Releases: SocketDotTech/socket-DL
Hing
This release addresses second batch of issues reported during surge.
It also adds support to send some native tokens to the destination plug along with messages.
registerSwitchBoard griefing
registerSwitchBoard needs to be permissionless at socket level for people to code their own security.
Having it fully open made griefing attacks possible as mentioned in the report.
Changing it to allow switchboards to only register themselves.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/grief.md
Fixes
Arbitrum Native refund addresses
Owner used to control the refund addresses passed to arbitrum native bridge from switchboard.
This discouraged other actors from initiating native confirmation.
Changed to take these addresses as input.
Reports
https://gist.github.com/abhishekvispute/29888273797c761b1249fa4caed517fc
Fixes
Insufficient packet <> message source check
The source chain slug recovered from packetId and one from messageId were not compared while execution.
This allowed the transmitter to forge packets to appear from one chain and message to appear from other.
This resulted in wrong source check on switchboard and message could be executed after timeout.
Added the check so that both packet and message have to be from same source chain.
If transmitters try to forge packets now, either switchboards catch them via trip action or source check fails on execution.
Reports
https://gist.github.com/sujithsomraaj/af2867cad6b13330433c029a6d000570
Fixes
Missed address addition to digests
Contract addresses were added to most digests in last release to guard against signature replay across socket version.
They were missed in few places. Added.
Few other review comments were also fixed.
Reports
https://gist.github.com/abhishekvispute/6f6f32094657e377d8d3ee1e63d2f263
Fixes
Send Native tokens along with message
Added support for plugs to send source native tokens and receive destination native tokens when message is delivered.
Introduced a param to pass such extra data. Which does not need verification as base socket.
Data is passed to execution manager to decode and handle.
Currently this extraData is either used to send native tokens or to do nothing.
Reports
Fixes
Garam Masala
This release addresses the security issues reported during Surge.
Master PR
#218
Convert all roles and signature identifiers to use hashes instead of strings.
It was reported that role checks were inconsistent and strings were used in lot of places.
All converted to hashes.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/rolehash.md
https://gist.github.com/jonatascm/9b6e4eb7530dd9b324ca2af8477ec63d
https://gist.github.com/bytes032/2c528bb635cb63b6584d67fdb31af21b
Fixes
Proper type for chainSlug, packetCount and capacitorType
chainSlug, packetCount and capacitorType had inconsistent types.
All converted to single type in codebase.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/slugsize.md
Fixes
Signature relay across socket version
Signatures from one socket deployment could be replayed on other future deployments.
Fixed by adding contract address to the contract where possible.
Seal and Propose are handled by adding version since they are assumed to operate using same signature.
Reports
https://gist.github.com/abhishekvispute/19fdbf2efa1e648be53b8b5de45fa506
Fixes
Rescue funds lib
Rescue funds lib had buggy handling of safeTransfer lib and ether transfers.
Reports
https://gist.github.com/GalloDaSballo/5456459835e4e2414002d52274174fa5
https://gist.github.com/bytes032/1730cdcdc720d09cbe6121c6f60e0a5f
https://gist.github.com/bytes032/8964fe66f837eadfeb8eb589d4702e95
https://gist.github.com/bytes032/161089af6b155237f266672f79c02bc9
https://github.com/gpersoon/SocketSurge/blob/main/amount.md
https://github.com/gpersoon/SocketSurge/blob/main/rescue.md
Fixes
Polygon receive packet check
Polygon receive packet function had improper check allowing anyone to attest arbitrary packets.
Reports
https://gist.github.com/bytes032/07ca09305cb14d663c5b7efd5f6a92a7
Fixes
Owner can manipulate totalWatchers on switchboard
Switchboard owner could make the totalWatchers variable inconsistent and cause packets to be confirmed with less security.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/owner.md
Fixes
Change switchboard by reentering from outbound
If the plug reenters socket and changes switchboard mid outbound call, they can get away with paying less fees.
Addressed by making storing PlugConfig in memory. Also move untrusted switchboard call to end.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/reenter.md
Fixes
Link messageId to destinationPlug
Link mesageId to its destination so that spoofing/blocking is not possible by other plugs.
Reports
https://gist.github.com/sujithsomraaj/7413f77603db2851834ee2520c3eb976
Fixes
onlyRemoteSwitchboard check on OptimismSwitchboard
Buggy check allowed for anyone to attest arbitrary packets on optimism native switchboard.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/andor.md
Fixes
packetId checks in execute
Insufficient checks on packet while executing allowed protocol to reach undesireable states.
Reports
https://gist.github.com/sujithsomraaj/147eb318e72f230532d9bbfdb0ffacc2
https://github.com/gpersoon/SocketSurge/blob/main/allow.md
https://github.com/gpersoon/SocketSurge/blob/main/decap.md
Fixes
Watchers can attest packets of other chains.
Buggy check on attest of FastSwitchboard allowed watcher of one source chain to attest packet of other source chains.
Addressed by removing srcChainSlug from input and use it from packetId.
Fixes
Similar signature of propose and setSourceGasPrice.
These functions had similar signature params, could be relayed in very off cases.
Fee mechanism is changed but addressed by adding sig identifier salts to signature.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/replay.md
Change fee mechanism
Fees of L2s become very difficult to handle under single umbrella of gasPrice and gasLimit.
Changed to set fully calculated fees by handling the complexity off chain.
Fixes
Fingerroot
Merge pull request #168 from SocketDotTech/contract/natspecs docs: contract natspecs