TieredDrop audit fixes (#281)

* Add validation test for H1

* Fix H1: Out of order lazy minting in TieredDrop causes incorrect claims

* forge updates

* Fix H1:2

* Fix H1_2 validation test comments

* Fix (G-2) Loop variables

Author: nkrishang

contracts/tiered-drop/TieredDrop.sol

@@ -206,7 +206,7 @@ contract TieredDrop is
         totalRemainingInTier[_tier] += _amount;
 
         uint256 startId = nextTokenIdToLazyMint;
-        if (isTierEmpty(_tier)) {
+        if (isTierEmpty(_tier) || nextMetadataIdToMapFromTier[_tier] == type(uint256).max) {
             nextMetadataIdToMapFromTier[_tier] = startId;
         }
 
@@ -275,8 +275,6 @@ contract TieredDrop is
         transferTokensOnClaim(to, quantity, tiersInPriority);
 
         emit TokensClaimed(_msgSender(), to, tokenIdToMint, quantity, tiersInPriority);
-
-        // emit RequestExecuted(_msgSender(), signer, _req);
     }
 
     /*///////////////////////////////////////////////////////////////
@@ -348,18 +346,51 @@ contract TieredDrop is
         uint256 _startIdToMap,
         uint256 _quantity
     ) private {
-        uint256 proxyStartId = nextMetadataIdToMapFromTier[_tier];
-        uint256 proxyEndId = proxyStartId + _quantity;
+        uint256 nextIdFromTier = nextMetadataIdToMapFromTier[_tier];
+        uint256 startTokenId = _startIdToMap;
+
+        TokenRange[] memory tokensInTier = tokensInTier[_tier];
+        uint256 len = tokensInTier.length;
+
+        uint256 qtyRemaining = _quantity;
+
+        for (uint256 i = 0; i < len; i += 1) {
+            TokenRange memory range = tokensInTier[i];
+            uint256 gap = 0;
+
+            if (range.startIdInclusive <= nextIdFromTier && nextIdFromTier < range.endIdNonInclusive) {
+                uint256 proxyStartId = nextIdFromTier;
+                uint256 proxyEndId = proxyStartId + qtyRemaining <= range.endIdNonInclusive
+                    ? proxyStartId + qtyRemaining
+                    : range.endIdNonInclusive;
+
+                gap = proxyEndId - proxyStartId;
 
-        uint256 endTokenId = _startIdToMap + _quantity;
+                uint256 endTokenId = startTokenId + gap;
 
-        endIdsAtMint[lengthEndIdsAtMint] = endTokenId;
-        lengthEndIdsAtMint += 1;
+                endIdsAtMint[lengthEndIdsAtMint] = endTokenId;
+                lengthEndIdsAtMint += 1;
 
-        tierAtEndId[endTokenId] = _tier;
-        proxyTokenRange[endTokenId] = TokenRange(proxyStartId, proxyEndId);
+                tierAtEndId[endTokenId] = _tier;
+                proxyTokenRange[endTokenId] = TokenRange(proxyStartId, proxyEndId);
 
-        nextMetadataIdToMapFromTier[_tier] += _quantity;
+                startTokenId += gap;
+                qtyRemaining -= gap;
+
+                if (nextIdFromTier + gap < range.endIdNonInclusive) {
+                    nextIdFromTier += gap;
+                } else if (i < (len - 1)) {
+                    nextIdFromTier = tokensInTier[i + 1].startIdInclusive;
+                } else {
+                    nextIdFromTier = type(uint256).max;
+                }
+            }
+
+            if (qtyRemaining == 0) {
+                nextMetadataIdToMapFromTier[_tier] = nextIdFromTier;
+                break;
+            }
+        }
     }
 
     /// @dev Returns how much of the total-quantity-to-distribute can come from the given tier.
@@ -408,10 +439,10 @@ contract TieredDrop is
         require(_startIdx < _endIdx && _endIdx <= len, "TieredDrop: invalid indices.");
 
         uint256 numOfRangesForTier = 0;
+        bytes32 hashOfTier = keccak256(abi.encodePacked(_tier));
 
         for (uint256 i = _startIdx; i < _endIdx; i += 1) {
             bytes32 hashOfStoredTier = keccak256(abi.encodePacked(tierAtEndId[endIdsAtMint[i]]));
-            bytes32 hashOfTier = keccak256(abi.encodePacked(_tier));
 
             if (hashOfStoredTier == hashOfTier) {
                 numOfRangesForTier += 1;
@@ -423,7 +454,6 @@ contract TieredDrop is
 
         for (uint256 i = _startIdx; i < _endIdx; i += 1) {
             bytes32 hashOfStoredTier = keccak256(abi.encodePacked(tierAtEndId[endIdsAtMint[i]]));
-            bytes32 hashOfTier = keccak256(abi.encodePacked(_tier));
 
             if (hashOfStoredTier == hashOfTier) {
                 uint256 end = endIdsAtMint[i];

