From 047d08064f1ade95a162293c290a2c23ec741e2d Mon Sep 17 00:00:00 2001
From: loki-cmu <attackeng@gmail.com>
Date: Sun, 8 Sep 2024 04:14:35 +0800
Subject: [PATCH 1/2] fix: swc-02 Invalid Public Key Slice, publish
 anychain-ethereum 0.1.18

---
 anychain-ethereum/Cargo.toml        |  2 +-
 anychain-ethereum/src/address.rs    | 10 +++++--
 anychain-ethereum/src/public_key.rs | 42 ++++++++++++++++++++++-------
 3 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/anychain-ethereum/Cargo.toml b/anychain-ethereum/Cargo.toml
index 2c3e679..85a6673 100644
--- a/anychain-ethereum/Cargo.toml
+++ b/anychain-ethereum/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "anychain-ethereum"
 description = "A Rust library for Ethereum-focused cryptocurrency wallets, enabling seamless transactions on the Ethereum blockchain"
-version = "0.1.17"
+version = "0.1.18"
 keywords = ["blockchain", "crypto", "cryptocurrencies", "ethereum", "wallet"]
 
 # Workspace inherited keys
diff --git a/anychain-ethereum/src/address.rs b/anychain-ethereum/src/address.rs
index 41cf9bc..903668d 100644
--- a/anychain-ethereum/src/address.rs
+++ b/anychain-ethereum/src/address.rs
@@ -141,7 +141,10 @@ mod tests {
         let public_key = EthereumPublicKey::from_secp256k1_public_key(public_key);
         let address = public_key.to_address(&EthereumFormat::Standard).unwrap();
 
-        println!("address = {}", address);
+        assert_eq!(
+            "0x0Df2f15895AB69A7eF06519F6c4732e648719f04",
+            address.to_string()
+        );
     }
 
     mod checksum_address {
@@ -194,6 +197,9 @@ mod tests {
         )
         .unwrap();
         let address = EthereumAddress::from_public_key(&pubkey, &EthereumFormat::Standard).unwrap();
-        println!("{}", address)
+        assert_eq!(
+            "0x5a2a8410875E882aEe87bF8e5F2e1eDE8810617b",
+            address.to_string()
+        )
     }
 }
diff --git a/anychain-ethereum/src/public_key.rs b/anychain-ethereum/src/public_key.rs
index 0326e3b..1acb870 100644
--- a/anychain-ethereum/src/public_key.rs
+++ b/anychain-ethereum/src/public_key.rs
@@ -29,8 +29,10 @@ impl EthereumPublicKey {
         Self(public_key)
     }
 
-    pub fn from_slice(sl: &[u8]) -> Self {
-        Self(libsecp256k1::PublicKey::parse_slice(sl, None).unwrap())
+    pub fn from_slice(sl: &[u8]) -> Result<Self, PublicKeyError> {
+        libsecp256k1::PublicKey::parse_slice(sl, None)
+            .map(Self)
+            .map_err(|e| PublicKeyError::Crate("from splice", format!("{:?}", e)))
     }
 
     /// Returns the secp256k1 public key of the public key
@@ -159,7 +161,10 @@ mod tests {
             let str = "b9b77d6ac1380a581d3efc136a21a939f5a6ce59afeb3eddf6a52b342b33f5be455b3610100ee1129d1638e99272879be60519835e2b3b7703eb4791af3daa7f";
             let public_key = EthereumPublicKey::from_str(str).unwrap();
             let address = EthereumAddress::checksum_address(&public_key);
-            println!("address:{:?}", address);
+            assert_eq!(
+                "0xDF3e1897f4b01f6b17870b98B4548BaBE14A007C",
+                address.to_string()
+            );
         }
     }
 
@@ -199,14 +204,31 @@ mod tests {
         ];
 
         let pk = EthereumPublicKey::from_slice(&raw_pk);
+        assert!(pk.is_ok());
         let pk1 = EthereumPublicKey::from_slice(&raw_pk1);
+        assert!(pk1.is_ok());
+
+        let addr = pk.unwrap().to_address(&EthereumFormat::Standard).unwrap();
+        let addr1 = pk1.unwrap().to_address(&EthereumFormat::Standard).unwrap();
+
+        assert_eq!(
+            "0xE28D6881aC932066611A259a8C343E545b0b55B7",
+            addr.to_string()
+        );
+        assert_eq!(
+            "0xCd28AF3e09527D2a756F1e7c7aD7A8A9BdEB080d",
+            addr1.to_string()
+        );
+    }
 
-        let addr = pk.to_address(&EthereumFormat::Standard).unwrap();
-        let addr1 = pk1.to_address(&EthereumFormat::Standard).unwrap();
-
-        println!("address for {:?} is {}", raw_pk, addr);
-        println!();
-        println!("address for {:?} is {}", raw_pk1, addr1);
-        println!();
+    #[test]
+    fn test_public_key_from_invalid_slice() {
+        let invalid_slice = [1u8; 31]; // A 31-byte slice, invalid as a public key
+        let public_key = EthereumPublicKey::from_slice(&invalid_slice);
+        assert!(public_key.is_err());
+
+        let invalid_slice = [0u8; 65]; // A 31-byte slice, invalid as a public key
+        let public_key = EthereumPublicKey::from_slice(&invalid_slice);
+        assert!(public_key.is_err());
     }
 }

From a077e3153d4fbd33eec0dd5ee5ed814f294650c6 Mon Sep 17 00:00:00 2001
From: loki-cmu <attackeng@gmail.com>
Date: Sun, 8 Sep 2024 04:44:53 +0800
Subject: [PATCH 2/2] fix: swc-03 unsafe std::mem::transmute, publish
 anychain-tron 0.2.7

