skip to content
zeroknots.eth

BrokenToken

solidity, auditing

automatically test smart contracts that interact with ERC20

The ERC20 specification is loosely defined, and many developers violate the few semantic requirements that are imposed. This makes building smart contracts that interface directly with ERC20 tokens challenging.

The BrokenToken is based on a repository of minimal example implementations in Solidity of ERC20 tokens with behavior that may be surprising or unexpected. The tool is intended for use by developers and auditors to test smart contracts that utilize ERC20 tokens and identify potential vulnerabilities.

Usage

forge install zeroknots/brokentoken

Write your ERC20 foundry test as follows:

pragma solidity ^0.8.13;
import "forge-std/Test.sol";

import {BrokenToken} from "brokentoken/BrokenToken.sol";


contract YourTest is Test, BrokenToken {

    function testFoobar() public useBrokenToken { // such wow. much easy.
        deal(address(brokenERC20), bob, 1_000_000);
        brokenERC20.approve(address(vault), 1_000_000);
    }
}

Or if you want to test weird ERC721


pragma solidity ^0.8.13;
import "forge-std/Test.sol";

import {BrokenToken} from "brokentoken/BrokenToken.sol";


contract YourTest is Test, BrokenToken {

    function testFoobar() public useBrokenNFT { // such wow. much easy.
        brokenERC721.mint(alice);
        brokenERC721.transferFrom(alice, bob, tokenId);
    }
}