Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(contracts): quote management for L2->L1 hooks #4552

Merged
merged 56 commits into from
Oct 31, 2024
Merged
Show file tree
Hide file tree
Changes from 53 commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
1560f5c
add fix
aroralanuk Sep 5, 2024
44379e1
move to inside
aroralanuk Sep 13, 2024
d680e50
opl2tol1
aroralanuk Sep 16, 2024
ca26e88
arb
aroralanuk Sep 16, 2024
a5c4b62
rm revertWhen_invalidMetadata
aroralanuk Sep 16, 2024
54b4327
msg_value
aroralanuk Sep 16, 2024
66c3bb7
direct call
aroralanuk Sep 16, 2024
e98382d
invalid ism
aroralanuk Sep 16, 2024
56ea53c
no both branch test
aroralanuk Sep 16, 2024
30982d2
unauth hook
aroralanuk Sep 17, 2024
88cb33f
invalid messageId
aroralanuk Sep 17, 2024
baef8ff
5164
aroralanuk Sep 17, 2024
9684835
try catch
aroralanuk Sep 17, 2024
6c31fbf
formatting
aroralanuk Sep 17, 2024
f64611d
opstack
aroralanuk Sep 18, 2024
ac3613e
minor edits
aroralanuk Sep 18, 2024
4d293ea
minor fixes
aroralanuk Sep 18, 2024
fb66306
override inconsistent tests
aroralanuk Sep 18, 2024
13c61fd
Merge branch 'kunal/external-bridge-refactor' into kunal/HL2408-002-fix
aroralanuk Sep 20, 2024
fb089e2
opstack change quote
aroralanuk Sep 20, 2024
c70ac54
Merge branch 'kunal/external-bridge-refactor' into kunal/HL2408-002-fix
aroralanuk Sep 20, 2024
e6c5b10
fix tests
aroralanuk Sep 20, 2024
08dda88
remove reduntant arbitrary call
aroralanuk Sep 20, 2024
37ecb27
rm
aroralanuk Sep 20, 2024
1dd0fc3
changeset
aroralanuk Sep 20, 2024
c99eb24
add verifyMessageId
aroralanuk Sep 20, 2024
97b7bc8
add test
aroralanuk Sep 20, 2024
c6b5f76
Merge branch 'main' into kunal/verify-message-id
aroralanuk Sep 20, 2024
bef3470
add to current value
aroralanuk Sep 20, 2024
541be43
revert
aroralanuk Sep 20, 2024
4233c0a
magic
aroralanuk Sep 20, 2024
41a407d
5164
aroralanuk Sep 20, 2024
5610c33
changeset
aroralanuk Sep 20, 2024
ef780c6
check sufficient fees and return extra
aroralanuk Sep 23, 2024
a6731b0
changeset
aroralanuk Sep 23, 2024
47defbf
Merge branch 'main' into kunal/HL2408-002-fix
aroralanuk Sep 24, 2024
8510b6a
add childhook
aroralanuk Sep 24, 2024
a1a850e
add tests
aroralanuk Sep 24, 2024
7ba121d
inter
aroralanuk Sep 25, 2024
101fe72
Merge branch 'kunal/check-suff-refund-extra' into kunal/verify-messag…
aroralanuk Sep 25, 2024
cc69d2e
hook encode fix
aroralanuk Sep 25, 2024
a0aaf23
add msgvalue to quote
aroralanuk Sep 25, 2024
5d90cfe
Merge branch 'kunal/check-suff-refund-extra' into kunal/verify-messag…
aroralanuk Sep 25, 2024
43eba79
revert
aroralanuk Sep 25, 2024
750d09b
spelling
aroralanuk Sep 26, 2024
5991022
Merge branch 'main' into kunal/HL2408-002-fix
aroralanuk Sep 26, 2024
71d23f4
Merge branch 'kunal/HL2408-002-fix' into kunal/check-suff-refund-extra
aroralanuk Sep 26, 2024
8df9105
rm changeset
aroralanuk Sep 26, 2024
9093369
small
aroralanuk Oct 4, 2024
56c6b1d
fix LZ double refund
aroralanuk Oct 23, 2024
01247ce
Merge branch 'main' into kunal/check-suff-refund-extra
aroralanuk Oct 29, 2024
e16958e
docs(changeset): Checking for sufficient fees in `AbstractMessageIdAu…
aroralanuk Oct 29, 2024
64e7628
rm
aroralanuk Oct 29, 2024
1ed932d
docs(changeset): Checking for sufficient fees in `AbstractMessageIdAu…
aroralanuk Oct 29, 2024
255f598
arb l2->l1 sdk fix
aroralanuk Oct 30, 2024
5edc95a
test1->test4
aroralanuk Oct 31, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/little-gifts-hammer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@hyperlane-xyz/core': minor
---

