-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Message and Intents are now hashed as per EIP712 #566
Conversation
The Message, StakeIntent, and RedeemIntent now have a new structure and different fields that are part of the hash. Stake and redeem intent now consist of amount, beneficiary, and (originating) gateway address. The Message has as first parameter a hash which is not specific to staking or redeeming. All three pre-images now include a type hash as per EIP712. This means that I was able to remove a lot of stake/redeem specific code for message hashing. A message's hash is now generated regardless of the kind of intent it holds. I added a method `storeMessage` which creates a message hash and stores the message at the hash in the mapping. The reason was to circumvent a "stack too deep" error which prevented me from creating the hash directly in confirm stake/redeem intent. I restructured the tests in an effort to make them more easily understandable. I spent quite some time wrapping my head around the construct. I did not add the domain separator yet, as the hashes are never signed or the signature proven/verified. :warning: Please check that the new logic of how and what is hashed still guarantees correctness and prevents fraud when relaying the messages :warning: Fixes OpenST#415
intentHash, | ||
_stakerNonce, | ||
_gasPrice, | ||
_gasLimit | ||
_gasLimit, | ||
_staker, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a message now has a sender address?
correction: it already did. I'll review tomorrow as well, but don't wait for me as I'll be traveling.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Nice.
Just a few comments.
In general, we should align everyone on JS style guide. One set of IDEs are adding spaces in the new line and {abc: abc}
and another set of IDEs are removing it. We should fix this for all.
contracts/gateway/GatewayBase.sol
Outdated
/** Maps messageHash to the Message object. */ | ||
mapping(bytes32 => MessageBus.Message) messages; | ||
mapping(bytes32 => MessageBus.Message) internal messages; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be public
? Any issue if it will be public?
In one of the other open PR, its changed to public
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed the feedback in code and comments. Still fixing some tests, but please have a look.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀 🤖 🙌
Only 3 minors comments.
This is a big PR, it was very hard to follow changes. 😢
contracts/lib/MockMessageBus.sol
Outdated
@@ -670,7 +641,7 @@ library MockMessageBus { | |||
{ | |||
messageHash_ = keccak256( | |||
abi.encode( | |||
_messageTypeHash, | |||
// TODO: add type hash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this todo
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😱 Fixed
However, I had to add a header to the MessageBus
library. Any better ideas?
/cc @deepesh-kn
Co-Authored-By: schemar <martinschenck@fastmail.com>
…into eip712_hashing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks I made some changes and added some comments.
- The
MockMessageBus
was missing the typehash as part of the message hash (/cc @deepesh-kn) - I am not certain about the
MessageBus
methodsconfirm...
andprogress...
. There are offsets and indexes that may be wrong (inbox/outbox confusion).
contracts/lib/MockMessageBus.sol
Outdated
@@ -670,7 +641,7 @@ library MockMessageBus { | |||
{ | |||
messageHash_ = keccak256( | |||
abi.encode( | |||
_messageTypeHash, | |||
// TODO: add type hash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😱 Fixed
However, I had to add a header to the MessageBus
library. Any better ideas?
/cc @deepesh-kn
…into eip712_hashing
* Updated MockMessageBus from MessageBus
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Message, StakeIntent, and RedeemIntent now have a new structure and
different fields that are part of the hash. Stake and redeem intent now
consist of amount, beneficiary, and (originating) gateway address. The
Message has as first parameter a hash which is not specific to staking
or redeeming.
All three pre-images now include a type hash as per EIP712.
This means that I was able to remove a lot of stake/redeem specific code
for message hashing. A message's hash is now generated regardless of the
kind of intent it holds.
I added a method
storeMessage
which creates a message hash and storesthe message at the hash in the mapping. The reason was to circumvent a
"stack too deep" error which prevented me from creating the hash
directly in confirm stake/redeem intent.
I restructured the tests in an effort to make them more easily
understandable. I spent quite some time wrapping my head around the
construct.
I did not add the domain separator yet, as the hashes are never signed
or the signature proven/verified.
still guarantees correctness and prevents fraud when relaying the
messages
Fixes #415