update testnet scripts

update README

Author: merklejerk

README.md

@@ -1,8 +1,9 @@
 # HoneyPause
 
-HoneyPause lets whitehats safely and atomically prove a smart contract exploit <i>on-chain</i>, pause the affected protocol, then collect a bounty. Protocols can opt into the system by registering a bounty on the smart contract. The entire system is permissionless, non-custodial, and free!
+HoneyPause is a permissionless on-chain exploit bounty tied to a circuit breaker. HoneyPause lets whitehats safely and atomically prove a smart contract exploit <i>on-chain</i>, pause the affected protocol, then collect a bounty. Protocols can opt into the system by registering a bounty on the smart contract. The entire system is permissionless, non-custodial, and free!
 
 For Ethereum applications that can be exploited in a single transaction, this adds another form of proactive defense that can supplement traditional (off-chain) bug bounties and monitoring.
+
 ## Flow
 
 ### Protocol Registration
@@ -19,33 +20,52 @@ Note that the HoneyPause contract never custodies bounties. It is up to the prot
 A whitehat that has discovered an exploit on a registered protocol will post a `claim()` transaction **TO A PRIVATE MEMPOOL**, providing an **Exploiter** contract that will perform the exploit when called by the HoneyPause contract. The HoneyPause contract will:
 
 1. Call into itself to enter a new call frame.
-    1. Call into the **Exploiter**, applying the exploit.
-    2. Run the protocol's **Verifier** to assert that the protocol has reached an exploited state.
-    3. Revert the call frame, undoing the exploit and bubbling up the result of 2.
+    1. Run the protocol's **Verifier** to assert that the protocol has not been exploited yet and to track any necessary state.
+    2. Call into the **Exploiter**, applying the exploit.
+    3. Run the protocol's **Verifier** again to assert that the protocol has reached an exploited state (success means exploited).
+    4. Revert the call frame, undoing the exploit and bubbling up the result of 3.
 2. If the exploit was successful, we will then:
-    1. Call into the protocol's **Pauser** to freeze the protocol!
+    1. Call into the protocol's **Pauser** to freeze the protocol.
     2. Call into the protocol's **Payer** to pay the bounty to the whitehat.
-    3. Ensure the whitehat received the stipulated bounty amount.
+    3. Ensure the whitehat received the agreed bounty amount.
 
 > ⚠️ It is critical that the whitehat uses a private mempool to submit the transaction to in order to prevent an MEV bot from extracting the exploit from the unmined transaction and frontrunning the claim!
 
 As a further safeguard against extra clever MEV bots, it is recommended that the deployment of the **Exploiter** contract be performed in the same transaction as (prior to) the `claim()` call.
 
 ## Writing Verifiers
 
-TODO
+Verifiers should essentially confirm that some critical invariants or health checks have been violated by the exploit. Protocols need to do the legwork of identifying a robust and comprehensive set of checks that would be considered critical enough to warrant pausing the entire protocol. These would typically be invariants that do not get checked during normal user interactions due to gas constraints.
+
+The verifier contract should expose two methods: `beforeExploit()` and `assertExploit()`. As the names imply, the former is called before the exploit is executed and the latter is called after. Both methods accept an arbitrary `verifierData` bytes array that is provided by the exploiter to help identify an exploit. This may be needed if, for example, the exploit occurs on a specific pool that is not easily discoverable on-chain. You should document the uses of this data in your verifier.
+
+A verifier's `beforeExploit()` function may also return arbitrary, intermediate state data, which is another bytes array. This will ultimately be passed into `assertExploit()`. A verifier can use this data to remember things between calls without affecting state. 
+
+### Risks
+Verifiers should try to ensure that the protocol is not in an exploited state when `beforeExploit()` is called. Otherwise an attacker can exploit a protocol beforehand but still collect the bounty, effectively double-dipping.
+
+If the verifier performs state changes (even transient ones), they should restrict the caller to the HoneyPause contract. Otherwise the verifier may inherit invalid state from a prior call that could affect validation.
+
+## Writing Pausers
+
+Pausers should generally be designed to pause the *entire* protocol. Only the HoneyPause contract should be allowed to call `pause()` on the Pauser contract.
+
+## Writing Payers
+
+Because the system is non-custodial, the Payer contract must be invoked by HoneyPause to transfer the bounty to the whitehat. Only the HoneyPause contract should be allowed to call the `payExploiter()` function. HoneyPause will track the balance of the whitehat to ensure funds have been delivered.
+
+Instead of reserving a pool of payment coins for the bounty, a protocol may choose to perform some kind of just-in-time conversion of its assets towards the bounty. But note that the call to `payExploiter()` actually occurs *after* the protocol has been paused. The delivery mechanism used needs to be distinct from usual operations affected by a pause. Also, be wary of complex conversions as that increases the chances of a secondary exploit occurring in the Payer.
 
