Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit fixes #167

Merged
merged 7 commits into from
Dec 30, 2024
Merged

Audit fixes #167

merged 7 commits into from
Dec 30, 2024

Conversation

kiseln
Copy link
Contributor

@kiseln kiseln commented Dec 25, 2024
edited
Loading

@kiseln kiseln requested review from olga24912 and karim-en December 25, 2024 09:42
olga24912
olga24912 approved these changes Dec 25, 2024
View reviewed changes
evm/src/omni-bridge/contracts/OmniBridge.sol Outdated
uint256 extensionValue;
if (msg.value != valueRequired(tokenAddress, amount, nativeFee)) {
revert InvalidValue();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was mostly thinking about just checking in the original initTransferExtension that extensionValue = 0. But overall, I think this works too.

Although this results in an extra call to Wormhole, even though that check is already performed internally.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, what about regular fee? I thought that we need to check it as well, but valueRequired doesn't consider it. Also, for Sepolia chains messageFee is 0, but for other chains user might pay for it and then msg.value would be greater than a value calculated by valueRequired

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fee refers to tokens, never Ether. valueRequired is a virtual function, and it’s calculated correctly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah so for wormhole it is already checked when sending a message? Then I'd probably just check for Ethereum version like you say

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep this perhaps in order not to rely on wormhole

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding checks for value == 0 in the default initTransferExtension should be enough

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aa36c00

@kiseln kiseln requested a review from olga24912 December 26, 2024 15:31
karim-en
karim-en requested changes Dec 27, 2024
View reviewed changes
evm/src/omni-bridge/contracts/OmniBridge.sol Outdated
uint256 extensionValue;
if (msg.value != valueRequired(tokenAddress, amount, nativeFee)) {
revert InvalidValue();
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding checks for value == 0 in the default initTransferExtension should be enough

@karim-en karim-en merged commit 796772c into main Dec 30, 2024
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frolvanya frolvanya frolvanya left review comments

@olga24912 olga24912 olga24912 approved these changes

@karim-en karim-en karim-en approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kiseln @olga24912 @karim-en @frolvanya