Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: prevent validator signatures before latest proposed retrieval #163

Merged
merged 5 commits into from
Apr 11, 2024
Merged

fix: prevent validator signatures before latest proposed retrieval #163

merged 5 commits into from
Apr 11, 2024

Conversation

deluca-mike
Copy link
Collaborator

@deluca-mike deluca-mike commented Apr 4, 2024
edited by PierrickGT
Loading

@deluca-mike deluca-mike added the bug Something isn't working label Apr 4, 2024
@deluca-mike deluca-mike self-assigned this Apr 4, 2024
@deluca-mike deluca-mike changed the title fix: prevent obsolete signature use fix: prevent obsolete validator attestation use Apr 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024
edited
Loading

Changes to gas cost

Generated at commit: c0b128ec79d2e9e2c76edab9ac9f026869a3bda9, compared to commit: 65d60811ce46e9f5d31fd83690eb29df76eab0f8

🧾 Summary (20% most significant diffs)

Contract Method Avg (+/-) %
MinterGatewayHarness internalCollateralOf
isActiveMinter
minterFreezeTime
penalizedUntilOf
rate
rateModel
updateCollateral		 -44 ✅
-44 ✅
+87 ❌
-44 ✅
+88 ❌
+67 ❌
+27,323 ❌		 -5.91%
-6.24%
+6.85%
-6.02%
+4.76%
+5.47%
+24.69%
MinterGateway isDeactivatedMinter -66 ✅ -9.52%
Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
MinterGatewayHarness 4,084,980 (+107,159) activateMinter
activeOwedMOf
burnM
cancelMint
collateralOf
collateralPenaltyDeadlineOf
currentIndex
deactivateMinter
freezeMinter
getPenaltyForMissedCollateralUpdates
getUpdateCollateralDigest
inactiveOwedMOf
internalCollateralOf
isActiveMinter
isDeactivatedMinter
isFrozenMinter
isMinterApproved
isValidatorApprovedByTTG
latestIndex
maxAllowedActiveOwedMOf
mintDelay
mintM
mintNonce
mintProposalOf
mintRatio
minterFreezeTime
minterRate
penalizedUntilOf
penaltyRate
pendingCollateralRetrievalOf
principalOfTotalActiveOwedM
proposeMint
proposeRetrieval
rate
rateModel
rawOwedMOf
retrievalNonce
setCollateralOf
setIsActive
setIsDeactivated
setLatestIndex
setLatestRate
setPrincipalOfTotalActiveOwedM
setRawOwedMOf
setTotalPendingRetrievalsOf
setUnfrozenTimeOf
setUpdateTimestampOf
totalActiveOwedM
totalOwedM
totalPendingCollateralRetrievalOf
ttgRegistrar
ttgVault
updateCollateral
updateCollateralInterval
updateCollateralValidatorThreshold		 27,741 (-22)
2,024 (-22)
25,362 (+22)
27,922 (+45)
2,218 (-22)
2,201 (-44)
1,212 (-22)
24,143 (+67)
27,782 (+67)
5,473 (+108)
1,688 (-22)
910 (-22)
701 (-44)
661 (-44)
671 (+22)
710 (+22)
1,810 (+22)
1,747 (-22)
2,405 (-22)
3,569 (0)
1,337 (-22)
23,836 (+66)
2,415 (-22)
961 (+22)
1,383 (-22)
1,358 (+87)
402 (+22)
687 (-44)
1,357 (+22)
817 (+22)
470 (+22)
24,315 (-22)
23,766 (-89)
1,937 (+88)
1,291 (+67)
646 (-22)
391 (-88)
27,129 (-22)
22,429 (+89)
