Skip to content

fix: [L02] prevent locking in the case of misparameterization #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 19, 2022
Merged

fix: [L02] prevent locking in the case of misparameterization #142

merged 5 commits into from
Apr 19, 2022

Conversation

@mrice32
Copy link
Contributor

@mrice32 mrice32 commented Apr 15, 2022
edited
Loading

This addresses two potential cases where tokens get locked:

  1. A caller incorrectly sets isWrappedMatic to false, but provides the wMatic token address.
  2. ERC20 tokens are erroneously transferred to the contract.

In both cases, this ensures that the tokens make it to the HubPool contract.

@mrice32
fix: prevent locking when send is misparameterized
2caa9a9 
Signed-off-by: Matt Rice <matthewcrice32@gmail.com>
@nicholaspai
Copy link
Member

nicholaspai commented Apr 15, 2022

Can you explain the failure case this addresses?

@mrice32
Copy link
Contributor Author

mrice32 commented Apr 15, 2022
edited
Loading

Can you explain the failure case this addresses?

@nicholaspai great point. Added a description that describes this. PTAL.

chrismaree
chrismaree reviewed Apr 18, 2022
View reviewed changes
contracts/PolygonTokenBridger.sol Outdated
Comment on lines 94 to 97
if (isWrappedMatic) {
uint256 balance = address(this).balance;
maticToken.withdraw{ value: balance }(balance);
}
Copy link
Member

@chrismaree chrismaree Apr 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: does this need to be a separate state variable? could it not be:

Suggested change
if (isWrappedMatic) {
uint256 balance = address(this).balance;
maticToken.withdraw{ value: balance }(balance);
}
if (isWrappedMatic) maticToken.withdraw{ value: address(this).balance }(balance);

Copy link
Member

@nicholaspai nicholaspai Apr 18, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems reasonable and saves an MSTORE right?

Copy link
Contributor Author

@mrice32 mrice32 Apr 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the above works, since balance doesn't exist. Maybe you meant:

if (isWrappedMatic) maticToken.withdraw{ value: address(this).balance }(address(this).balance);

?

We could do that. I'm not sure it would be cheaper, but that might not matter since this is on polygon and the call is already pretty cheap.

Copy link
Contributor Author

@mrice32 mrice32 Apr 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Member

@chrismaree chrismaree Apr 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ye, sorry. it's hard to structure feedback in these comments with the proposed blocks. what you did is what I had intended.

mrice32 added 2 commits April 19, 2022 19:08
@mrice32
remove boolean
63e8399 
Signed-off-by: Matt Rice <matthewcrice32@gmail.com>
@mrice32
WIP
61b7dce 
Signed-off-by: Matt Rice <matthewcrice32@gmail.com>
@mrice32 mrice32 requested a review from chrismaree April 19, 2022 23:30
@mrice32
WIP
f916383 
Signed-off-by: Matt Rice <matthewcrice32@gmail.com>
@mrice32 mrice32 added the OZ Audit - March Resolves issue discovered in March 2022 OZ Audit label Apr 19, 2022
nicholaspai
nicholaspai approved these changes Apr 19, 2022
View reviewed changes
Copy link
Member

@nicholaspai nicholaspai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice and clean, LGTM

@mrice32 mrice32 merged commit 9619b34 into master Apr 19, 2022
@mrice32 mrice32 deleted the locking branch April 19, 2022 23:53
This was referenced May 3, 2022
Merged
Merged
Merged
@chrismaree chrismaree mentioned this pull request May 10, 2022
Merged
This was referenced May 17, 2022
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicholaspai nicholaspai nicholaspai approved these changes

@chrismaree chrismaree Awaiting requested review from chrismaree

Assignees

No one assigned

Labels

OZ Audit - March Resolves issue discovered in March 2022 OZ Audit

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mrice32 @nicholaspai @chrismaree