-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(contracts): add msg.Value
to verifyMessageId
#4541
Conversation
🦋 Changeset detectedLatest commit: f4f638e The changes in this PR will be included in the next version bump. This PR includes changesets to release 9 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
// child hook to call first | ||
AbstractPostDispatchHook public immutable childHook; | ||
// Minimum gas limit that the message can be executed with - OP specific | ||
uint32 public constant MIN_GAS_LIMIT = 300_000; |
Check warning
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
msg.Value
instead of updatemsg.Value
to verifyMessageId
solidity/contracts/isms/hook/AbstractMessageIdAuthorizedIsm.sol
Outdated
Show resolved
Hide resolved
solidity/contracts/isms/hook/AbstractMessageIdAuthorizedIsm.sol
Outdated
Show resolved
Hide resolved
@@ -44,6 +44,10 @@ | |||
// arbitrum nitro contract on L1 to forward verification | |||
IOutbox public arbOutbox; | |||
|
|||
uint256 private constant DATA_LENGTH = 68; |
Check warning
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
@@ -44,6 +44,10 @@ | |||
// arbitrum nitro contract on L1 to forward verification | |||
IOutbox public arbOutbox; | |||
|
|||
uint256 private constant DATA_LENGTH = 68; | |||
|
|||
uint256 private constant MESSAGE_ID_END = 36; |
Check warning
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
@@ -53,7 +53,7 @@ | |||
// ============ Events ============ | |||
|
|||
/// @notice Emitted when a message is received from the external bridge | |||
event ReceivedMessage(bytes32 indexed messageId); | |||
event ReceivedMessage(bytes32 indexed messageId, uint256 msgValue); |
Check warning
Code scanning / Olympix Integrated Security
Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion Medium
msg.value < 2 ** VERIFIED_MASK_INDEX && msg.value == msgValue, | ||
"AbstractMessageIdAuthorizedIsm: invalid msg.value" | ||
); | ||
require( |
Check warning
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
// this data is an abi encoded call of verifyMessageId(bytes32 messageId) | ||
require(data.length == 36, "ArbL2ToL1Ism: invalid data length"); | ||
// this data is an abi encoded call of preVerifyMessage(bytes32 messageId) | ||
require( |
Check warning
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
* @dev _message will be 36 bytes (4 bytes for function selector, and 32 bytes for messageId) | ||
*/ | ||
function _messageId( | ||
bytes calldata _message | ||
) internal pure returns (bytes32) { | ||
return bytes32(_message[FUNC_SELECTOR_OFFSET:]); | ||
return bytes32(_message[FUNC_SELECTOR_OFFSET:ORIGIN_SENDER_OFFSET]); |
Check notice
Code scanning / Olympix Integrated Security
Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast Low
function _msgValue( | ||
bytes calldata _message | ||
) internal pure returns (uint256) { | ||
return uint256(bytes32(_message[ORIGIN_SENDER_OFFSET:])); |
Check notice
Code scanning / Olympix Integrated Security
Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast Low
Description
Drive-by changes
Related issues
Backward compatibility
Yes
Testing
Unit tests