Fix CI test failures: proxy deployment, smock corruption, revert assertions, gas values

- Replace upgrades.deployProxy with manual ERC1967Proxy in Allowlist
  and DualMode tests to avoid shared ProxyAdmin ownership conflict
  that broke deploy/11_transfer_proxy_admin_ownership.ts
- Replace smock.fake<TokenStaking> with real staking operations in
  Authorization tests to prevent EVM storage corruption that broke
  Slashing test suite's seize() calls
- Fix governance revert assertions from revertedWithCustomError to
  revertedWith string matching (onlyGovernance uses require, not
  custom errors)
- Update notification reward expectations to 0 (TokenStaking no
  longer configures notification rewards)
- Recalibrate challengeDkgResult gas expectations to match actual
  contract gas costs after Allowlist integration

Author: lrsaturnino

solidity/ecdsa/test/Allowlist.test.ts

@@ -1,12 +1,14 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions, no-restricted-syntax, no-await-in-loop */
-import { ethers, upgrades } from "hardhat"
+import { ethers, helpers } from "hardhat"
 import { smock } from "@defi-wonderland/smock"
 import { expect } from "chai"
 
 import type { FakeContract } from "@defi-wonderland/smock"
 import type { SignerWithAddress } from "@nomiclabs/hardhat-ethers/signers"
 import type { Allowlist, WalletRegistry } from "../typechain"
 
+const { createSnapshot, restoreSnapshot } = helpers.snapshot
+
 const ZERO_ADDRESS = ethers.constants.AddressZero
 
 describe("Allowlist", () => {
@@ -17,6 +19,14 @@ describe("Allowlist", () => {
   let stakingProvider2: SignerWithAddress
   let thirdParty: SignerWithAddress
 
+  before(async () => {
+    await createSnapshot()
+  })
+
+  after(async () => {
+    await restoreSnapshot()
+  })
+
   beforeEach(async () => {
     // Create fake WalletRegistry
     walletRegistry = await smock.fake<WalletRegistry>("WalletRegistry")
@@ -28,15 +38,34 @@ describe("Allowlist", () => {
     stakingProvider2 = sp2
     thirdParty = tp
 
-    // Deploy Allowlist as upgradeable proxy (has _disableInitializers in constructor)
+    // Fund the fake WalletRegistry so it can send transactions when
+    // impersonated via walletRegistry.wallet (needed for
+    // approveAuthorizationDecrease which checks msg.sender == walletRegistry).
+    await governance.sendTransaction({
+      to: walletRegistry.address,
+      value: ethers.utils.parseEther("10"),
+    })
+
+    // Deploy Allowlist proxy using ERC1967Proxy directly instead of
+    // @openzeppelin/hardhat-upgrades' upgrades.deployProxy(). Using
+    // upgrades.deployProxy with kind:"transparent" creates a shared
+    // ProxyAdmin in the OZ manifest. Because this test file runs first
+    // (alphabetically), that ProxyAdmin would be owned by signer[0], but
+    // the deploy scripts expect signer[1] (named "deployer") to own it.
+    // This mismatch causes deploy/11_transfer_proxy_admin_ownership.ts to
+    // fail with "Ownable: caller is not the owner" when other test suites
+    // call deployments.fixture().
     const AllowlistFactory = await ethers.getContractFactory("Allowlist")
-    const proxy = await upgrades.deployProxy(
-      AllowlistFactory,
-      [walletRegistry.address],
-      { kind: "transparent" }
+    const impl = await AllowlistFactory.deploy()
+    await impl.deployed()
+    const initData = AllowlistFactory.interface.encodeFunctionData(
+      "initialize",
+      [walletRegistry.address]
     )
+    const ERC1967ProxyFactory = await ethers.getContractFactory("ERC1967Proxy")
+    const proxy = await ERC1967ProxyFactory.deploy(impl.address, initData)
     await proxy.deployed()
-    allowlist = proxy as Allowlist
+    allowlist = AllowlistFactory.attach(proxy.address) as Allowlist
   })
 
