Skip to content

Commit

Permalink
rm merkleTree
Browse files Browse the repository at this point in the history
  • Loading branch information
@aroralanuk
aroralanuk committed Dec 20, 2024
1 parent e33a8a1 commit 7baae7d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 55 deletions.
15 changes: 6 additions & 9 deletions solidity/contracts/libs/FraudMessage.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,12 @@ struct Attribution {
library FraudMessage {
function encode(
address signer,
bytes32 merkleTree,
bytes32 digest,
Attribution memory attribution
) internal pure returns (bytes memory) {
return
abi.encodePacked(
signer,
merkleTree,
digest,
uint8(attribution.fraudType),
attribution.timestamp
Expand All @@ -45,15 +43,14 @@ library FraudMessage {

function decode(
bytes calldata _message
) internal pure returns (address, bytes32, bytes32, Attribution memory) {
require(_message.length == 91, "Invalid message length");
) internal pure returns (address, bytes32, Attribution memory) {
require(_message.length == 59, "Invalid message length");

address signer = address(bytes20(_message[0:20]));
bytes32 merkleTree = bytes32(_message[20:52]);
bytes32 digest = bytes32(_message[52:84]);
FraudType fraudType = FraudType(uint8(_message[84]));
uint48 timestamp = uint48(bytes6(_message[85:91]));
bytes32 digest = bytes32(_message[20:52]);
FraudType fraudType = FraudType(uint8(_message[52]));
uint48 timestamp = uint48(bytes6(_message[53:59]));

return (signer, merkleTree, digest, Attribution(fraudType, timestamp));
return (signer, digest, Attribution(fraudType, timestamp));
}
}
14 changes: 4 additions & 10 deletions solidity/contracts/middleware/FraudProofRouter.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ contract FraudProofRouter is GasRouter {
// The AttributeCheckpointFraud contract to obtain the attributions from
AttributeCheckpointFraud public immutable attributeCheckpointFraud;

// Mapping to store the fraud attributions for a given origin, signer, merkle tree, and digest for easy access for client contracts to aide slashing
mapping(uint32 origin => mapping(address signer => mapping(bytes32 merkleTree => mapping(bytes32 digest => Attribution))))
// Mapping to store the fraud attributions for a given origin, signer, and digest for easy access for client contracts to aide slashing
mapping(uint32 origin => mapping(address signer => mapping(bytes32 digest => Attribution)))

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
public fraudAttributions;

// ===================== Events =======================
Expand Down Expand Up @@ -74,13 +74,11 @@ contract FraudProofRouter is GasRouter {
* @notice Sends a fraud proof attribution.
* @param _signer The address of the signer attributed with fraud.
* @param _digest The digest associated with the fraud.
* @param _merkleTree The merkle tree associated with the fraud.
* @return The message ID of the sent fraud proof.
*/
function sendFraudProof(

Check failure

Code scanning / Olympix Integrated Security

Modifying state after making an external call may allow for reentrancy attacks. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy Critical

Modifying state after making an external call may allow for reentrancy attacks. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy

Check notice

Code scanning / Olympix Integrated Security

Reentrant functions which emit events after making an external call may lead to out-of-order events. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy-events Low

Reentrant functions which emit events after making an external call may lead to out-of-order events. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy-events
uint32 _destination,
address _signer,
bytes32 _merkleTree,
bytes32 _digest
) external returns (bytes32) {
Attribution memory attribution = attributeCheckpointFraud.attributions(
Expand All @@ -91,17 +89,14 @@ contract FraudProofRouter is GasRouter {
require(attribution.timestamp != 0, "Attribution does not exist");

Check warning

Code scanning / Olympix Integrated Security

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests

if (_destination == mailbox.localDomain()) {
fraudAttributions[_destination][_signer][_merkleTree][
_digest
] = attribution;
fraudAttributions[_destination][_signer][_digest] = attribution;

emit LocalFraudProofReceived(_signer, _digest, attribution);

return bytes32(0);
} else {
bytes memory encodedMessage = FraudMessage.encode(
_signer,
_merkleTree,
_digest,
attribution
);
Expand Down Expand Up @@ -132,12 +127,11 @@ contract FraudProofRouter is GasRouter {
) internal override {
(
address signer,

Check notice

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
bytes32 merkleTree,
bytes32 digest,

Check notice

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
Attribution memory attribution

