fail on low

ubiquity · Feb 19, 2024 · 39b4296 · 39b4296
1 parent c668e70
commit 39b4296
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 2 deletions.
diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
@@ -25,7 +25,7 @@ jobs:
       with:
         node-version: 16
         sarif: results.sarif
-        fail-on: all
+        fail-on: low
         target: 'src/'
 
     - name: Upload SARIF file

diff --git a/slither.config.json b/slither.config.json
@@ -0,0 +1,4 @@
+{
+    "filter_paths": "openzeppelin",
+    "detectors_to_exclude": "timestamp"
+}
diff --git a/src/NftReward.sol b/src/NftReward.sol
@@ -152,6 +152,7 @@ contract NftReward is Initializable, ERC721Upgradeable, OwnableUpgradeable, Paus
         // validation
         require(recover(mintRequest, signature) == minter, "Signed not by minter");
         require(msg.sender == mintRequest.beneficiary, "Not eligible");   
+        require(block.timestamp < mintRequest.deadline, "Signature expired");
         require(!nonceRedeemed[mintRequest.nonce], "Already minted");
         require(mintRequest.keys.length == mintRequest.values.length, "Key/value length mismatch");
 

diff --git a/test/NftReward.t.sol b/test/NftReward.t.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.18;
+pragma solidity ^0.8.20;
 
 import {Test, console} from "forge-std/Test.sol";
 import {NftReward} from "../src/NftReward.sol";
@@ -245,6 +245,33 @@ contract NftRewardTest is Test {
         nftReward.safeMint(mintRequest, signature);
     }
 
+    function testSafeMint_ShouldRevert_IfSignatureExpired() public {
+        // prepare arbitrary data keys
+        bytes32[] memory keys = new bytes32[](1);
+        keys[0] = keccak256("GITHUB_ORGANIZATION_NAME"); 
+        // prepare arbitrary data values
+        string[] memory values = new string[](1);
+        values[0] = "ubiquity";
+        // prepare mint request
+        NftReward.MintRequest memory mintRequest = NftReward.MintRequest({
+            beneficiary: user1,
+            deadline: block.timestamp - 1, // set expired signature
+            keys: keys,
+            nonce: 1,
+            values: values
+        });
+        // get mint request digest which should be signed
+        bytes32 digest = nftReward.getMintRequestDigest(mintRequest);
+        // minter signs mint request digest
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(minterPrivateKey, digest);
+        // get minter's signature
+        bytes memory signature = abi.encodePacked(r, s, v);
+
+        vm.prank(user1);
+        vm.expectRevert('Signature expired');
+        nftReward.safeMint(mintRequest, signature);
+    }
+
     function testSafeMint_ShouldRevert_IfNonceAlreadyUsed() public {
         // prepare arbitrary data keys
         bytes32[] memory keys = new bytes32[](1);