From 28aa044f54bd0ce3f47cd7167c1b432e618f9968 Mon Sep 17 00:00:00 2001 From: Shahul Hameed <10547529+shahthepro@users.noreply.github.com> Date: Thu, 21 Mar 2024 20:22:04 +0530 Subject: [PATCH] Fix leftovers from audit --- src/handle_provide_parameter.c | 56 +++++++++++++++---- src/plugin.h | 2 + .../.ethereum_application_build_goes_there | 0 3 files changed, 48 insertions(+), 10 deletions(-) delete mode 100644 tests/ethereum_build/.ethereum_application_build_goes_there diff --git a/src/handle_provide_parameter.c b/src/handle_provide_parameter.c index 36284f28..2334d9b3 100644 --- a/src/handle_provide_parameter.c +++ b/src/handle_provide_parameter.c @@ -24,13 +24,21 @@ static void handle_token_sent(ethPluginProvideParameter_t *msg, context_t *conte printf_hex_array("TOKEN SENT: ", ADDRESS_LENGTH, context->contract_address_sent); } -static void handle_token_sent_curve_pool(ethPluginProvideParameter_t *msg, context_t *context) { +static bool handle_token_sent_curve_pool(ethPluginProvideParameter_t *msg, context_t *context) { memset(context->contract_address_sent, 0, sizeof(context->contract_address_sent)); bool is_oeth = memcmp(CURVE_OETH_POOL_ADDRESS, msg->pluginSharedRO->txContent->destination, ADDRESS_LENGTH) == 0; + // Ensure the everything but the last 2 bits are zero + for (uint32_t i = 2; i <= INT128_LENGTH / 2; i++) { + if (U2BE(msg->parameter, PARAMETER_LENGTH - (2 * i)) != 0) { + PRINTF("Unsupported Token\n"); + return false; + } + } + if (is_oeth) { switch (U2BE(msg->parameter, PARAMETER_LENGTH - 2)) { case 0: @@ -41,7 +49,7 @@ static void handle_token_sent_curve_pool(ethPluginProvideParameter_t *msg, conte break; default: PRINTF("Param not supported\n"); - break; + return false; } } else { switch (U2BE(msg->parameter, PARAMETER_LENGTH - 2)) { @@ -59,11 +67,13 @@ static void handle_token_sent_curve_pool(ethPluginProvideParameter_t *msg, conte break; default: PRINTF("Param not supported\n"); - break; + return false; } } printf_hex_array("TOKEN SENT: ", ADDRESS_LENGTH, context->contract_address_sent); + + return true; } static void handle_token_received(ethPluginProvideParameter_t *msg, context_t *context) { @@ -75,13 +85,21 @@ static void handle_token_received(ethPluginProvideParameter_t *msg, context_t *c printf_hex_array("TOKEN RECEIVED: ", ADDRESS_LENGTH, context->contract_address_received); } -static void handle_token_received_curve_pool(ethPluginProvideParameter_t *msg, context_t *context) { +static bool handle_token_received_curve_pool(ethPluginProvideParameter_t *msg, context_t *context) { memset(context->contract_address_received, 0, sizeof(context->contract_address_received)); bool is_oeth = memcmp(CURVE_OETH_POOL_ADDRESS, msg->pluginSharedRO->txContent->destination, ADDRESS_LENGTH) == 0; + // Ensure the everything but the last 2 bits are zero + for (uint32_t i = 2; i <= INT128_LENGTH / 2; i++) { + if (U2BE(msg->parameter, PARAMETER_LENGTH - (2 * i)) != 0) { + PRINTF("Unsupported Token\n"); + return false; + } + } + // determine token addresses of curve pools based on contract address and // value of i/j params if (is_oeth) { @@ -94,6 +112,7 @@ static void handle_token_received_curve_pool(ethPluginProvideParameter_t *msg, c break; default: PRINTF("Param not supported\n"); + return false; break; } } else { @@ -112,10 +131,14 @@ static void handle_token_received_curve_pool(ethPluginProvideParameter_t *msg, c break; default: PRINTF("Param not supported\n"); + return false; break; } } + printf_hex_array("TOKEN RECEIVED: ", ADDRESS_LENGTH, context->contract_address_received); + + return true; } // deposit(uint256,address) @@ -221,12 +244,18 @@ static void handle_vault_redeem(ethPluginProvideParameter_t *msg, context_t *con static void handle_curve_pool_exchange(ethPluginProvideParameter_t *msg, context_t *context) { switch (context->next_param) { case TOKEN_SENT: - handle_token_sent_curve_pool(msg, context); - context->next_param = TOKEN_RECEIVED; + if (handle_token_sent_curve_pool(msg, context)) { + context->next_param = TOKEN_RECEIVED; + } else { + context->next_param = UNEXPECTED_PARAMETER; + } break; case TOKEN_RECEIVED: - handle_token_received_curve_pool(msg, context); - context->next_param = AMOUNT_SENT; + if (handle_token_received_curve_pool(msg, context)) { + context->next_param = AMOUNT_SENT; + } else { + context->next_param = UNEXPECTED_PARAMETER; + } break; case AMOUNT_SENT: handle_amount_sent(msg, context); @@ -250,8 +279,15 @@ static void handle_curve_pool_exchange(ethPluginProvideParameter_t *msg, context static void handle_curve_router_exchange(ethPluginProvideParameter_t *msg, context_t *context) { switch (context->next_param) { case TOKEN_SENT: - handle_token_sent(msg, context); - context->next_param = TOKEN_RECEIVED; + if (memcmp(&msg->parameter[PARAMETER_LENGTH - ADDRESS_LENGTH], + NULL_ETH_ADDRESS, + ADDRESS_LENGTH) == 0) { + // First token in the route cannot be null + msg->result = ETH_PLUGIN_RESULT_ERROR; + } else { + handle_token_sent(msg, context); + context->next_param = TOKEN_RECEIVED; + } break; case TOKEN_RECEIVED: context->counter += 1; diff --git a/src/plugin.h b/src/plugin.h index b5a255df..a23ae44d 100644 --- a/src/plugin.h +++ b/src/plugin.h @@ -141,6 +141,8 @@ typedef enum { #define TOKEN_SENT_FOUND 1 #define TOKEN_RECEIVED_FOUND 1 << 1 +#define INT128_LENGTH 16 + // Number of decimals used when the token wasn't found in the CAL. #define DEFAULT_DECIMAL WEI_TO_ETHER diff --git a/tests/ethereum_build/.ethereum_application_build_goes_there b/tests/ethereum_build/.ethereum_application_build_goes_there deleted file mode 100644 index e69de29b..00000000