   describe("initialization", () => {
@@ -56,11 +85,17 @@ describe("Allowlist", () => {
 
     it("should revert if initialized with zero address", async () => {
       const AllowlistFactory = await ethers.getContractFactory("Allowlist")
-
+      const impl = await AllowlistFactory.deploy()
+      await impl.deployed()
+      const initData = AllowlistFactory.interface.encodeFunctionData(
+        "initialize",
+        [ZERO_ADDRESS]
+      )
+      const ERC1967ProxyFactory = await ethers.getContractFactory(
+        "ERC1967Proxy"
+      )
       await expect(
-        upgrades.deployProxy(AllowlistFactory, [ZERO_ADDRESS], {
-          kind: "transparent",
-        })
+        ERC1967ProxyFactory.deploy(impl.address, initData)
       ).to.be.reverted
     })
   })

solidity/ecdsa/test/WalletRegistry.Authorization.test.ts

@@ -75,35 +75,45 @@ const MAX_UINT64 = ethers.BigNumber.from("18446744073709551615") // 2^64 - 1
  */
 
 /**
- * Creates a Smock fake for TokenStaking contract with mocked authorization data.
- * Used in Pre-Upgrade and Upgrade Flow tests to simulate stake authorization
- * without using deprecated TokenStaking.stake() and increaseAuthorization() methods.
+ * Sets up real TokenStaking authorization for a staking provider using actual
+ * contract calls instead of smock.fake. This avoids a known smock issue where
+ * smock.fake({address: existingAddress}) corrupts EVM storage in a way that
+ * evm_revert cannot restore, breaking subsequent test suites.
  *
- * TIP-092 Context: Real TokenStaking contract has no write methods for test setup,
- * so we mock the read methods (authorizedStake, rolesOf) to return expected values.
- *
- * @param stakingAddress - Address of the deployed TokenStaking contract to fake
- * @param minimumAuthorization - Amount to return from authorizedStake() calls
- * @param stakingProvider - Address to return as owner/authorizer in rolesOf()
- * @param beneficiary - Address to return as beneficiary in rolesOf()
- * @returns Configured FakeContract<TokenStaking>
+ * @param t - T token contract for minting
+ * @param staking - TokenStaking contract
+ * @param walletRegistry - WalletRegistry contract (application to authorize)
+ * @param deployer - Deployer signer (can mint tokens)
+ * @param stakingProvider - Staking provider signer
+ * @param beneficiary - Beneficiary signer
+ * @param amount - Amount to stake and authorize
  */
-async function createTokenStakingFake(
-  stakingAddress: string,
-  minimumAuthorization: any,
+async function setupRealStaking(
+  t: T,
+  staking: TokenStaking,
+  walletRegistry: WalletRegistry,
+  deployer: SignerWithAddress,
   stakingProvider: SignerWithAddress,
-  beneficiary: SignerWithAddress
-): Promise<FakeContract<TokenStaking>> {
-  const stakingFake = await smock.fake<TokenStaking>("TokenStaking", {
-    address: stakingAddress,
-  })
-  stakingFake.authorizedStake.returns(minimumAuthorization)
-  stakingFake.rolesOf.returns([
-    stakingProvider.address,
-    beneficiary.address,
-    stakingProvider.address,
-  ])
-  return stakingFake
+  beneficiary: SignerWithAddress,
+  amount: any
+): Promise<void> {
+  await t.connect(deployer).mint(stakingProvider.address, amount)
+  await t.connect(stakingProvider).approve(staking.address, amount)
+  await staking
+    .connect(stakingProvider)
+    .stake(
+      stakingProvider.address,
+      beneficiary.address,
+      stakingProvider.address,
+      amount
+    )
+  await staking
+    .connect(stakingProvider)
+    .increaseAuthorization(
+      stakingProvider.address,
+      walletRegistry.address,
+      amount
+    )
 }
 
