Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: missing cross-chain validation #3455

Closed
LHerskind opened this issue Nov 28, 2023 · 0 comments · Fixed by #3457
Closed

fix: missing cross-chain validation #3455

LHerskind opened this issue Nov 28, 2023 · 0 comments · Fixed by #3457
Assignees
@LHerskind

Comments

@LHerskind
Copy link
Contributor

The process_l1_to_l2 function that is in aztec-nr don't fully validate the message, it don't check that:

  • portal address
  • chain id
  • version
    Matches. Thereby allowing you to send messages to contracts without proper validation, meaning you can practically infinite mint using any portal on L1 as your sender as long as the format is correct. Chain id and version should also be checked for good measure to handle multi-chain and upgrades.
@LHerskind LHerskind self-assigned this Nov 28, 2023
@LHerskind LHerskind mentioned this issue Nov 28, 2023
Merged
4 tasks
LHerskind added a commit that referenced this issue Nov 29, 2023
@LHerskind
fix: check version, chainid and sender for cross-chain l1 to l2 msgs (#…
d251703 
…3457)

Fixes #3455 by also checking the portal address, version and chainid.
Needed updates in the tests to pass the additional tests.

Existing tests generally seem to be very heavily focused on happy paths,
we need to do something there.

Also ran `nargo fmt`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LHerskind LHerskind

Labels
None yet
Projects
A3
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: check version, chainid and sender for cross-chain l1 to l2 msgs AztecProtocol/aztec-packages
1 participant
@LHerskind