Check notice

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
) = FraudMessage.decode(_message);

fraudAttributions[_origin][signer][merkleTree][digest] = attribution;
fraudAttributions[_origin][signer][digest] = attribution;

emit FraudProofReceived(_origin, signer, digest, attribution);
}
Expand Down
42 changes: 6 additions & 36 deletions solidity/test/FraudProofRouter.t.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import {TypeCasts} from "../contracts/libs/TypeCasts.sol";
import {TestAttributeCheckpointFraud} from "../contracts/test/TestAttributeCheckpointFraud.sol";
import {FraudProofRouter} from "../contracts/middleware/FraudProofRouter.sol";
import {MockMailbox} from "../contracts/mock/MockMailbox.sol";
import {TestMerkle} from "../contracts/test/TestMerkle.sol";

contract FraudProofRouterTest is Test {
using TypeCasts for address;
Expand All @@ -17,7 +16,6 @@ contract FraudProofRouterTest is Test {
uint32 public constant DESTINATION_DOMAIN = 2;
MockMailbox internal localMailbox;
MockMailbox internal remoteMailbox;
TestMerkle internal testMerkleHook;
TestAttributeCheckpointFraud public testAcf;
FraudProofRouter public originFpr;
FraudProofRouter public remoteFpr;
Expand All @@ -32,8 +30,6 @@ contract FraudProofRouterTest is Test {
localMailbox.addRemoteMailbox(DESTINATION_DOMAIN, remoteMailbox);
remoteMailbox.addRemoteMailbox(LOCAL_DOMAIN, localMailbox);

testMerkleHook = new TestMerkle();

testAcf = new TestAttributeCheckpointFraud();

vm.startPrank(OWNER);
Expand Down Expand Up @@ -66,7 +62,6 @@ contract FraudProofRouterTest is Test {
function test_sendFraudProof(
address _signer,
bytes32 _digest,
bytes32 _merkleTree,
uint8 _fraudType,
uint48 _timestamp
) public {
Expand All @@ -84,12 +79,7 @@ contract FraudProofRouterTest is Test {
Attribution(fraudTypeEnum, uint48(block.timestamp))
);

originFpr.sendFraudProof(
DESTINATION_DOMAIN,
_signer,
_merkleTree,
_digest
);
originFpr.sendFraudProof(DESTINATION_DOMAIN, _signer, _digest);

vm.expectEmit(true, true, true, true, address(remoteFpr));
emit FraudProofRouter.FraudProofReceived(
Expand All @@ -101,52 +91,32 @@ contract FraudProofRouterTest is Test {
remoteMailbox.processNextInboundMessage();

(FraudType actualFraudType, uint48 actualTimestamp) = remoteFpr
.fraudAttributions(LOCAL_DOMAIN, _signer, _merkleTree, _digest);
.fraudAttributions(LOCAL_DOMAIN, _signer, _digest);

assert(actualFraudType == fraudTypeEnum);
assertEq(actualTimestamp, block.timestamp);
}

function test_sendFraudProof_noAttribution() public {
vm.expectRevert("Attribution does not exist");
originFpr.sendFraudProof(
DESTINATION_DOMAIN,
SIGNER,
TypeCasts.addressToBytes32(address(testMerkleHook)),
DIGEST
);
originFpr.sendFraudProof(DESTINATION_DOMAIN, SIGNER, DIGEST);
}

function test_sendFraudProof_routerNotEnrolled() public {
FraudType fraudType = FraudType.Whitelist;
testAcf.mockSetAttribution(SIGNER, DIGEST, fraudType);

vm.expectRevert("No router enrolled for domain: 3");
originFpr.sendFraudProof(
3,
SIGNER,
TypeCasts.addressToBytes32(address(testMerkleHook)),
DIGEST
);
originFpr.sendFraudProof(3, SIGNER, DIGEST);
}

function test_sendFraudProof_localDomain() public {
testAcf.mockSetAttribution(SIGNER, DIGEST, FraudType.Whitelist);

originFpr.sendFraudProof(
LOCAL_DOMAIN,
SIGNER,
TypeCasts.addressToBytes32(address(testMerkleHook)),
DIGEST
);
originFpr.sendFraudProof(LOCAL_DOMAIN, SIGNER, DIGEST);

(FraudType actualFraudType, uint48 actualTimestamp) = originFpr
.fraudAttributions(
LOCAL_DOMAIN,
SIGNER,
TypeCasts.addressToBytes32(address(testMerkleHook)),
DIGEST
);
.fraudAttributions(LOCAL_DOMAIN, SIGNER, DIGEST);

assert(actualFraudType == FraudType.Whitelist);
assertEq(actualTimestamp, block.timestamp);
Expand Down

0 comments on commit 7baae7d

Please sign in to comment.