 /**
@@ -3729,11 +3739,16 @@ describe("WalletRegistry - Migration Scenario Tests (TIP-092)", () => {
   const stakedAmount = to1e18(1000000) // 1M T
 
   before("load test fixture", async () => {
-    await createSnapshot()
-
-    // Deploy fixture in default TokenStaking mode
+    // Deploy fixture BEFORE taking snapshot. The order matters because
+    // deployments.fixture() caches an internal EVM snapshot. If we took
+    // our snapshot first (lower ID), restoreSnapshot() would call
+    // evm_revert(lowerID) which invalidates ALL snapshots with higher IDs
+    // — including the deploy cache. This would break deployments.fixture()
+    // for all subsequent test suites (e.g., Slashing, WalletCreation).
     await deployments.fixture()
 
+    await createSnapshot()
+
     t = await helpers.contracts.getContract("T")
     walletRegistry = await helpers.contracts.getContract("WalletRegistry")
     sortitionPool = await helpers.contracts.getContract("EcdsaSortitionPool")
@@ -3770,31 +3785,24 @@ describe("WalletRegistry - Migration Scenario Tests (TIP-092)", () => {
    * Coverage: Tests the false branch of ternary operator in _currentAuthorizationSource()
    */
   describe("Pre-Upgrade Mode (TokenStaking Authorization)", () => {
-    let stakingFake: FakeContract<TokenStaking>
-
     before(async () => {
       await createSnapshot()
 
-      // Setup: Mock TokenStaking authorization using Smock fake
-      stakingFake = await createTokenStakingFake(
-        staking.address,
-        minimumAuthorization,
+      // Setup: Use real TokenStaking for authorization (avoids smock.fake
+      // storage corruption that breaks evm_revert for subsequent tests)
+      await setupRealStaking(
+        t,
+        staking,
+        walletRegistry,
+        deployer,
         stakingProvider,
-        beneficiary
+        beneficiary,
+        minimumAuthorization
       )
 
       // Setup: Deactivate chaosnet to allow operators to join sortition pool
       await deactivateChaosnetMode(sortitionPool)
 
-      // Setup: Trigger authorization callback for staking provider
-      await triggerAuthorizationCallback(
-        walletRegistry,
-        staking.address,
-        stakingProvider.address,
-        ethers.BigNumber.from(0),
-        minimumAuthorization
-      )
-
       // Setup: Register operator with authorized stake
       await walletRegistry
         .connect(stakingProvider)
@@ -3979,17 +3987,19 @@ describe("WalletRegistry - Migration Scenario Tests (TIP-092)", () => {
    */
   describe("NOT MIGRATED Touchpoints", () => {
     let allowlist: FakeContract<IStaking>
-    let stakingFake: FakeContract<TokenStaking>
 
     before(async () => {
       await createSnapshot()
 
-      // Setup: Mock TokenStaking for beneficiary lookup (NOT migrated to Allowlist)
-      stakingFake = await createTokenStakingFake(
-        staking.address,
-        minimumAuthorization,
+      // Setup: Use real TokenStaking for beneficiary roles (NOT migrated to Allowlist)
+      await setupRealStaking(
+        t,
+        staking,
+        walletRegistry,
+        deployer,
         stakingProvider,
-        beneficiary
+        beneficiary,
+        minimumAuthorization
       )
 
       // Setup: Create allowlist fake and upgrade (but beneficiary still in TokenStaking)
@@ -4043,31 +4053,24 @@ describe("WalletRegistry - Migration Scenario Tests (TIP-092)", () => {
    */
   describe("Upgrade Flow", () => {
     let allowlist: FakeContract<IStaking>
-    let stakingFake: FakeContract<TokenStaking>
 
     before(async () => {
       await createSnapshot()
 
-      // Setup: Mock TokenStaking authorization (pre-upgrade state)
-      stakingFake = await createTokenStakingFake(
-        staking.address,
-        minimumAuthorization,
+      // Setup: Use real TokenStaking authorization (pre-upgrade state)
+      await setupRealStaking(
+        t,
+        staking,
+        walletRegistry,
+        deployer,
         stakingProvider,
-        beneficiary
+        beneficiary,
+        minimumAuthorization
       )
 
       // Setup: Deactivate chaosnet to allow operators to join sortition pool
       await deactivateChaosnetMode(sortitionPool)
 