27,250 (+66)
26,619 (-22)
26,562 (-22)
24,028 (-22)
24,363 (0)
44,237 (-22)
27,137 (-89)
27,171 (0)
1,529 (-22)
1,798 (+22)
770 (+22)
284 (-44)
329 (-22)
26,114 (-22)
1,286 (-44)
1,203 (-22)		 -0.08%
-1.08%
+0.09%
+0.16%
-0.98%
-1.96%
-1.78%
+0.28%
+0.24%
+2.01%
-1.29%
-2.36%
-5.91%
-6.24%
+3.39%
+3.20%
+1.23%
-1.24%
-0.91%
0.00%
-1.62%
+0.28%
-0.90%
+2.34%
-1.57%
+6.85%
+5.79%
-6.02%
+1.65%
+2.77%
+4.91%
-0.09%
-0.37%
+4.76%
+5.47%
-3.29%
-18.37%
-0.08%
+0.40%
+0.24%
-0.08%
-0.08%
-0.09%
0.00%
-0.05%
-0.33%
0.00%
-1.42%
+1.24%
+2.94%
-13.41%
-6.27%
-0.08%
-3.31%
-1.80%		 36,456 (-22)
2,694 (-22)
73,490 (+13)
31,830 (0)
2,218 (-22)
2,220 (-44)
1,212 (-22)
70,496 (+75)
44,376 (+30)
10,289 (+108)
1,691 (-22)
910 (-22)
701 (-44)
661 (-44)
671 (+22)
710 (+22)
4,060 (+22)
2,747 (-22)
2,405 (-22)
6,732 (+166)
1,337 (-22)
123,403 (+66)
2,415 (-22)
961 (+22)
1,383 (-22)
1,358 (+87)
402 (+22)
687 (-44)
1,357 (+22)
1,179 (+22)
470 (+22)
111,299 (-20)
95,209 (+2,056)
1,937 (+88)
1,291 (+67)
646 (-22)
391 (-88)
27,269 (-21)
43,317 (+109)
27,250 (+66)
26,619 (-22)
26,562 (-22)
43,898 (-10)
44,225 (+12)
44,261 (-22)
27,137 (-89)
44,205 (-14)
1,862 (-22)
2,798 (+22)
991 (+22)
284 (-44)
329 (-22)
137,991 (+27,323)
1,286 (-44)
1,203 (-22)		 -0.06%
-0.81%
+0.02%
0.00%
-0.98%
-1.94%
-1.78%
+0.11%
+0.07%
+1.06%
-1.28%
-2.36%
-5.91%
-6.24%
+3.39%
+3.20%
+0.54%
-0.79%
-0.91%
+2.53%
-1.62%
+0.05%
-0.90%
+2.34%
-1.57%
+6.85%
+5.79%
-6.02%
+1.65%
+1.90%
+4.91%
-0.02%
+2.21%
+4.76%
+5.47%
-3.29%
-18.37%
-0.08%
+0.25%
+0.24%
-0.08%
-0.08%
-0.02%
+0.03%
-0.05%
-0.33%
-0.03%
-1.17%
+0.79%
+2.27%
-13.41%
-6.27%
+24.69%
-3.31%
-1.80%		 29,965 (-22)
2,024 (-22)
74,461 (+22)
31,867 (0)
2,218 (-22)
2,201 (-44)
1,212 (-22)
97,960 (+79)
45,985 (+22)
10,419 (+108)
1,688 (-22)
910 (-22)
701 (-44)
661 (-44)
671 (+22)
710 (+22)
4,060 (+22)
2,747 (-22)
2,405 (-22)
5,569 (0)
1,337 (-22)
124,911 (+66)
2,415 (-22)
961 (+22)
1,383 (-22)
1,358 (+87)
402 (+22)
687 (-44)
1,357 (+22)
1,180 (+22)
470 (+22)
113,176 (-22)
96,303 (+2,972)
1,937 (+88)
1,291 (+67)
646 (-22)
391 (-88)
27,285 (-22)
44,341 (+89)
27,250 (+66)
26,619 (-22)
26,562 (-22)
44,096 (-22)
44,419 (0)
44,261 (-22)
27,137 (-89)
44,271 (0)
1,529 (-22)
2,798 (+22)
992 (+22)
284 (-44)
329 (-22)
126,914 (+16,955)
1,286 (-44)
1,203 (-22)		 -0.07%
-1.08%
+0.03%
0.00%
-0.98%
-1.96%
-1.78%
+0.08%
+0.05%
+1.05%
-1.29%
-2.36%
-5.91%
-6.24%
+3.39%
+3.20%
+0.54%
-0.79%
-0.91%
0.00%
-1.62%
+0.05%
-0.90%
+2.34%
-1.57%
+6.85%
+5.79%
-6.02%
+1.65%
+1.90%
+4.91%
-0.02%
+3.18%
+4.76%
+5.47%
-3.29%
-18.37%
-0.08%
+0.20%
+0.24%
-0.08%
-0.08%
-0.05%
0.00%
-0.05%
-0.33%
0.00%
-1.42%
+0.79%
+2.27%
-13.41%
-6.27%
+15.42%
-3.31%
-1.80%		 51,663 (-22)
6,024 (-22)
90,839 (+22)
31,886 (0)
2,221 (-22)
6,701 (-44)
