Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(contracts): OZ-L1-M01 Enforced Transactions Signed Off-Chain Are Likely to Fail #620

Merged
merged 6 commits into from Jul 20, 2023
Merged

fix(contracts): OZ-L1-M01 Enforced Transactions Signed Off-Chain Are Likely to Fail #620

merged 6 commits into from Jul 20, 2023

Conversation

zimpha
Copy link
Member

@zimpha zimpha commented Jul 6, 2023

Purpose or design rationale of this PR

This PR fix the bug (M-01 Enforced Transactions Signed Off-Chain Are Likely to Fail) reported by OpenZeppelin. The following are the details:

The EnforcedTxGateway contract allows users to sign a transaction hash that authorizes an L1 to L2 transaction. During the verification of the signature, the signed hash is computed given the sendTransaction function parameters, except for the _queueIndex value, which is fetched as the supposedly following index from the message queue.

Timing this queue index during signing becomes challenging considering the following scenario:

  1. User A signs the transaction off-chain for index i .
  2. User B queues a transaction unrelated to A, thereby incrementing the queue index to
    i+1.
  3. User C tries to submit user A's transaction, which reverts due to the mismatching queue
    indices.

Depending on the activity of the messenger contract and the delay between users A and C, it is likely that this call reverts.

Consider repurposing the queue index to a nonce that is signed as part of the transaction hash by taking it as an additional function parameter. The replayability must therefore be prevented by keeping track of used transaction hashes in a mapping. Also, consider adding an expiration timestamp and chain id to the message such that signed messages are not indefinitely valid and are chain dependent. Otherwise, a signature can be reused for a rollup that follows the same message format and is signed by the same user. It's important to note that the transaction hash should not be constructed over the signature when an OpenZeppelin library version lower than 4.7.3 is used, due to a signature malleability issue.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • build: Changes that affect the build system or external dependencies (example scopes: yarn, eslint, typescript)
  • ci: Changes to our CI configuration files and scripts (example scopes: vercel, github, cypress)
  • docs: Documentation-only changes
  • feat: A new feature
  • fix: A bug fix
  • perf: A code change that improves performance
  • refactor: A code change that doesn't fix a bug, or add a feature, or improves performance
  • style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
  • test: Adding missing tests or correcting existing tests

Deployment tag versioning

Has tag in common/version.go been updated?

  • No, this PR doesn't involve a new deployment, git tag, docker image tag
  • Yes

Breaking change label

Does this PR have the breaking-change label?

  • No, this PR is not a breaking change
  • Yes

@zimpha zimpha self-assigned this Jul 6, 2023
@github-actions
Copy link

github-actions bot commented Jul 6, 2023
edited

LCOV of commit eeb20be during Contracts #1134

Summary coverage rate:
  lines......: 51.3% (894 of 1744 lines)
  functions..: 67.9% (203 of 299 functions)
  branches...: no data found

Files changed coverage rate: n/a

@zimpha zimpha added the bug Something isn't working label Jul 6, 2023
Thegaram
Thegaram previously approved these changes Jul 7, 2023
View reviewed changes
contracts/src/L1/gateways/EnforcedTxGateway.sol Outdated Show resolved Hide resolved
contracts/src/L1/gateways/EnforcedTxGateway.sol Outdated Show resolved Hide resolved
contracts/integration-test/EnforcedTxGateway.spec.ts Outdated Show resolved Hide resolved
iczc
iczc previously approved these changes Jul 7, 2023
View reviewed changes
@zimpha zimpha dismissed stale reviews from iczc and Thegaram via 4da1ad9 July 10, 2023 05:32
Thegaram
Thegaram previously approved these changes Jul 10, 2023
View reviewed changes
iczc
iczc previously approved these changes Jul 13, 2023
View reviewed changes
@zimpha zimpha dismissed stale reviews from iczc and Thegaram via 489ff19 July 20, 2023 09:07
@HAOYUatHZ HAOYUatHZ merged commit af6d812 into develop Jul 20, 2023
3 checks passed
@HAOYUatHZ HAOYUatHZ deleted the fix/enforced_transactions_signed_offchain_are_likely_to_fail branch July 20, 2023 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iczc iczc iczc approved these changes

@Thegaram Thegaram Thegaram left review comments

@HAOYUatHZ HAOYUatHZ Awaiting requested review from HAOYUatHZ

@icemelon icemelon Awaiting requested review from icemelon

Assignees

@zimpha zimpha

Labels
breaking-change bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@zimpha @Thegaram @iczc @HAOYUatHZ