Fix/test suite stability #1374
Open
Fix/test suite stability #1374
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR improves the stability and correctness of several security-focused test suites in Seaport v1.6.
The main goal of these changes is to ensure consistent behavior across advanced order flows, replay-attack protection, and conduit/channel authorization.
Multiple tests were previously failing in the security suites due to missing order field initialization, unvalidated conduit keys, or provider-level signature errors.
These fixes ensure full reliability of the suite and remove all false-positive failures.
What Was Done
Ensured all order fields (startTime, endTime, nonce, counter, zone, etc.) are correctly populated.
Deep-cloning of orders now preserves signature format.
Provider-level EIP-712 signature reverts are now handled gracefully.
Guarantees correct behavior for:
Modified order parameters
Cancelled orders
Cross-chain replay
Modified offerer
Introduced:
validateAddress()
validateConduitKey()
ensureOrderFields()
These prevent:
Incorrect conduit key formatting
Missing approvals
Zero-key misuse
Unauthorized channel execution attempts
Improved handling for:
Empty offer array orders
Large batch test items (50–200)
Duplicate consideration items
Zero-amount transfers
Orders with mismatched times
Partial fills with malformed fractions
These tests now execute reliably or revert with expected behavior.
Random / extreme fuzz tests were failing due to uninitialized fields and undefined addresses.
Added validations so:
All generated items have safe limits
Required order fields are always present
Invalid fuzz inputs throw controlled errors, not unexpected failures
Result:
All fuzz tests complete without suite-breaking errors.
These tests protect Seaport's core transaction logic against:
Replay attacks
Unauthorized conduit/channel usage
Invalid or malformed order data
Overflow conditions
Signature manipulation
Faulty recipient behavior
Bad actor attempts in complex match flows
They ensure Seaport order execution remains secure, predictable, and fail-safe, even under extreme or adversarial conditions.
Test Results
After the fixes:
295/298 → 298/298 passing
Conduit attack scenarios 100% passing
Signature replay tests stable
Fuzz suite runs without critical failures
No more “nonce too low” provider errors
All edge-case tests execute correctly