1,212 (-22)
100,428 (+79)
54,535 (+22)
13,973 (+108)
1,700 (-22)
910 (-22)
701 (-44)
661 (-44)
671 (+22)
710 (+22)
6,310 (+22)
3,747 (-22)
2,405 (-22)
12,069 (0)
1,337 (-22)
190,004 (+66)
2,415 (-22)
961 (+22)
1,383 (-22)
1,358 (+87)
402 (+22)
687 (-44)
1,357 (+22)
1,180 (+22)
470 (+22)
113,524 (-22)
113,550 (+2,972)
1,937 (+88)
1,291 (+67)
646 (-22)
391 (-88)
27,477 (-22)
44,341 (+89)
27,250 (+66)
26,619 (-22)
26,562 (-22)
44,096 (-22)
44,431 (0)
44,285 (-22)
27,137 (-89)
44,271 (0)
3,529 (-22)
3,798 (+22)
992 (+22)
284 (-44)
329 (-22)
332,763 (+179,178)
1,286 (-44)
1,203 (-22)		 -0.04%
-0.36%
+0.02%
0.00%
-0.98%
-0.65%
-1.78%
+0.08%
+0.04%
+0.78%
-1.28%
-2.36%
-5.91%
-6.24%
+3.39%
+3.20%
+0.35%
-0.58%
-0.91%
0.00%
-1.62%
+0.03%
-0.90%
+2.34%
-1.57%
+6.85%
+5.79%
-6.02%
+1.65%
+1.90%
+4.91%
-0.02%
+2.69%
+4.76%
+5.47%
-3.29%
-18.37%
-0.08%
+0.20%
+0.24%
-0.08%
-0.08%
-0.05%
0.00%
-0.05%
-0.33%
0.00%
-0.62%
+0.58%
+2.27%
-13.41%
-6.27%
+116.66%
-3.31%
-1.80%		 3 (0)
2,316 (+1)
1,007 (+2)
261 (0)
261 (+1)
264 (0)
1,536 (0)
5 (0)
6 (0)
1,552 (0)
3,882 (+27)
2 (0)
1 (0)
3 (0)
1 (0)
2 (0)
2 (0)
2 (0)
1 (0)
1,539 (-256)
1 (0)
526 (0)
2 (0)
770 (0)
1 (0)
1 (0)
4 (0)
262 (0)
1 (0)
1,544 (0)
258 (0)
263 (0)
777 (+1)
1 (0)
1 (0)
1 (0)
2 (0)
2,331 (0)
107 (+2)
1 (0)
4 (0)
101 (+2)
1,808 (0)
1,814 (0)
2 (0)
1 (0)
2,343 (+3)
6 (0)
2 (0)
1,545 (0)
2 (0)
1 (0)
2,596 (+7)
1 (0)
1 (0)
MinterGateway 0 (0) burnM
deactivateMinter
getPenaltyForMissedCollateralUpdates
inactiveOwedMOf
isDeactivatedMinter
isFrozenMinter
mintM
minterRate
proposeRetrieval
totalActiveOwedM
ttgRegistrar
updateCollateral
updateIndex		 84,586 (+22)
128,303 (-10)
5,364 (-22)
717 (-22)
627 (-66)
666 (+22)
143,275 (-22)
425 (+22)
96,350 (+3,083)
1,549 (-22)
328 (-22)
111,703 (+35)
69,136 (-22)		 +0.03%
-0.01%
-0.41%
-2.98%
-9.52%
+3.42%
-0.02%
+5.46%
+3.31%
-1.40%
-6.29%
+0.03%
-0.03%		 122,588 (+22)
163,789 (+3)
6,508 (-22)
861 (-22)
627 (-66)
666 (+22)
165,237 (-22)
425 (+22)
96,350 (+3,083)
1,549 (-22)
328 (-22)
117,269 (+706)
87,272 (-19)		 +0.02%
+0.00%
-0.34%
-2.49%
-9.52%
+3.42%
-0.01%
+5.46%
+3.31%
-1.40%
-6.29%
+0.61%
-0.02%		 123,039 (+22)
163,593 (-10)
7,364 (-22)
933 (-22)
627 (-66)
666 (+22)
165,185 (-22)
425 (+22)
96,350 (+3,083)
1,549 (-22)
328 (-22)
117,193 (+35)
92,589 (-22)		 +0.02%
-0.01%
-0.30%
-2.30%
-9.52%
+3.42%
-0.01%
+5.46%
+3.31%
-1.40%
-6.29%
+0.03%
-0.02%		 150,143 (+22)
165,281 (-10)
7,364 (-22)
933 (-22)
627 (-66)
666 (+22)
203,851 (-22)
425 (+22)
96,350 (+3,083)
1,549 (-22)
328 (-22)
177,572 (+5,064)
109,699 (-22)		 +0.01%
-0.01%
-0.30%
-2.30%
-9.52%
+3.42%
-0.01%
+5.46%
+3.31%
-1.40%
-6.29%
+2.94%
-0.02%		 5 (0)
261 (0)
7 (0)
3 (0)
1 (0)
14 (0)
1,049 (0)
4,208 (0)
1 (0)
4,209 (0)
16 (0)
810 (0)
1,557 (0)

