Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overriding transfer handler #419

Merged
merged 8 commits into from Apr 20, 2023
Merged

Overriding transfer handler #419

merged 8 commits into from Apr 20, 2023

Conversation

0xdcota
Copy link
Contributor

@0xdcota 0xdcota commented Mar 30, 2023

This pull request addresses H-5 of Macro audit report

@0xdcota 0xdcota self-assigned this Mar 30, 2023
@0xdcota 0xdcota changed the base branch from main to protocol/fix/macro-findings-critical-high March 30, 2023 12:22
@0xdcota 0xdcota added Bug Something isn't working Smart Contracts labels Mar 30, 2023
@0xdcota 0xdcota added this to the Fuji-v2 MVP milestone Mar 30, 2023
@0xdcota 0xdcota linked an issue Mar 30, 2023 that may be closed by this pull request
Anyone can override the handler records. #415
Closed
@0xdcota 0xdcota mentioned this pull request Mar 30, 2023
Closed
@pedrovalido pedrovalido self-requested a review April 6, 2023 15:05
@pedrovalido
Copy link
Contributor

Everything looks good. Just had to fix some merge conflicts. Ready to merge now

@pedrovalido pedrovalido merged commit d7fc362 into protocol/fix/macro-findings-critical-high Apr 20, 2023
@pedrovalido pedrovalido deleted the protocol/fix/h-5-overriding-transfer-handler branch April 20, 2023 17:58
0xcuriousapple
0xcuriousapple reviewed May 16, 2023
View reviewed changes
packages/protocol/src/routers/ConnextHandler.sol
@@ -114,8 +131,10 @@ contract ConnextHandler {
external
onlyConnextRouter
{
_failedTxns[transferId] =
FailedTxn(transferId, amount, asset, originSender, originDomain, actions, args);
if (!isTransferIdRecorded(transferId)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing this solves overriding vector, but adds a different attacking vector
now anyone can pre-call xBundle with the given transferId and make the legit recordFail revert

we had mentioned this previously as well
https://www.notion.so/0xmacro/Leads-Questions-on-Router-14d2593767a640258c902031573da7c8?pvs=4#c508aacbca3847aca17a1372879ed074
image

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @abhishekvispute good point, decided to essentially record all attempted transferIds with an increasing nonce.
Please refer to #536.

@0xdcota 0xdcota mentioned this pull request May 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xcuriousapple 0xcuriousapple 0xcuriousapple left review comments

@pedrovalido pedrovalido Awaiting requested review from pedrovalido

Assignees

@0xdcota 0xdcota

Labels
Bug Something isn't working Smart Contracts
Projects
None yet
Milestone
Fuji-v2 MVP
Development

Successfully merging this pull request may close these issues.

Anyone can override the handler records.
3 participants
@0xdcota @pedrovalido @0xcuriousapple