H-01 + double allocation attack preventions

[mgretzke]

Pull Request

Description

• Added the recipient as a part of the transient storage slot where the balances of a user get stored to prevent preparation calls with different recipients to reuse the balance.

• Additionally, this scopes all allocateAndRegister + prepare/executeAllocation calls to the same nonce prefix which prevents an attack like this:

If you do two preparations for the same recipient, but with different callers, they will receive independent nonces. This is because nonces for all allocations where a recipient has no control over, are scoped to the caller to not allow burning valid nonces of recipients.
To also receive an individual identifier slot where that nonce is stored, you could provide an additional id in the idsAndAmounts input. This will lead to the identifier hash to be different, therefore these independent nonces get stored in different transient storage slots.
Now you could deposit the amount of your choosing once, and register the two claimHashes fitting the allocations.
If you then also call execution multiple times again from the same different callers as the prepareAllocation calls, you are able to reuse that balance change over and over again (even if the balance is scoped to the recipient).

An example of how this previously worked can be found here:

sc-allocators/test/OnChainAllocator.t.sol

Line 903 in cc69621

function test_executeAllocation_success_multiplePreparations_MALICIOUS() public {