-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improper condition for message validation check in deposit flow #10
Comments
@birchmd I found out why this collision exists in this part of the code. Reference implementation for
but in Engine it is:
|
@birchmd Considering the above - your remark is the place to be. However, with an important note - this is very different from the reference implementation.
Do you mean implement additional functions like:
As for me, it makes more sense to define them as a constant. |
Yes, I was imagining having those various maintenance functions for controlling the known engine contracts. This would let us dynamically keep the connector up to date with new instances of the Aurora Engine. But I understand this also adds complexity to the contract, so it is maybe not worth it and a constant would be better as you suggested. What do you think @joshuajbouw ? Another option is to remove that validation logic entirely, and avoid this problem altogether. In the case that the fee is too large it means the deposit flow will fail to mint tokens to the user on Aurora. Instead the tokens will be left minted with the connector account, which means manual intervention could fix the issue (move the tokens to the right account). But this case should never come up regardless because the rainbow bridge does not use the fee mechanism anyway as far as I remember. |
Thats correct. It technically "does" exist, but was not actually used, and we had to even disable this in the Engine to set it to 0 else relayer could steal. Then simply could just remove this entirely. Would need to triple check with @sept-en though.
Still current running idea is only bridging to Aurora EVM only. A constant is not ok because if we were to deploy this locally for testing you can not update the contract unless you do it in the code itself. Therefore, the best path forward would be to add in the contract address in the config as a new field. |
@birchmd I don't think, we can remove it. I just wanted to remind you, that part of the code checks message correctness. And it's not only about fees.
If after the message verifies in the |
After discussion with @joshuajbouw , the conclusion is:
|
Fixed in #12 |
At the time of writing, the following validation logic exists in the
ft_transfer_call
implementation:https://github.com/aurora-is-near/aurora-eth-connector/blob/ded0cfd6735bdf4a0371a811b5ed7731bdaa072c/eth-connector/src/lib.rs#L175-L183
As I understand it, the purpose of this validation is to prevent sending incorrect data to Aurora Engine's
ft_on_transfer
method in the case that a call to this contract'sdeposit
method is supposed to deliver the ETH to an Aurora account. In that is true then the condition where the validation happens should bewhere
engine_account_id
will need to be a new config field in this contract.I think the reason for this mistake in the code is that when the Connector and Engine were one contract then the
sender_id == receiver_id
did work since it was true thatconnector_account_id == sender_account_id == engine_account_id
.That said, in a world where there is more than one instance of the Aurora Engine contract, and they all share this connector as a source of ETH, then it might be useful to perform this check in case the
receiver_id
is from a set of known engine accounts. For example, it might look something likeThe text was updated successfully, but these errors were encountered: