test: add target verification tests for usv2, usv3

foundry/test/executors/UniswapV2Executor.t.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8.26;
 import "@src/executors/UniswapV2Executor.sol";
 import {Test} from "../../lib/forge-std/src/Test.sol";
 import {Constants} from "../Constants.sol";
+import {MockUniswapV2Pool} from "../mock/MockUniswapV2Pool.sol";
 
 contract UniswapV2ExecutorExposed is UniswapV2Executor {
     function decodeParams(bytes calldata data)
@@ -26,6 +27,14 @@ contract UniswapV2ExecutorExposed is UniswapV2Executor {
     {
         return _getAmountOut(target, amountIn, zeroForOne);
     }
+
+    function computePairAddress(address target)
+        external
+        view
+        returns (address pair)
+    {
+        return _computePairAddress(target);
+    }
 }
 
 contract UniswapV2ExecutorTest is UniswapV2ExecutorExposed, Test, Constants {
@@ -62,6 +71,21 @@ contract UniswapV2ExecutorTest is UniswapV2ExecutorExposed, Test, Constants {
         uniswapV2Exposed.decodeParams(invalidParams);
     }
 
+    function testComputePairAddress() public view {
+        address computedPair =
+            uniswapV2Exposed.computePairAddress(WETH_DAI_POOL);
+        assertEq(computedPair, WETH_DAI_POOL);
+    }
+
+    function testComputePairAddressInvalid() public {
+        address tokenA = WETH_ADDR;
+        address tokenB = DAI_ADDR;
+        address maliciousPool = address(new MockUniswapV2Pool(tokenA, tokenB));
+        address computedPair =
+            uniswapV2Exposed.computePairAddress(maliciousPool);
+        assertNotEq(computedPair, maliciousPool);
+    }
+
     function testAmountOut() public view {
         uint256 amountOut =
             uniswapV2Exposed.getAmountOut(WETH_DAI_POOL, 10 ** 18, false);
@@ -80,7 +104,7 @@ contract UniswapV2ExecutorTest is UniswapV2ExecutorExposed, Test, Constants {
         assertGe(amountOut, 0);
     }
 
-    function testSwapUniswapV2() public {
+    function testSwap() public {
         uint256 amountIn = 10 ** 18;
         uint256 amountOut = 1847751195973566072891;
         bool zeroForOne = false;
@@ -120,4 +144,17 @@ contract UniswapV2ExecutorTest is UniswapV2ExecutorExposed, Test, Constants {
         uint256 finalBalance = DAI.balanceOf(BOB);
         assertGe(finalBalance, amountOut);
     }
+
+    function test_RevertIf_InvalidTarget() public {
+        uint256 amountIn = 10 ** 18;
+        bool zeroForOne = false;
+        address maliciousPool =
+            address(new MockUniswapV2Pool(WETH_ADDR, DAI_ADDR));
+        bytes memory protocolData =
+            abi.encodePacked(WETH_ADDR, maliciousPool, BOB, zeroForOne);
+
+        deal(WETH_ADDR, address(uniswapV2Exposed), amountIn);
+        vm.expectRevert(UniswapV2Executor__InvalidTarget.selector);
+        uniswapV2Exposed.swap(amountIn, protocolData);
+    }
 }

foundry/test/executors/UniswapV3Executor.t.sol

@@ -22,6 +22,14 @@ contract UniswapV3ExecutorExposed is UniswapV3Executor {
     {
         return _decodeData(data);
     }
+
+    function computePairAddress(address tokenA, address tokenB, uint24 fee)
+        external
+        view
+        returns (address)
+    {
+        return _computePairAddress(tokenA, tokenB, fee);
+    }
 }
 
 contract UniswapV3ExecutorTest is Test, Constants {
@@ -69,6 +77,20 @@ contract UniswapV3ExecutorTest is Test, Constants {
         uniswapV3Exposed.decodeData(invalidParams);
     }
 
+    function testComputePairAddress() public view {
+        address computedPair =
+            uniswapV3Exposed.computePairAddress(WETH_ADDR, DAI_ADDR, 3000);
+        assertEq(computedPair, DAI_WETH_USV3);
+    }
+
+    function testComputePairAddressInvalid() public view {
+        address maliciousPool = DUMMY; // Contract with malicious behavior
+
+        address computedPair =
+            uniswapV3Exposed.computePairAddress(WETH_ADDR, DAI_ADDR, 3000);
+        assertNotEq(computedPair, maliciousPool);
+    }
+
     function testUSV3Callback() public {
         uint24 poolFee = 3000;
         uint256 amountOwed = 1000000000000000000;
@@ -113,6 +135,25 @@ contract UniswapV3ExecutorTest is Test, Constants {
         assertGe(IERC20(DAI_ADDR).balanceOf(address(this)), expAmountOut);
     }
 
+    function test_RevertIf_InvalidTargetV3() public {
+        uint256 amountIn = 10 ** 18;
+        deal(WETH_ADDR, address(uniswapV3Exposed), amountIn);
+        bool zeroForOne = false;
+        address maliciousPool = DUMMY;
+
+        bytes memory protocolData = abi.encodePacked(
+            WETH_ADDR,
+            DAI_ADDR,
+            uint24(3000),
+            address(this),
+            maliciousPool,
+            zeroForOne
+        );
+
+        vm.expectRevert(UniswapV3Executor__InvalidTarget.selector);
+        uniswapV3Exposed.swap(amountIn, protocolData);
+    }
+
     function encodeUniswapV3Swap(
         address tokenIn,
         address tokenOut,

foundry/test/mock/MockUniswapV2Pool.sol

@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity ^0.8.26;
+
+// Mock for the UniswapV2Pool contract, it is expected to have malicious behavior
+contract MockUniswapV2Pool {
+    address public token0;
+    address public token1;
+
+    constructor(address _tokenA, address _tokenB) {
+        token0 = _tokenA < _tokenB ? _tokenA : _tokenB;
+        token1 = _tokenA < _tokenB ? _tokenB : _tokenA;
+    }
+}