lib/forge-std

@@ -799,6 +799,144 @@ contract TieredDropTest is BaseTest {
     //     assertEq(baseURIs3.length, 1);
     //     assertEq(baseURIs3[0], baseURITier3);
     // }
+
+    ////////////////////////////////////////////////
+    //                                            //
+    //                audit tests                 //
+    //                                            //
+    ////////////////////////////////////////////////
+
+    function test_state_claimWithSignature_IssueH1() public {
+        // Lazy mint tokens: 3 different tiers
+        vm.startPrank(dropAdmin);
+
+        // Tier 1: tokenIds assigned 0 -> 10 non-inclusive.
+        tieredDrop.lazyMint(quantityTier1, baseURITier1, tier1, "");
+        // Tier 2: tokenIds assigned 10 -> 20 non-inclusive.
+        tieredDrop.lazyMint(10, baseURITier2, tier2, "");
+        // Tier 3: tokenIds assigned 20 -> 50 non-inclusive.
+        tieredDrop.lazyMint(quantityTier3, baseURITier3, tier3, "");
+
+        // Tier 2: tokenIds assigned 50 -> 60 non-inclusive.
+        tieredDrop.lazyMint(quantityTier2 - 10, baseURITier2, tier2, "");
+
+        vm.stopPrank();
+
+        string[] memory tiers = new string[](2);
+        tiers[0] = tier2;
+        tiers[1] = tier1;
+
+        uint256 claimQuantity = 25;
+
+        _setupClaimSignature(tiers, claimQuantity);
+
+        assertEq(tieredDrop.hasRole(keccak256("MINTER_ROLE"), deployerSigner), true);
+
+        vm.warp(claimRequest.validityStartTimestamp);
+        vm.prank(claimer);
+        tieredDrop.claimWithSignature(claimRequest, claimSignature);
+        assertEq(tieredDrop.balanceOf(claimer), claimQuantity);
+
+        for (uint256 i = 0; i < claimQuantity; i += 1) {
+            // Outputs:
+            //   Checking 0 baseURI2/10
+            //   Checking 1 baseURI2/11
+            //   Checking 2 baseURI2/12
+            //   Checking 3 baseURI2/13
+            //   Checking 4 baseURI2/14
+            //   Checking 5 baseURI2/15
+            //   Checking 6 baseURI2/16
+            //   Checking 7 baseURI2/17
+            //   Checking 8 baseURI2/18
+            //   Checking 9 baseURI2/19
+            //   Checking 10 baseURI3/50
+            //   Checking 11 baseURI3/51
+            //   Checking 12 baseURI3/52
+            //   Checking 13 baseURI3/53
+            //   Checking 14 baseURI3/54
+            //   Checking 15 baseURI3/55
+            //   Checking 16 baseURI3/56
+            //   Checking 17 baseURI3/57
+            //   Checking 18 baseURI3/58
+            //   Checking 19 baseURI3/59
+            //   Checking 20 baseURI1/0
+            //   Checking 21 baseURI1/1
+            //   Checking 22 baseURI1/2
+            //   Checking 23 baseURI1/3
+            //   Checking 24 baseURI1/4
+            console.log("Checking", i, tieredDrop.tokenURI(i));
+        }
+    }
+
+    function test_state_claimWithSignature_IssueH1_2() public {
+        // Lazy mint tokens: 3 different tiers
+        vm.startPrank(dropAdmin);
+
+        // Tier 1: tokenIds assigned 0 -> 10 non-inclusive.
+        tieredDrop.lazyMint(quantityTier1, baseURITier1, tier1, "");
+        // Tier 2: tokenIds assigned 10 -> 20 non-inclusive.
+        tieredDrop.lazyMint(1, baseURITier2, tier2, ""); // 10 -> 11
+        tieredDrop.lazyMint(9, baseURITier2, tier2, ""); // 11 -> 20
+        // Tier 3: tokenIds assigned 20 -> 50 non-inclusive.
+        tieredDrop.lazyMint(quantityTier3, baseURITier3, tier3, "");
+
+        // Tier 2: tokenIds assigned 50 -> 60 non-inclusive.
+        tieredDrop.lazyMint(quantityTier2 - 10, baseURITier2, tier2, "");
+
+        vm.stopPrank();
+
+        string[] memory tiers = new string[](2);
+        tiers[0] = tier2;
+        tiers[1] = tier1;
+
+        uint256[3] memory claimQuantities = [uint256(1), uint256(3), uint256(21)];
+        uint256 claimedCount = 0;
+        for (uint256 loop = 0; loop < 3; loop++) {
+            uint256 claimQuantity = claimQuantities[loop];
+            uint256 offset = claimedCount;
+
+            _setupClaimSignature(tiers, claimQuantity);
+
+            assertEq(tieredDrop.hasRole(keccak256("MINTER_ROLE"), deployerSigner), true);
+
+            vm.warp(claimRequest.validityStartTimestamp);
+            vm.prank(claimer);
+            tieredDrop.claimWithSignature(claimRequest, claimSignature);
+
+            claimedCount += claimQuantity;
+            assertEq(tieredDrop.balanceOf(claimer), claimedCount);
+
+            for (uint256 i = offset; i < claimQuantity + (offset); i += 1) {
+                // Outputs:
+                //   Checking 0 baseURI2/10
+                //   Checking 1 baseURI2/11
+                //   Checking 2 baseURI2/12
+                //   Checking 3 baseURI2/13
+                //   Checking 4 baseURI2/14
+                //   Checking 5 baseURI2/15
+                //   Checking 6 baseURI2/16
+                //   Checking 7 baseURI2/17
+                //   Checking 8 baseURI2/18
+                //   Checking 9 baseURI2/19
+                //   Checking 10 baseURI3/50
+                //   Checking 11 baseURI3/51
+                //   Checking 12 baseURI3/52
+                //   Checking 13 baseURI3/53
+                //   Checking 14 baseURI3/54
+                //   Checking 15 baseURI3/55
+                //   Checking 16 baseURI3/56
+                //   Checking 17 baseURI3/57
+                //   Checking 18 baseURI3/58
+                //   Checking 19 baseURI3/59
+                //   Checking 20 baseURI1/0
+                //   Checking 21 baseURI1/1
+                //   Checking 22 baseURI1/2
+                //   Checking 23 baseURI1/3
+                //   Checking 24 baseURI1/4
+                console.log("Checking", i, tieredDrop.tokenURI(i));
+            }
+        }
+    }
 }
 
 contract TieredDropBechmarkTest is BaseTest {