Refactor balance override detection #3239
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sunce86
approved these changes
Jan 17, 2025
squadgazzz
reviewed
Jan 17, 2025
Comment on lines
+66
to
+77
| // For each entry point probe the first n following slots. | ||
| let entry_points = [ | ||
| // solc lays out memory linearly starting at 0 by default | ||
| "0000000000000000000000000000000000000000000000000000000000000000", | ||
| ]; | ||
| for start_slot in entry_points { | ||
| let mut slot = U256::from(start_slot); | ||
| for _ in 0..probing_depth { | ||
| strategies.push(Strategy::SolidityMapping { slot }); | ||
| slot += U256::one(); | ||
| } | ||
| } |
There was a problem hiding this comment.
Why do we need an array for entry_points here?
There was a problem hiding this comment.
It's not needed at the moment but I wanted to make this code easily extensible if we find cases where user defined data sits at a library defined entry point.
Given that this code requires knowledge about a bunch of low level EVM details I wanted to make this as "cookie cutter" as possible.
mstrug
approved these changes
Jan 17, 2025
| writeln!( | ||
| f, | ||
| "quote_autodetect_token_balance_overrides_probing_depth: {:?}", | ||
| quote_autodetect_token_balance_overrides_probing_depth |
There was a problem hiding this comment.
I'm wondering if we need to use debug formatting for ordinary number here?
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
With #3238 merged it now becomes apparent why we have such a poor quote verification ratio on arbitrum. All bridged tokens store their
balancesmapping at storage slot 51.Changes
To avoid having to merge another PR every time we find an important token that requires a deeper probing depth I made the probing depth controllable via a CLI parameter.
While I was at it I did the same for the token cache size (should have been like that from the start given that the change was trivial with the given architecture).
Making the probing depth runtime dependent made using static variables a lot more annoying. Instead I created an
Innerstruct which contains all the static data so now it can be initialized once at runtime without more exotic types likeLazyLockorOnceLock. As long as we ensure that only 1 instance ofDetectorgets created this would be equivalent in terms of memory usage and performance.I also refactored the logic that constructs the strategy list. It should now be dead simple to see what's going on and how to extend it. First we hardcode a list of known non-variable storage slots and afterwards we probe the first N slots starting from known entry points. This is currently just the 0th slot but could theoretically be extended with other relevant slots. Even if it doesn't get extended I think the refactor still makes the code easier.
How to test
e2e tests and units tests still work
also added another unit test for a bridged token on arbitrum