Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address trail of bits issues #4

Merged
merged 15 commits into from
Jul 14, 2023
Merged

Address trail of bits issues #4

merged 15 commits into from
Jul 14, 2023

Conversation

DefiCake
Copy link
Member

@DefiCake DefiCake commented Jul 12, 2023
edited
Loading

This PR:

  • Adds an utility for adding b256 (encoded erc20 amount coming from uint256 of solidity)
  • Solves the issues found in trail of bits findings
  • Adds new test cases to make sure that we do not experience regression on those findings

Closes #5

@DefiCake DefiCake requested a review from Braqzen July 12, 2023 15:00
@DefiCake DefiCake self-assigned this Jul 12, 2023
@DefiCake DefiCake requested review from luizstacio and K1-R1 July 12, 2023 15:01
@DefiCake DefiCake force-pushed the fix/tob-week-1-issues branch from b56d7a8 to a94557c Compare July 12, 2023 15:03
K1-R1
K1-R1 reviewed Jul 12, 2023
View reviewed changes
Copy link
Member

@K1-R1 K1-R1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you run forc-fmt and Cargo clippy --fix, some of my suggestions will be resolved by these formatters. Overall looks good to me, but I'll await a review from @Braqzen who has worked on this repo most recently

Braqzen
Braqzen reviewed Jul 12, 2023
View reviewed changes
packages/fungible-token/bridge-fungible-token/tests/utils/environment.rs
msg.1.clone(),
))
));
message_nonce[0] += 1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just adding a note because I'm unsure if this is an issue. I believe this will only go up to the u8 limit so if we ever create (if we even can create that many) more than the limit then this may make the entire suite fail.

Perhaps we should add a comment stating this in case this ever becomes an issue

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't message_nonce[0] only overflow at 2^64? message_nonce is really just 4 64bit number, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it's [u8; 32] under the hood

@DefiCake DefiCake force-pushed the fix/tob-week-1-issues branch from fb02103 to c33d368 Compare July 14, 2023 08:45
Braqzen
Braqzen reviewed Jul 14, 2023
View reviewed changes
Copy link
Contributor

@Braqzen Braqzen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is complaining

I would run

  1. forc fmt
  2. cargo fmt
  3. cargo clippy --all-features --all-targets -- -D warnings and fix any issues
  4. cargo test

packages/fungible-token/bridge-fungible-token/src/bridge_fungible_token.sw
@@ -190,7 +213,11 @@ impl FRC20 for Contract {
// Storage-dependant private functions
#[storage(write)]
fn register_refund(from: b256, asset: b256, amount: b256) {
storage.refund_amounts.get(from).insert(asset, amount);
let previous_amount = U256::from(storage.refund_amounts.get(from).get(asset).try_read().unwrap_or(ZERO_B256));
let new_amount = U256::from(amount).add(previous_amount); // U256 has overflow checks built in;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pixelcircuits should we be doing conversions here or should we change the API to use a U256 directly (probably in another PR)?

@DefiCake DefiCake mentioned this pull request Jul 14, 2023
Closed
@DefiCake DefiCake mentioned this pull request Jul 14, 2023
Open
@DefiCake DefiCake merged commit 3df9609 into main Jul 14, 2023
@DefiCake DefiCake deleted the fix/tob-week-1-issues branch July 14, 2023 16:25
@Voxelot Voxelot mentioned this pull request Aug 1, 2023
Closed
This was referenced Aug 26, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Braqzen Braqzen Braqzen approved these changes

@luizstacio luizstacio Awaiting requested review from luizstacio

@K1-R1 K1-R1 Awaiting requested review from K1-R1

@pixelcircuits pixelcircuits Awaiting requested review from pixelcircuits

Assignees

@DefiCake DefiCake

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TOB Findings 3 & 4
4 participants
@DefiCake @pixelcircuits @K1-R1 @Braqzen