Checking for sufficient fees in `AbstractMessageIdAuthHook` and refund surplus
2 changes: 1 addition & 1 deletion .changeset/tidy-meals-add.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
"@hyperlane-xyz/utils": patch
'@hyperlane-xyz/utils': patch
---

Filter undefined/null values in invertKeysAndValues function
35 changes: 23 additions & 12 deletions solidity/contracts/hooks/ArbL2ToL1Hook.sol
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,16 @@
@@@@@@@@@ @@@@@@@@*/

// ============ Internal Imports ============
import {Message} from "../libs/Message.sol";
import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
import {AbstractPostDispatchHook} from "./libs/AbstractMessageIdAuthHook.sol";
import {AbstractMessageIdAuthHook} from "./libs/AbstractMessageIdAuthHook.sol";
import {Mailbox} from "../Mailbox.sol";
import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
import {Message} from "../libs/Message.sol";
import {TypeCasts} from "../libs/TypeCasts.sol";
import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
import {MailboxClient} from "../client/MailboxClient.sol";

// ============ External Imports ============
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
import {ArbSys} from "@arbitrum/nitro-contracts/src/precompiles/ArbSys.sol";

/**
Expand All @@ -35,13 +34,14 @@
*/
contract ArbL2ToL1Hook is AbstractMessageIdAuthHook {
using StandardHookMetadata for bytes;
using Message for bytes;

// ============ Constants ============

// precompile contract on L2 for sending messages to L1
ArbSys public immutable arbSys;
// Immutable quote amount
uint256 public immutable GAS_QUOTE;
// child hook to call first
IPostDispatchHook public immutable childHook;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables

// ============ Constructor ============

Expand All @@ -50,30 +50,41 @@
uint32 _destinationDomain,
bytes32 _ism,
address _arbSys,
uint256 _gasQuote
address _childHook
Dismissed Show dismissed Hide dismissed
) AbstractMessageIdAuthHook(_mailbox, _destinationDomain, _ism) {
arbSys = ArbSys(_arbSys);
GAS_QUOTE = _gasQuote;
childHook = AbstractPostDispatchHook(_childHook);
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved
}

/// @inheritdoc IPostDispatchHook
function hookType() external pure override returns (uint8) {
return uint8(IPostDispatchHook.Types.ARB_L2_TO_L1);
}

/// @inheritdoc AbstractPostDispatchHook
function _quoteDispatch(
bytes calldata,
bytes calldata
bytes calldata metadata,
bytes calldata message
) internal view override returns (uint256) {
return GAS_QUOTE;
return
metadata.msgValue(0) + childHook.quoteDispatch(metadata, message);
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved
}

// ============ Internal functions ============

/// @inheritdoc AbstractMessageIdAuthHook
function _sendMessageId(
bytes calldata metadata,
bytes memory payload
bytes calldata message
) internal override {
bytes memory payload = abi.encodeCall(
Dismissed Show dismissed Hide dismissed
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);

childHook.postDispatch{
value: childHook.quoteDispatch(metadata, message)
Dismissed Show dismissed Hide dismissed
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved
}(metadata, message);
arbSys.sendTxToL1{value: metadata.msgValue(0)}(
TypeCasts.bytes32ToAddress(ism),
payload
Expand Down
35 changes: 23 additions & 12 deletions solidity/contracts/hooks/OPL2ToL1Hook.sol
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,13 @@
@@@@@@@@@ @@@@@@@@*/

// ============ Internal Imports ============
import {Message} from "../libs/Message.sol";
import {AbstractPostDispatchHook, AbstractMessageIdAuthHook} from "./libs/AbstractMessageIdAuthHook.sol";
import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
import {TypeCasts} from "../libs/TypeCasts.sol";
import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
import {InterchainGasPaymaster} from "./igp/InterchainGasPaymaster.sol";