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2024
edited
Loading

LCOV of commit 6bcc24d during Forge Coverage #497

Summary coverage rate:
  lines......: 99.2% (386 of 389 lines)
  functions..: 96.0% (121 of 126 functions)
  branches...: no data found

Files changed coverage rate:
                                          |Lines       |Functions  |Branches    
  Filename                                |Rate     Num|Rate    Num|Rate     Num
  ==============================================================================
  src/MinterGateway.sol                   | 100%    235|98.4%    63|    -      0

@deluca-mike deluca-mike force-pushed the fix/malicious-validator branch 4 times, most recently from b082d2b to e8e8211 Compare April 10, 2024 15:29
toninorair
toninorair reviewed Apr 10, 2024
View reviewed changes
src/MinterGateway.sol Outdated Show resolved Hide resolved
toninorair
toninorair requested changes Apr 10, 2024
View reviewed changes
Copy link
Collaborator

@toninorair toninorair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great work, but left 1 simplification comment

PierrickGT
PierrickGT requested changes Apr 10, 2024
View reviewed changes
src/MinterGateway.sol Outdated Show resolved Hide resolved
src/interfaces/IMinterGateway.sol Outdated Show resolved Hide resolved
test/MinterGateway.t.sol Outdated Show resolved Hide resolved
test/MinterGateway.t.sol Outdated Show resolved Hide resolved
test/MinterGateway.t.sol Outdated Show resolved Hide resolved
@deluca-mike deluca-mike force-pushed the fix/malicious-validator branch from e8e8211 to ed60bf3 Compare April 11, 2024 01:43
toninorair
toninorair reviewed Apr 11, 2024
View reviewed changes
src/MinterGateway.sol Outdated Show resolved Hide resolved
@deluca-mike deluca-mike changed the title fix: prevent obsolete validator attestation use fix: prevent validator signatures before latest proposed retrieval Apr 11, 2024
@deluca-mike deluca-mike requested a review from PierrickGT April 11, 2024 10:58
@toninorair toninorair merged commit ee328d0 into main Apr 11, 2024
5 checks passed
@toninorair toninorair deleted the fix/malicious-validator branch April 11, 2024 16:29
@sherlock-admin4 sherlock-admin4 mentioned this pull request Apr 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@toninorair toninorair toninorair approved these changes

@PierrickGT PierrickGT PierrickGT approved these changes

Assignees

@deluca-mike deluca-mike

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deluca-mike @toninorair @PierrickGT