fix/remediations

bcnmy · Nov 29, 2023 · edc9e84 · edc9e84
1 parent 6185ccf
commit edc9e84
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/contracts/common/Errors.sol b/contracts/common/Errors.sol
@@ -20,6 +20,16 @@ contract SponsorshipPaymasterErrors {
      */
     error VerifyingSignerCannotBeZero();
 
+    /**
+     * @notice Throws when the paymaster id provided is a deployed contract   
+     */
+    error PaymasterIdCannotBeContract();
+
+    /**
+     * @notice Throws when the fee collector address provided is a deployed contract
+     */
+    error FeeCollectorCannotBeContract();
+
     /**
      * @notice Throws when the fee collector address provided is address(0)
      */

diff --git a/contracts/sponsorship/SponsorshipPaymaster.sol b/contracts/sponsorship/SponsorshipPaymaster.sol
@@ -72,11 +72,10 @@ contract SponsorshipPaymaster is
      * @param paymasterId dapp identifier for which deposit is being made
      */
     function depositFor(address paymasterId) external payable nonReentrant {
+        if(isContract(paymasterId)) revert PaymasterIdCannotBeContract();
         if (paymasterId == address(0)) revert PaymasterIdCannotBeZero();
         if (msg.value == 0) revert DepositCanNotBeZero();
-        paymasterIdBalances[paymasterId] =
-            paymasterIdBalances[paymasterId] +
-            msg.value;
+        paymasterIdBalances[paymasterId] += msg.value;
         entryPoint.depositTo{value: msg.value}(address(this));
         emit GasDeposited(paymasterId, msg.value);
     }
@@ -110,6 +109,7 @@ contract SponsorshipPaymaster is
     function setFeeCollector(
         address _newFeeCollector
     ) external payable onlyOwner {
+        if(isContract(_newFeeCollector)) revert FeeCollectorCannotBeContract();
         if (_newFeeCollector == address(0)) revert FeeCollectorCannotBeZero();
         address oldFeeCollector = feeCollector;
         assembly {
@@ -324,7 +324,6 @@ contract SponsorshipPaymaster is
         require(priceMarkup <= 2e6, "Verifying PM:high markup %");
 
         uint32 dynamicMarkup = MathLib.maxuint32(priceMarkup, fixedPriceMarkup);
-        require(dynamicMarkup >= 1e6, "Verifying PM:low markup %");
 
         uint256 effectiveCost = (requiredPreFund * dynamicMarkup) /
             PRICE_DENOMINATOR;
@@ -361,4 +360,19 @@ contract SponsorshipPaymaster is
                 maxPriorityFeePerGas + block.basefee
             );
     }
+
+     /**
+     * @notice Will return true if provided address is a contract
+     * @param account Address to verify if contract or not
+     * @dev This contract will return false if called within the constructor of
+     *      a contract's deployment, as the code is not yet stored on-chain.
+     */
+    function isContract(address account) internal view returns (bool) {
+        uint256 csize;
+        // solhint-disable-next-line no-inline-assembly
+        assembly {
+            csize := extcodesize(account)
+        }
+        return csize != 0;
+    }
 }