Skip to content

improve: Add appliedRelayerFeePct to FillRelay event #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 11, 2022
Merged

improve: Add appliedRelayerFeePct to FillRelay event #133

merged 9 commits into from
Apr 11, 2022

Conversation

@nicholaspai
Copy link
Member

@nicholaspai nicholaspai commented Apr 8, 2022

Emitting both the original and the updated relayerFeePct allows off-chain clients to distinguish between correctly and incorrectly sped up fillRelay calls with updated relayer fee %'s. Currently, the client has no way to determine if a FillRelay event emitted by a speed up relay (i.e. calling fillRelayWithUpdatedFee) was a valid fill or not.

The current exploit would be to call fillRelay for a deposit with ALL of the correct params except for relayerFeePct, which the attacker would set to something lower than expected like 0. Clients would not be able to easily detect if this modified relayerFeePct=0 came from a correct fillRelayWithUpdatedFee call.

nicholaspai
nicholaspai commented Apr 8, 2022
View reviewed changes
contracts/SpokePool.sol
bool isSlowRelay
) internal {
emit FilledRelay(
relayHash,
Copy link
Member Author

@nicholaspai nicholaspai Apr 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this to get around a stack too deep error but also realized we don't use relayHash in the current client code so its a reasonable delete

@nicholaspai
Copy link
Member Author

nicholaspai commented Apr 8, 2022

Note, this PR will require changing the Fill object interface in relayer-v2/interfaces/SpokePool and adding a test that valid speed up fills are included in fillsToRefund while invalid fill calls with all matching params except for the relayerFeePct are ignored.

@nicholaspai nicholaspai merged commit b6cb150 into master Apr 11, 2022
@nicholaspai nicholaspai deleted the npai/fill-relay-event branch April 11, 2022 14:41
@chrismaree chrismaree mentioned this pull request Apr 20, 2022
Merged
This was referenced May 3, 2022
Merged
Merged
Merged
@chrismaree chrismaree mentioned this pull request May 10, 2022
Merged
This was referenced May 17, 2022
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrice32 mrice32 mrice32 approved these changes

@chrismaree chrismaree Awaiting requested review from chrismaree

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nicholaspai @mrice32 @chrismaree