-      // Setup: Trigger authorization callback for staking provider (pre-upgrade)
-      await triggerAuthorizationCallback(
-        walletRegistry,
-        staking.address,
-        stakingProvider.address,
-        ethers.BigNumber.from(0),
-        minimumAuthorization
-      )
-
       // Setup: Register operator and join pool (before upgrade)
       await walletRegistry
         .connect(stakingProvider)

solidity/ecdsa/test/WalletRegistry.DualMode.test.ts

@@ -1,12 +1,14 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions */
-import { ethers, upgrades } from "hardhat"
+import { ethers, helpers } from "hardhat"
 import { smock } from "@defi-wonderland/smock"
 import { expect } from "chai"
 
 import type { FakeContract } from "@defi-wonderland/smock"
 import type { SignerWithAddress } from "@nomiclabs/hardhat-ethers/signers"
 import type { WalletRegistry, Allowlist, IStaking } from "../typechain"
 
+const { createSnapshot, restoreSnapshot } = helpers.snapshot
+
 const ZERO_ADDRESS = ethers.constants.AddressZero
 
 describe("WalletRegistry - Dual-Mode Authorization", () => {
@@ -19,6 +21,14 @@ describe("WalletRegistry - Dual-Mode Authorization", () => {
   let operator: SignerWithAddress
   let unauthorizedCaller: SignerWithAddress
 
+  before(async () => {
+    await createSnapshot()
+  })
+
+  after(async () => {
+    await restoreSnapshot()
+  })
+
   beforeEach(async () => {
     const signers = await ethers.getSigners()
     ;[deployer, governance, stakingProvider, operator, unauthorizedCaller] =
@@ -41,7 +51,16 @@ describe("WalletRegistry - Dual-Mode Authorization", () => {
     const randomBeacon = await smock.fake("IRandomBeacon")
     const reimbursementPool = await smock.fake("ReimbursementPool")
 
-    // Deploy WalletRegistry as upgradeable proxy with library linking
+    // Deploy WalletRegistry proxy using ERC1967Proxy directly instead of
+    // @openzeppelin/hardhat-upgrades' upgrades.deployProxy(). Using
+    // upgrades.deployProxy with kind:"transparent" creates a shared
+    // ProxyAdmin in the OZ manifest. Because this test file runs before
+    // tests that use deployments.fixture(), that ProxyAdmin would be owned
+    // by signer[0], but the deploy scripts expect signer[1] (named
+    // "deployer") to own it. This mismatch causes
+    // deploy/11_transfer_proxy_admin_ownership.ts to fail with
+    // "Ownable: caller is not the owner" when other test suites call
+    // deployments.fixture().
     const WalletRegistryFactory = await ethers.getContractFactory(
       "WalletRegistry",
       {
@@ -51,15 +70,25 @@ describe("WalletRegistry - Dual-Mode Authorization", () => {
       }
     )
 
-    walletRegistry = (await upgrades.deployProxy(
-      WalletRegistryFactory,
-      [dkgValidator.address, randomBeacon.address, reimbursementPool.address],
-      {
-        constructorArgs: [sortitionPool.address, stakingContract.address],
-        unsafeAllow: ["external-library-linking", "state-variable-immutable"],
-      }
-    )) as WalletRegistry
-    await walletRegistry.deployed()
+    const impl = await WalletRegistryFactory.deploy(
+      sortitionPool.address,
+      stakingContract.address
+    )
+    await impl.deployed()
+
+    const initData = WalletRegistryFactory.interface.encodeFunctionData(
+      "initialize",
+      [dkgValidator.address, randomBeacon.address, reimbursementPool.address]
+    )
+
+    const ERC1967ProxyFactory =
+      await ethers.getContractFactory("ERC1967Proxy")
+    const proxy = await ERC1967ProxyFactory.deploy(impl.address, initData)
+    await proxy.deployed()
+
+    walletRegistry = WalletRegistryFactory.attach(
+      proxy.address
+    ) as WalletRegistry
   })
 
   describe("initializeV2", () => {