---
 Cargo.lock                       |  4 ++--
 anychain-tron/Cargo.toml         |  2 +-
 anychain-tron/src/address.rs     | 31 ++++++++++++++++++++++++++++---
 anychain-tron/src/transaction.rs | 18 +++++++++++-------
 4 files changed, 42 insertions(+), 13 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index cedf2d8..d71c242 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -188,7 +188,7 @@ dependencies = [
 
 [[package]]
 name = "anychain-ethereum"
-version = "0.1.17"
+version = "0.1.18"
 dependencies = [
  "anychain-core",
  "ethabi",
@@ -310,7 +310,7 @@ dependencies = [
 
 [[package]]
 name = "anychain-tron"
-version = "0.2.6"
+version = "0.2.7"
 dependencies = [
  "anychain-core",
  "base58",
diff --git a/anychain-tron/Cargo.toml b/anychain-tron/Cargo.toml
index 41993b1..428fbf8 100644
--- a/anychain-tron/Cargo.toml
+++ b/anychain-tron/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "anychain-tron"
 description = "A Rust library for Tron-focused cryptocurrency wallets, enabling seamless transactions on the Tron blockchain"
-version = "0.2.6"
+version = "0.2.7"
 keywords = ["tron", "blockchain", "cryptocurrencies", "wallet", "transactions"]
 
 # Workspace inherited keys
diff --git a/anychain-tron/src/address.rs b/anychain-tron/src/address.rs
index 596376a..8440901 100644
--- a/anychain-tron/src/address.rs
+++ b/anychain-tron/src/address.rs
@@ -50,9 +50,17 @@ impl TronAddress {
         &self.0
     }
 
-    pub fn from_bytes(raw: &[u8]) -> &Self {
-        assert!(raw.len() == 21);
-        unsafe { std::mem::transmute(&raw[0]) }
+    pub fn from_bytes(raw: &[u8]) -> Result<Self, AddressError> {
+        if raw.len() != 21 {
+            return Err(AddressError::InvalidAddress("Invalid length".to_string()));
+        }
+
+        let mut address = [0u8; 21];
+        address.copy_from_slice(raw);
+        Ok(TronAddress(address))
+
+        // assert!(raw.len() == 21);
+        // unsafe { std::mem::transmute(&raw[0]) }
     }
 
     pub fn to_base58(&self) -> String {
@@ -247,4 +255,21 @@ mod tests {
         let addr = TronAddress::from_public_key(&public, &TronFormat::Standard).unwrap();
         assert_eq!(addr.to_string(), "TQHAvs2ZFTbsd93ycTfw1Wuf1e4WsPZWCp");
     }
+
+    #[test]
+    fn test_address_from_bytes() {
+        let bytes = [
+            65, 150, 163, 186, 206, 90, 218, 207, 99, 126, 183, 204, 121, 213, 120, 127, 66, 71,
+            218, 75, 190,
+        ];
+        let addr = TronAddress::from_bytes(&bytes);
+        assert!(addr.is_ok());
+
+        let malicious_bytes: [u8; 22] = [
+            0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        ];
+        let addr = TronAddress::from_bytes(&malicious_bytes);
+        assert!(addr.is_err());
+    }
 }
diff --git a/anychain-tron/src/transaction.rs b/anychain-tron/src/transaction.rs
index bd21b3b..e4fbab9 100644
--- a/anychain-tron/src/transaction.rs
+++ b/anychain-tron/src/transaction.rs
@@ -226,10 +226,12 @@ mod tests {
     #[test]
     pub fn test_txid() {
         let transaction = build_trx_transaction();
-        println!("{}", transaction.to_transaction_id().unwrap());
+        dbg!("{}", transaction.to_transaction_id().unwrap());
         let raw = transaction.data.to_transaction_raw().unwrap();
         let raw_bytes = crypto::sha256(&raw.write_to_bytes().unwrap());
-        println!("{}", hex::encode(raw_bytes));
+        dbg!("{}", hex::encode(raw_bytes));
+
+        assert_eq!(transaction.to_transaction_id().unwrap().txid, raw_bytes);
     }
 
     #[test]
@@ -248,9 +250,10 @@ mod tests {
         let transaction = TronTransaction::new(&param).unwrap();
 
         let bytes = transaction.to_bytes().unwrap();
-        println!("{}", hex::encode(bytes));
-        println!("{}", transaction.to_transaction_id().unwrap());
-        println!("{:?}", transaction.data);
+
+        dbg!("{}", hex::encode(bytes));
+        dbg!("{}", transaction.to_transaction_id().unwrap());
+        dbg!("{:?}", transaction.data);
     }
 
     #[test]
@@ -269,7 +272,8 @@ mod tests {
     #[test]
     pub fn test_raw() {
         let raw = "0a025aa722088cb23bfcb18ea03c40facee394ad305a67080112630a2d747970652e676f6f676c65617069732e636f6d2f70726f746f636f6c2e5472616e73666572436f6e747261637412320a1541fa3146ab779ce02392d11209f524ee75d4088a45121541436d74fc1577266b7290b85801145d9c5287e19418c0843d709afadf94ad30900180ade204";
-        let transaction = TronTransaction::from_bytes(&hex::decode(raw).unwrap()).unwrap();
-        println!("{:?}", transaction.data);
+        let transaction = TronTransaction::from_bytes(&hex::decode(raw).unwrap());
+        assert!(transaction.is_ok());
+        dbg!("{:?}", transaction.unwrap().data);
     }
 }