Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit(18): Use chain id for replay protection #309

Merged
merged 3 commits into from
Oct 16, 2024
Merged

audit(18): Use chain id for replay protection #309

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e126dba
feat: use chain id in cosignerDigest for replay protection
alanhwu Oct 4, 2024
f218ffa
chore: forge snapshots
alanhwu Oct 4, 2024
c0c13cf
Merge branch 'main' into audit-v3-18
alanhwu Oct 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-BaseExecuteSingleWithFee.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
199140
199172
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteBatch.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
231899
231968
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteBatchMultipleOutputs.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
245748
245818
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteBatchMultipleOutputsDifferentTokens.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
303522
303592
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteBatchNativeOutput.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
225426
225494
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteSingle.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
165523
165555
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteSingleNativeOutput.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
151085
151117
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-ExecuteSingleValidation.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
174834
174866
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-RevertInvalidNonce.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
44158
44191
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-V3-ExclusiveFiller.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
169458
169490
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-V3-InputOverride.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
169539
169571
2 changes: 1 addition & 1 deletion .forge-snapshots/Base-V3DutchOrder-V3-OutputOverride.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
169482
169514
2 changes: 1 addition & 1 deletion .forge-snapshots/V3-DutchDecayBounded.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1206
1193
4 changes: 2 additions & 2 deletions src/lib/V3DutchOrderLib.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ library V3DutchOrderLib {
/// @notice get the digest of the cosigner data
/// @param order the V3DutchOrder
/// @param orderHash the hash of the order
function cosignerDigest(V3DutchOrder memory order, bytes32 orderHash) internal pure returns (bytes32) {
return keccak256(abi.encodePacked(orderHash, abi.encode(order.cosignerData)));
function cosignerDigest(V3DutchOrder memory order, bytes32 orderHash) internal view returns (bytes32) {
return keccak256(abi.encodePacked(orderHash, block.chainid, abi.encode(order.cosignerData)));
}
}
4 changes: 2 additions & 2 deletions test/reactors/V3DutchOrderReactor.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1451,8 +1451,8 @@ contract V3DutchOrderTest is PermitSignature, DeployPermit2, BaseReactorTest {
(order,) = createAndSignDutchOrder(request);
}

function cosignOrder(bytes32 orderHash, CosignerData memory cosignerData) private pure returns (bytes memory sig) {
bytes32 msgHash = keccak256(abi.encodePacked(orderHash, abi.encode(cosignerData)));
function cosignOrder(bytes32 orderHash, CosignerData memory cosignerData) private view returns (bytes memory sig) {
bytes32 msgHash = keccak256(abi.encodePacked(orderHash, block.chainid, abi.encode(cosignerData)));
(uint8 v, bytes32 r, bytes32 s) = vm.sign(cosignerPrivateKey, msgHash);
sig = bytes.concat(r, s, bytes1(v));
}
Expand Down
Loading