// ============ External Imports ============
import {ICrossDomainMessenger} from "../interfaces/optimism/ICrossDomainMessenger.sol";
Expand All @@ -30,13 +33,16 @@
*/
contract OPL2ToL1Hook is AbstractMessageIdAuthHook {
using StandardHookMetadata for bytes;
using Message for bytes;

// ============ Constants ============

// precompile contract on L2 for sending messages to L1
ICrossDomainMessenger public immutable l2Messenger;
// Immutable quote amount
uint32 public immutable GAS_QUOTE;
// child hook to call first
IPostDispatchHook public immutable childHook;
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
// Minimum gas limit that the message can be executed with - OP specific
uint32 public constant MIN_GAS_LIMIT = 300_000;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables

// ============ Constructor ============

Expand All @@ -45,10 +51,10 @@
uint32 _destinationDomain,
bytes32 _ism,
address _l2Messenger,
uint32 _gasQuote
address _childHook
Dismissed Show dismissed Hide dismissed
) AbstractMessageIdAuthHook(_mailbox, _destinationDomain, _ism) {
GAS_QUOTE = _gasQuote;
l2Messenger = ICrossDomainMessenger(_l2Messenger);
childHook = AbstractPostDispatchHook(_childHook);
}

/// @inheritdoc IPostDispatchHook
Expand All @@ -58,27 +64,32 @@

/// @inheritdoc AbstractPostDispatchHook
function _quoteDispatch(
bytes calldata,
bytes calldata
bytes calldata metadata,
bytes calldata message
) internal view override returns (uint256) {
return GAS_QUOTE;
return
metadata.msgValue(0) + childHook.quoteDispatch(metadata, message);
}

// ============ Internal functions ============

/// @inheritdoc AbstractMessageIdAuthHook
function _sendMessageId(
bytes calldata metadata,
bytes memory payload
bytes calldata message
) internal override {
require(
msg.value >= metadata.msgValue(0) + GAS_QUOTE,
"OPL2ToL1Hook: insufficient msg.value"
bytes memory payload = abi.encodeCall(

Check warning

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);

childHook.postDispatch{
value: childHook.quoteDispatch(metadata, message)
Dismissed Show dismissed Hide dismissed
}(metadata, message);
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved
l2Messenger.sendMessage{value: metadata.msgValue(0)}(
TypeCasts.bytes32ToAddress(ism),
payload,
GAS_QUOTE
MIN_GAS_LIMIT
);
}
}
15 changes: 9 additions & 6 deletions solidity/contracts/hooks/OPStackHook.sol
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
import {TypeCasts} from "../libs/TypeCasts.sol";
import {Message} from "../libs/Message.sol";
import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";

// ============ External Imports ============
Expand All @@ -32,6 +33,7 @@
*/
contract OPStackHook is AbstractMessageIdAuthHook {
using StandardHookMetadata for bytes;
using Message for bytes;

// ============ Constants ============

Expand Down Expand Up @@ -60,21 +62,22 @@

// ============ Internal functions ============
function _quoteDispatch(
bytes calldata,
bytes calldata metadata,
bytes calldata
) internal pure override returns (uint256) {
return 0; // gas subsidized by the L2
return metadata.msgValue(0); // gas subsidized by the L2
}

/// @inheritdoc AbstractMessageIdAuthHook
function _sendMessageId(
bytes calldata metadata,
bytes memory payload
bytes calldata message
) internal override {
require(
metadata.msgValue(0) < 2 ** 255,
"OPStackHook: msgValue must be less than 2 ** 255"
bytes memory payload = abi.encodeCall(

Check warning

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);

l1Messenger.sendMessage{value: metadata.msgValue(0)}(
TypeCasts.bytes32ToAddress(ism),
payload,
Expand Down
13 changes: 10 additions & 3 deletions solidity/contracts/hooks/PolygonPosHook.sol
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import {TypeCasts} from "../libs/TypeCasts.sol";
import {Message} from "../libs/Message.sol";
import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";

// ============ External Imports ============
import {FxBaseRootTunnel} from "fx-portal/contracts/tunnel/FxBaseRootTunnel.sol";
Expand All @@ -31,6 +32,7 @@
*/
contract PolygonPosHook is AbstractMessageIdAuthHook, FxBaseRootTunnel {
using StandardHookMetadata for bytes;
using Message for bytes;

