('should be 1.0 time bonus for t > period', async function () {
+        const mult = fromFixedPointBigNumber(await this.geyser.timeBonus(days(120)), 10, 18);
+        expect(mult).to.be.equal(1.0);
+      });
+    });
   });
 
   describe('withdraw', function () {