Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature(AuthMultisig): removing auth logic from the gateway #110

Merged
merged 10 commits into from
Jun 16, 2022
Merged

feature(AuthMultisig): removing auth logic from the gateway #110

merged 10 commits into from
Jun 16, 2022

Conversation

re1ro
Copy link
Contributor

@re1ro re1ro commented Jun 9, 2022
edited
Loading

  • Removing AxelarGatewayMultisig and AxelarGatewaySinglesig implementations
  • Moving execute login into AxelarGateway
  • Adding general IAxelarAuthModule interface
  • Creating AxelarAuthMultisig module implementing the interface
  • Storing only the hash of operators in storage, list of operators and threshold need to be passed with signatures
  • Fixed existing unit tests
  • Auth test coverage

@re1ro re1ro self-assigned this Jun 9, 2022
re1ro added 2 commits June 8, 2022 21:58
@re1ro
Merge branch 'main' into feat/auth-module
4fb8bf4 
# Conflicts:
#	contracts/AxelarGateway.sol
#	contracts/AxelarGatewayMultisig.sol
#	contracts/AxelarGatewaySinglesig.sol
#	contracts/interfaces/IAxelarGateway.sol
@re1ro
refactor(AuthMultisig): removing old multi and singlesig interfaces
8c7265a
fish-sammy
fish-sammy requested changes Jun 11, 2022
View reviewed changes
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated
Comment on lines 102 to 125
uint256 operatorsCount = operators.length;
uint256 operatorsIndex = 0;
uint256 signatureCount = signatures.length;

// looking for signers within operators
// assuming that both operators and signers are sorted
for (uint256 i; i < signatureCount; ++i) {
address signer = ECDSA.recover(messageHash, signatures[i]);
if (signer == operators[operatorsIndex]) {
++operatorsIndex;
} else {
// keep looping through operators to find the signer
while (operatorsIndex < operatorsCount) {
++operatorsIndex;
if (signer == operators[operatorsIndex]) break;
}
// check if we ran out of operators
if (operatorsIndex < operatorsCount) {
++operatorsIndex;
} else {
revert MalformedSigners();
}
}
}
Copy link
Contributor

@fish-sammy fish-sammy Jun 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uint256 operatorsCount = operators.length;
uint256 operatorsIndex = 0;
uint256 signatureCount = signatures.length;
// looking for signers within operators
// assuming that both operators and signers are sorted
for (uint256 i; i < signatureCount; ++i) {
address signer = ECDSA.recover(messageHash, signatures[i]);
if (signer == operators[operatorsIndex]) {
++operatorsIndex;
} else {
// keep looping through operators to find the signer
while (operatorsIndex < operatorsCount) {
++operatorsIndex;
if (signer == operators[operatorsIndex]) break;
}
// check if we ran out of operators
if (operatorsIndex < operatorsCount) {
++operatorsIndex;
} else {
revert MalformedSigners();
}
}
}
uint256 j = 0;
// looking for signers within operators
// assuming that both operators and signatures are sorted
for (uint256 i; i < signatures.length; ++i) {
address signer = ECDSA.recover(messageHash, signatures[i]);
for (; j < operators.length && signer != operators[j]; ++j) {}
if (j == operators.length) revert MalformedSigners();
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice simplification! It became this

        uint256 j = 0;
        // looking for signers within operators
        // assuming that both operators and signatures are sorted
        for (uint256 i = 0; i < signatures.length; ++i) {
            address signer = ECDSA.recover(messageHash, signatures[i]);
            // looping through remaining operators to find a match
            for (; j < operators.length && signer != operators[j]; ++j) {}
            if (j == operators.length) revert MalformedSigners();
            // increasing operators index if match was found
            ++j;
        }

contracts/AxelarGateway.sol Outdated Show resolved Hide resolved
contracts/AxelarAuthMultisig.sol Outdated Show resolved Hide resolved
contracts/AxelarGateway.sol Outdated
tokenAddress,
abi.encodeWithSelector(IERC20.transferFrom.selector, sender, address(this), amount)
);
if (operatorshipParams.length > 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When should operatorshipParams be empty?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we don't want to transfer operatorship on upgrade?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On initial deployment we want to pass admins, but not the operators, because gateway is not the owner of the auth yet

contracts/AxelarGateway.sol Outdated Show resolved Hide resolved
@re1ro re1ro marked this pull request as ready for review June 15, 2022 16:39
@re1ro re1ro requested a review from fish-sammy June 15, 2022 20:10
fish-sammy
fish-sammy reviewed Jun 16, 2022
View reviewed changes
contracts/AxelarAuthMultisig.sol Outdated

uint8 internal constant OLD_KEY_RETENTION = 16;

constructor(bytes memory recentOperators) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
constructor(bytes memory recentOperators) {
constructor(bytes[] memory recentOperators) {

why not just?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea

contracts/AxelarGateway.sol Outdated
Comment on lines 457 to 458
uint256 signersRole;
(chainId, signersRole, commandIds, commands, params) = abi.decode(executeData, (uint256, uint256, bytes32[], string[], bytes[]));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uint256 signersRole;
(chainId, signersRole, commandIds, commands, params) = abi.decode(executeData, (uint256, uint256, bytes32[], string[], bytes[]));
(chainId, , commandIds, commands, params) = abi.decode(executeData, (uint256, uint256, bytes32[], string[], bytes[]));

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied, my IDE is complaining, but it compiles with no problems

contracts/AxelarGateway.sol Outdated
bytes[] memory params_
) {
(chainId, commandIds, commands, params) = (chainId_, commandIds_, commands_, params_);
} catch (bytes memory) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
} catch (bytes memory) {
} catch {

@re1ro re1ro merged commit a941ff5 into main Jun 16, 2022
@re1ro re1ro deleted the feat/auth-module branch June 16, 2022 18:14
@re1ro re1ro mentioned this pull request Jul 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fish-sammy fish-sammy fish-sammy approved these changes

@deluca-mike deluca-mike Awaiting requested review from deluca-mike

@Foivos Foivos Awaiting requested review from Foivos

Assignees

@re1ro re1ro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@re1ro @fish-sammy