 ## Deployed Addresses
 
 | Chain | Address |
 |-------|---------|
-| Ethereum Mainnet | `TBD` |
+| Ethereum Mainnet | `TBD (will deploy if we get on stage)` |
 | Ethereum Sepolia | `0x00a4748f0D0072f65aFe9bb52A723733c5878821` |
 
-
 ## Credits
 
 HoneyPause is an EthDenver hackathon project by the following sleep deprived folks:
-* [@JordanCason](https://github.com/JordanCason)
+* [@CryptRillionair](https://twitter.com/CryptRillionair)
 * [@justinschuldt](https://github.com/justinschuldt)
 * [@merklejerk](https://github.com/merklejerk)

script/demo/SecretProtocol.sol

@@ -5,20 +5,31 @@ import { ERC20 } from 'solmate/tokens/ERC20.sol';
 import { HoneyPause, IVerifier, IPauser, IPayer, IExploiter, ETH_TOKEN } from '../../src/HoneyPause.sol';
 
 contract SecretProtocol {
+    address public immutable pauser;
     bytes3 public hash;
+    bool public paused;
 
     event PreimageFound(bytes32 preimage);
+    event Paused();
 
-    constructor(bytes3 hash_) {
+    constructor(bytes3 hash_, address pauser_) {
         hash = hash_;
+        pauser = pauser_;
     }
 
     function solve(bytes32 preimage) external {
+        require(!paused, 'paused');
         if (hash != 0 && bytes3(keccak256(abi.encode(preimage))) == hash) {
             emit PreimageFound(preimage);
             hash = 0;
         }
     }
+
+    function pause() external {
+        require(msg.sender == pauser, 'not pauser');
+        paused = true;
+        emit Paused();
+    }
 }
 
 contract SecretProtocolVerifier is IVerifier {
@@ -28,10 +39,12 @@ contract SecretProtocolVerifier is IVerifier {
 
     function beforeExploit(bytes memory)
         external returns (bytes memory stateData)
-    {}
+    {
+        require(proto.hash() != 0, 'already exploited');
+    }
 
     function assertExploit(bytes memory, bytes memory) external view {
-        require(proto.hash() != 0, 'not exploited');
+        require(proto.hash() == 0, 'not exploited');
     }
 }
 
@@ -41,4 +54,32 @@ contract SecretExploiter is IExploiter {
             abi.decode(exploiterData, (SecretProtocol, bytes32));
         proto.solve(preimage);
     }
+}
+
+contract SecretProtocolPauser is IPauser {
+    HoneyPause immutable honey;
+    SecretProtocol public immutable proto;
+
+    constructor(HoneyPause honey_, SecretProtocol proto_) {
+        honey = honey_;
+        proto = proto_;
+    }
+
+    function pause() external {
+        require(msg.sender == address(honey), 'not honey');
+        proto.pause();
+    }
+}
+
+contract SecretProtocolPayer is IPayer {
+    HoneyPause immutable honey;
+
+    constructor(HoneyPause honey_) {
+        honey = honey_;
+    }
+
+    function payExploiter(ERC20 token, address payable to, uint256 amount) external {
+        require(msg.sender == address(honey), 'not honey');
+        token.transfer(to, amount);
+    }
 }

script/demo/Testnet.s.sol

@@ -4,17 +4,25 @@ pragma solidity ^0.8.23;
 import { Script, console2 } from 'forge-std/Script.sol';
 import { ERC20 } from 'solmate/tokens/ERC20.sol';
 import { HoneyPause, IVerifier, IPauser, IPayer, ETH_TOKEN } from '../../src/HoneyPause.sol';
-import { SecretProtocol, SecretProtocolVerifier, SecretExploiter } from './SecretProtocol.sol';
+import {
+    SecretProtocol,
+    SecretProtocolVerifier,
+    SecretExploiter,
+    SecretProtocolPauser,
+    SecretProtocolPayer
+} from './SecretProtocol.sol';
 import { TestPayer, TestToken, SucceedingContract, FailingContract } from './Dummies.sol';
 
 contract Testnet is Script {
     uint256 deployerKey;
+    address deployer; 
     HoneyPause honey;
     TestToken usdc;
     address operator;
 
     function setUp() external {
         deployerKey = uint256(vm.envBytes32('DEPLOYER_KEY'));
+        deployer = vm.addr(deployerKey);
         honey = HoneyPause(vm.envAddress('HONEY'));
         usdc = TestToken(vm.envAddress('USDC'));
         operator = vm.envAddress('OPERATOR');
@@ -53,31 +61,18 @@ contract Testnet is Script {
     }
 
     function registerUsdcProtocol(string memory name, uint256 amount, bytes3 hash) external {
+        address pauserAddress = vm.computeCreateAddress(deployer, vm.getNonce(deployer) + 2);
         _broadcast();
-        SecretProtocol proto = new SecretProtocol(hash);
+        SecretProtocol proto = new SecretProtocol(hash, pauserAddress);
         _broadcast();
         IVerifier verifier = new SecretProtocolVerifier(proto);
-        IPauser pauser = IPauser(_deploySucceedingContract()) ;
-        IPayer payer = _deployPayerContract(usdc, amount);
         _broadcast();
-        honey.add({
-            name: name,
-            payoutToken: usdc,
-            payoutAmount: amount,
-            verifier: verifier,
-            pauser: pauser,
-            payer: payer, 
-            operator: operator
-        });
-    }
-
-    function registerEthProtocol(string memory name, uint256 amount, bytes3 hash) external {
+        IPauser pauser = new SecretProtocolPauser(honey, proto);
+        assert(address(pauser) == pauserAddress);
         _broadcast();
-        SecretProtocol proto = new SecretProtocol(hash);
+        IPayer payer = new SecretProtocolPayer(honey);
         _broadcast();
-        IVerifier verifier = new SecretProtocolVerifier(proto);
-        IPauser pauser = IPauser(_deploySucceedingContract()) ;
-        IPayer payer = _deployPayerContract(ETH_TOKEN, amount);
+        usdc.mint(address(payer), amount);
         _broadcast();
         honey.add({
             name: name,