Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix withdraw() methods in nullifier contracts for not validating the root #41

Merged
merged 4 commits into from
Aug 21, 2024
Merged

Fix withdraw() methods in nullifier contracts for not validating the root #41

merged 4 commits into from
Aug 21, 2024

Conversation

jimthematrix
Copy link
Contributor

No description provided.

@jimthematrix
Fix withdraw() methods in nullifier contracts for not validating the …
9776b53 
…root

Signed-off-by: Jim Zhang <jim.zhang@kaleido.io>
@codecov Codecov
Copy link

codecov bot commented Aug 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.37%. Comparing base (8d6263c) to head (bb64054).
Report is 10 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #41      +/-   ##
==========================================
+ Coverage   70.44%   71.37%   +0.92%     
==========================================
  Files          12       12              
  Lines         538      538              
==========================================
+ Hits          379      384       +5     
+ Misses        112      110       -2     
+ Partials       47       44       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Chengxuan
Chengxuan reviewed Aug 16, 2024
View reviewed changes
Copy link
Contributor

@Chengxuan Chengxuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jimthematrix 👍 good catch, added a comment about testing.

Also, a minor point about the three functions in withdraw seem can be grouped into a _withdraw() function into zeto_nullifier like _mint.

solidity/contracts/zeto_anon_nullifier.sol
@@ -122,6 +122,7 @@ contract Zeto_AnonNullifier is
uint256 root,
Commonlib.Proof calldata proof
) public {
validateTransactionProposal(nullifiers, [output, 0], root);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also add a test for this scenario?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point. added failure tests for all of the nullifiers tokens attempting to withdraw using spent UTXOs

EnriqueL8
EnriqueL8 reviewed Aug 19, 2024
View reviewed changes
Copy link
Contributor

@EnriqueL8 EnriqueL8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me - agree on the point above from Cheng but understand they are similar flows and tests have been included

@jimthematrix
Add validation to withdraw() in anon and anon_enc tokens
5985fe9 
Signed-off-by: Jim Zhang <jim.zhang@kaleido.io>
@jimthematrix
Add tests for the withdraw of spent UTXOs failure cases
39d7ede 
Signed-off-by: Jim Zhang <jim.zhang@kaleido.io>
@jimthematrix
Copy link
Contributor Author

just added another commit to also validate the input from the withdraw() calls of the non-nullifier tokens, which turn out to have the same security hole.

@Chengxuan @EnriqueL8

@jimthematrix
Add tests for the storage sql package
bb64054 
Signed-off-by: Jim Zhang <jim.zhang@kaleido.io>
Chengxuan
Chengxuan approved these changes Aug 21, 2024
View reviewed changes
Copy link
Contributor

@Chengxuan Chengxuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jimthematrix

It seems the security hole had to be patched to multiple contracts, so considering refactoring the check into the shared library will make it more reusable. But it's a minor comment for you to consider.

@jimthematrix
Copy link
Contributor Author

jimthematrix commented Aug 21, 2024
edited
Loading

Regarding the idea to push the calls in the withdraw() method to a library, the issue is that the 3 function calls already came from 2 parent classes:

        validateTransactionProposal(inputs, [output, 0], proof);   <<-- this is from Zeto_Base/Zeto_Nullifier
        _withdraw(amount, inputs, output, proof);                  <<-- this is from Zeto_Fungible
        processInputsAndOutputs(inputs, [output, 0]);              <<-- this is from Zeto_Base/Zeto_Nullifier

@jimthematrix jimthematrix merged commit dfecf4d into main Aug 21, 2024
7 checks passed
@jimthematrix jimthematrix deleted the libs branch August 21, 2024 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EnriqueL8 EnriqueL8 EnriqueL8 left review comments

@Chengxuan Chengxuan Chengxuan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jimthematrix @Chengxuan @EnriqueL8