fixed potential double spend

kendricktan · Jul 26, 2019 · de022ff · de022ff
1 parent 61901f0
commit de022ff
Show file tree

Hide file tree

Showing 5 changed files with 6,146 additions and 5,289 deletions.
diff --git a/contracts/AltBn128.sol b/contracts/AltBn128.sol
@@ -84,7 +84,8 @@ library AltBn128 {
         }
     }
 
-    // Keep everything contained within this lib
+    /* Helper functions */
+
     function addmodn(uint256 x, uint256 n) public pure
         returns (uint256)
     {
@@ -97,6 +98,12 @@ library AltBn128 {
         return x % N;
     }
 
+    function modp(uint256 x) public pure
+        returns (uint256)
+    {
+        return x % P;
+    }
+
     /*
        Checks if the points x, y exists on alt_bn_128 curve
     */

diff --git a/contracts/Heiswap.sol b/contracts/Heiswap.sol
@@ -118,12 +118,19 @@ contract Heiswap {
     // i.e. there is a ringHash
     function withdraw(
         address payable receiver, uint256 amountEther, uint256 index,
-        uint256 c0, uint256[2] memory keyImage, uint256[] memory s
+        uint256 c0, uint256[2] memory _keyImage, uint256[] memory s
     ) public
     {
         uint i;
         uint256 startGas = gasleft();
 
+        // Prevent double spend attack
+        // https://github.com/kendricktan/heiswap-dapp/issues/17
+        uint256[2] memory keyImage = [
+            AltBn128.modp(_keyImage[0]),
+            AltBn128.modp(_keyImage[1])
+        ];
+
         // Get amount sent in whole number
         uint256 withdrawEther = floorEtherAndCheck(amountEther * 1 ether);