Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parent and child insurance stubs #272

Merged
merged 2 commits into from
Dec 4, 2024
Merged

parent and child insurance stubs #272

merged 2 commits into from
Dec 4, 2024

Conversation

godzillaba
Copy link
Contributor

No description provided.

@cla-bot cla-bot bot added the s label Dec 4, 2024
srya-b
srya-b reviewed Dec 4, 2024
View reviewed changes
src/insurance/Parent.sol
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the assumption that the signedCommitment in buy also encodes the values being committed to alongside the commitment + signature?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, just pushed up a commit that includes those. the entire struct SequencerCommitment is signed over

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 4, 2024
View reviewed changes
src/insurance/Parent.sol
address public immutable childChainContract;

// D
uint256 public depositedAmount;

Check failure

Code scanning / Slither

Uninitialized state variables High

Parent.depositedAmount is never initialized. It is used in:
- Parent.buy(uint256,Parent.SequencerCommitment,bytes,Parent.RetryableParams)
src/insurance/Parent.sol
Comment on lines +73 to +125
function buy(
uint256 minSatisfied,
SequencerCommitment calldata commitment,
bytes calldata signature,
RetryableParams calldata retryableParams
) public payable {
// require depositAmount - insuranceSold + minSatisfied >= insuranceAmount
// put this check first because it's the mosy likely to fail without user error
require(depositedAmount - insuranceSold + minSatisfied >= commitment.insuranceAmount, "potential undercollateralization");

// verify the signature
require(isValidSignature(commitment, signature), "invalid signature");

// require msg.value == insuranceCost + retryableCost
uint256 retryableCost = retryableParams.maxSubmissionCost + retryableParams.gasLimit * retryableParams.gasPrice;
require(msg.value == retryableCost + commitment.insuranceCost, "invalid value");

// require !hasUsedCommitment(commitment)
require(!hasUsedCommitment(commitment), "commitment already used");

// increment insuranceSold by amount
insuranceSold += commitment.insuranceAmount;

// mark commitment as used
usedCommitments[hashCommitment(commitment)] = true;

// build calldata for child contract
bytes memory data = abi.encodeCall(
Child.commit,
(
sequenceNumber,
commitment.beneficiary,
commitment.insuranceAmount,
commitment.blockNum,
commitment.blockHash
)
);

// create a retryable to hit the child contract settle function, sending msg.value
inbox.createRetryableTicket{value: msg.value}({
to: childChainContract,
l2CallValue: commitment.insuranceCost,
maxSubmissionCost: retryableParams.maxSubmissionCost,
excessFeeRefundAddress: msg.sender,
callValueRefundAddress: msg.sender,
gasLimit: retryableParams.gasLimit,
maxFeePerGas: retryableParams.gasPrice,
data: data
});

// increment seqNum
sequenceNumber++;
}
src/insurance/Parent.sol
Comment on lines +73 to +125
function buy(
uint256 minSatisfied,
SequencerCommitment calldata commitment,
bytes calldata signature,
RetryableParams calldata retryableParams
) public payable {
// require depositAmount - insuranceSold + minSatisfied >= insuranceAmount
// put this check first because it's the mosy likely to fail without user error
require(depositedAmount - insuranceSold + minSatisfied >= commitment.insuranceAmount, "potential undercollateralization");

// verify the signature
require(isValidSignature(commitment, signature), "invalid signature");

// require msg.value == insuranceCost + retryableCost
uint256 retryableCost = retryableParams.maxSubmissionCost + retryableParams.gasLimit * retryableParams.gasPrice;
require(msg.value == retryableCost + commitment.insuranceCost, "invalid value");

// require !hasUsedCommitment(commitment)
require(!hasUsedCommitment(commitment), "commitment already used");

// increment insuranceSold by amount
insuranceSold += commitment.insuranceAmount;

// mark commitment as used
usedCommitments[hashCommitment(commitment)] = true;

// build calldata for child contract
bytes memory data = abi.encodeCall(
Child.commit,
(
sequenceNumber,
commitment.beneficiary,
commitment.insuranceAmount,
commitment.blockNum,
commitment.blockHash
)
);

// create a retryable to hit the child contract settle function, sending msg.value
inbox.createRetryableTicket{value: msg.value}({
to: childChainContract,
l2CallValue: commitment.insuranceCost,
maxSubmissionCost: retryableParams.maxSubmissionCost,
excessFeeRefundAddress: msg.sender,
callValueRefundAddress: msg.sender,
gasLimit: retryableParams.gasLimit,
maxFeePerGas: retryableParams.gasPrice,
data: data
});

// increment seqNum
sequenceNumber++;
}
@godzillaba godzillaba marked this pull request as ready for review December 4, 2024 17:47
@godzillaba godzillaba merged commit 0c5b441 into devjam-interop Dec 4, 2024
4 of 13 checks passed
@godzillaba godzillaba deleted the devjam-henry-child-insurance branch December 4, 2024 17:47
@godzillaba godzillaba restored the devjam-henry-child-insurance branch December 4, 2024 17:47
@godzillaba godzillaba deleted the devjam-henry-child-insurance branch December 4, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srya-b srya-b srya-b approved these changes

Assignees
No one assigned
Labels
s
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@godzillaba @srya-b