-
Notifications
You must be signed in to change notification settings - Fork 86
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <[email protected]>
- Loading branch information
1 parent
52fb413
commit 7109e30
Showing
25 changed files
with
354 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
2.6.0 | ||
2.6.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
use crate::test_utils; | ||
use borsh::BorshSerialize; | ||
|
||
#[test] | ||
fn test_exploit_fix() { | ||
let (mut runner, mut signer, _) = crate::tests::sanity::initialize_transfer(); | ||
|
||
let constructor = test_utils::solidity::ContractConstructor::compile_from_source( | ||
"src/tests/res", | ||
"target/solidity_build", | ||
"echo.sol", | ||
"Echo", | ||
); | ||
|
||
let nonce = signer.use_nonce(); | ||
let contract = runner.deploy_contract( | ||
&signer.secret_key, | ||
|c| c.deploy_without_constructor(nonce.into()), | ||
constructor, | ||
); | ||
|
||
let eth_custodian_address = if cfg!(feature = "mainnet-test") { | ||
"6bfad42cfc4efc96f529d786d643ff4a8b89fa52" | ||
} else if cfg!(feature = "testnet-test") { | ||
"84a82bb39c83989d5dc07e1310281923d2544dc2" | ||
} else { | ||
panic!("This test requires mainnet-test or testnet-test feature enabled.") | ||
}; | ||
let target_address = "1111111122222222333333334444444455555555"; | ||
let amount: u64 = 1_000_000; | ||
let amount_bytes = amount.to_le_bytes(); | ||
let payload = hex::decode(format!( | ||
"000000{}{}{}", | ||
hex::encode(amount_bytes), | ||
target_address, | ||
eth_custodian_address | ||
)) | ||
.unwrap(); | ||
|
||
let tx = contract.call_method_with_args("echo", &[ethabi::Token::Bytes(payload)], nonce.into()); | ||
let sender = test_utils::address_from_secret_key(&signer.secret_key); | ||
let view_call_args = test_utils::as_view_call(tx, sender); | ||
let input = view_call_args.try_to_vec().unwrap(); | ||
|
||
let (_outcome, maybe_error) = runner.one_shot().call("view", "viewer", input); | ||
let error_message = format!("{:?}", maybe_error); | ||
assert!(error_message.contains("ERR_ILLEGAL_RETURN")); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
// SPDX-License-Identifier: GPL-3.0 | ||
|
||
pragma solidity >=0.7.0 <0.9.0; | ||
|
||
contract Echo { | ||
|
||
function echo(bytes memory payload) public pure { | ||
assembly { | ||
let pos := mload(0x40) | ||
|
||
mstore(pos, mload(add(payload, 0x20))) | ||
mstore(add(pos, 0x20), mload(add(payload, 0x40))) | ||
|
||
return(pos, 51) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// SPDX-License-Identifier: MIT | ||
|
||
pragma solidity ^0.8.0; | ||
|
||
contract SelfDestruct { | ||
constructor() payable {} | ||
|
||
function destruct(address benefactor) payable external { | ||
selfdestruct(payable(benefactor)); | ||
} | ||
|
||
} |
Oops, something went wrong.