// ============ Constructor ============

Expand All @@ -56,22 +58,27 @@

// ============ Internal functions ============
function _quoteDispatch(
bytes calldata,
bytes calldata metadata,
bytes calldata
) internal pure override returns (uint256) {
return 0;
return metadata.msgValue(0);
}

/// @inheritdoc AbstractMessageIdAuthHook
function _sendMessageId(
bytes calldata metadata,
bytes memory payload
bytes calldata message
) internal override {
require(
metadata.msgValue(0) == 0,
"PolygonPosHook: does not support msgValue"
);
require(msg.value == 0, "PolygonPosHook: does not support msgValue");

bytes memory payload = abi.encodeCall(

Check warning

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);
_sendMessageToChild(payload);
}

Expand Down
11 changes: 10 additions & 1 deletion solidity/contracts/hooks/aggregation/ERC5164Hook.sol
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,11 @@

// ============ Internal Imports ============
import {TypeCasts} from "../../libs/TypeCasts.sol";
import {Message} from "../../libs/Message.sol";
import {IPostDispatchHook} from "../../interfaces/hooks/IPostDispatchHook.sol";
import {IMessageDispatcher} from "../../interfaces/hooks/IMessageDispatcher.sol";
import {AbstractMessageIdAuthHook} from "../libs/AbstractMessageIdAuthHook.sol";
import {AbstractMessageIdAuthorizedIsm} from "../../isms/hook/AbstractMessageIdAuthorizedIsm.sol";

// ============ External Imports ============
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
Expand All @@ -28,6 +30,8 @@
* any of the 5164 adapters.
*/
contract ERC5164Hook is AbstractMessageIdAuthHook {
using Message for bytes;

IMessageDispatcher public immutable dispatcher;

constructor(
Expand Down Expand Up @@ -55,9 +59,14 @@
function _sendMessageId(
bytes calldata,
/* metadata */
bytes memory payload
bytes calldata message
) internal override {
require(msg.value == 0, "ERC5164Hook: no value allowed");

bytes memory payload = abi.encodeCall(

Check warning

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);
dispatcher.dispatchMessage(
destinationDomain,
TypeCasts.bytes32ToAddress(ism),
Expand Down
14 changes: 11 additions & 3 deletions solidity/contracts/hooks/layer-zero/LayerZeroV2Hook.sol
aroralanuk marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import {Indexed} from "../../libs/Indexed.sol";
import {IPostDispatchHook} from "../../interfaces/hooks/IPostDispatchHook.sol";
import {AbstractMessageIdAuthHook} from "../libs/AbstractMessageIdAuthHook.sol";
import {AbstractMessageIdAuthorizedIsm} from "../../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
import {StandardHookMetadata} from "../libs/StandardHookMetadata.sol";

struct LayerZeroV2Metadata {
Expand Down Expand Up @@ -55,8 +56,13 @@
/// @inheritdoc AbstractMessageIdAuthHook
function _sendMessageId(
bytes calldata metadata,
bytes memory payload
bytes calldata message
) internal override {
bytes memory payload = abi.encodeCall(

Check warning

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
AbstractMessageIdAuthorizedIsm.verifyMessageId,
message.id()
);

bytes calldata lZMetadata = metadata.getCustomMetadata();
(
uint32 eid,
Expand All @@ -72,7 +78,9 @@
options,
false // payInLzToken
);
lZEndpoint.send{value: msg.value}(msgParams, refundAddress);

uint256 quote = _quoteDispatch(metadata, message);

Check notice

Code scanning / Olympix Integrated Security

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low

Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables
lZEndpoint.send{value: quote}(msgParams, refundAddress);

Check warning

Code scanning / Olympix Integrated Security

Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call Medium

Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call

Check warning

Code scanning / Olympix Integrated Security

Using send() without checking the return value may lead to silent failures of ether transmittal. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unchecked-send Medium

Using send() without checking the return value may lead to silent failures of ether transmittal. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unchecked-send
}

/// @dev payInZRO is hardcoded to false because zro tokens should not be directly accepted
Expand All @@ -96,7 +104,7 @@
message.senderAddress()
);

return msgFee.nativeFee;
return metadata.msgValue(0) + msgFee.nativeFee;
}

/**
Expand Down
Loading
Loading