Update structure to match hash #8

JamesSmartCell · 2023-07-02T14:47:28Z

use eventId instead of conferenceId and devconId.
Add convenience method to decode the attestation for services where this would be problematic (eg Iot).

github-actions · 2023-07-02T14:49:45Z

solhint result for 019ba85:


contracts/package/attestation/AsnDecode.sol
   14:5  error  'decodeLength' should start with _         private-vars-leading-underscore
   32:5  error  'copyDataBlock' should start with _        private-vars-leading-underscore
   75:5  error  'decodeElementOffset' should start with _  private-vars-leading-underscore
   87:5  error  'decodeDERData' should start with _        private-vars-leading-underscore
   94:5  error  'decodeDERData' should start with _        private-vars-leading-underscore
  115:5  error  'copyStringBlock' should start with _      private-vars-leading-underscore
  158:5  error  'decodeElement' should start with _        private-vars-leading-underscore
  165:5  error  'decodeIA5String' should start with _      private-vars-leading-underscore

contracts/package/attestation/EASverify.sol
   22:5  error    'EIP712_DOMAIN_TYPE_HASH' should start with _                   private-vars-leading-underscore
   26:5  error    'TIME_GAP' should start with _                                  private-vars-leading-underscore
   28:5  error    Constant name must be in capitalized SNAKE_CASE                 const-name-snakecase
   28:5  error    'name' should start with _                                      private-vars-leading-underscore
   31:5  error    'ATTEST_TYPEHASH' should start with _                           private-vars-leading-underscore
   33:2  warning  Line length must be no more than 120 but current length is 129  max-line-length
  146:5  error    'decodeEasTicketData' should start with _                       private-vars-leading-underscore
  220:5  error    'validateTicketTimestamps' should start with _                  private-vars-leading-underscore
  283:5  error    'verifyEasRevoked' should start with _                          private-vars-leading-underscore

contracts/package/attestation/IdAttest.sol
   12:5   error    'TTL_GAP' should start with _                                   private-vars-leading-underscore
   13:5   error    'INTEGER_TAG' should start with _                               private-vars-leading-underscore
   14:5   error    'COMPOUND_TAG' should start with _                              private-vars-leading-underscore
   16:5   error    'recoverSignedIdentifierAddress' should start with _            private-vars-leading-underscore
   22:51  error    Variable name must be in mixedCase                              var-name-mixedcase
   52:2   warning  Line length must be no more than 120 but current length is 122  max-line-length
   54:2   warning  Line length must be no more than 120 but current length is 142  max-line-length
   65:5   error    'recoverSigner' should start with _                             private-vars-leading-underscore
   71:5   error    'splitSignature' should start with _                            private-vars-leading-underscore
   84:5   error    'decodeTimeBlock' should start with _                           private-vars-leading-underscore
   95:2   warning  Line length must be no more than 120 but current length is 147  max-line-length
  109:5   error    'addressFromPublicKey' should start with _                      private-vars-leading-underscore
  123:5   error    'publicKeyToAddress' should start with _                        private-vars-leading-underscore
  134:5   error    'decodeCommitment' should start with _                          private-vars-leading-underscore
  149:5   error    'recoverCommitment' should start with _                         private-vars-leading-underscore

contracts/package/attestation/Pok.sol
   18:5  error    'H_X' should start with _                                       private-vars-leading-underscore
   19:5  error    'H_Y' should start with _                                       private-vars-leading-underscore
   24:5  error    'CURVE_ORDER_BIT_LENGTH' should start with _                    private-vars-leading-underscore
   25:5  error    'CURVE_ORDER_BIT_SHIFT' should start with _                     private-vars-leading-underscore
   27:5  error    'H_POINT' should start with _                                   private-vars-leading-underscore
   40:5  error    'recoverPOK' should start with _                                private-vars-leading-underscore
   52:5  error    'verifyPOK' should start with _                                 private-vars-leading-underscore
   82:5  error    'ecEquals' should start with _                                  private-vars-leading-underscore
   90:5  error    'getRiddle' should start with _                                 private-vars-leading-underscore
  108:2  warning  Line length must be no more than 120 but current length is 139  max-line-length
  112:2  warning  Line length must be no more than 120 but current length is 153  max-line-length
  115:5  error    'extractXYFromPoint' should start with _                        private-vars-leading-underscore
  117:2  warning  Line length must be no more than 120 but current length is 137  max-line-length
  122:5  error    'ecAdd' should start with _                                     private-vars-leading-underscore
  139:5  error    'mapToCurveMultiplier' should start with _                      private-vars-leading-underscore
  148:5  error    'ecMul' should start with _                                     private-vars-leading-underscore
  165:5  error    'ecInv' should start with _                                     private-vars-leading-underscore

contracts/package/attestation/Utils.sol
  12:5  error  'bytesToUint' should start with _  private-vars-leading-underscore
  30:5  error  'bytesToHex' should start with _   private-vars-leading-underscore

contracts/package/attestation/VerifyAttestation.sol
   64:5  error    'EMPTY_BYTES' should start with _                               private-vars-leading-underscore
   73:2  warning  Line length must be no more than 120 but current length is 201  max-line-length
  137:9  error    Variable name must be in mixedCase                              var-name-mixedcase
  139:9  error    Variable name must be in mixedCase                              var-name-mixedcase
  166:5  error    'verifyEqualityProof' should start with _                       private-vars-leading-underscore
  191:5  error    'recoverTicketSignatureAddress' should start with _             private-vars-leading-underscore
  219:2  warning  Line length must be no more than 120 but current length is 139  max-line-length
  239:5  error    'getAttestationTimestamp' should start with _                   private-vars-leading-underscore
  253:2  warning  Line length must be no more than 120 but current length is 122  max-line-length
  255:2  warning  Line length must be no more than 120 but current length is 142  max-line-length
  265:5  error    'mapTo256BitInteger' should start with _                        private-vars-leading-underscore

✖ 62 problems (51 errors, 11 warnings)

github-actions · 2023-07-02T14:50:07Z

slither result for 019ba85:

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

unchecked-lowlevel (2 results) (Medium)
write-after-write (1 results) (Medium)
dead-code (3 results) (Informational)
solc-version (26 results) (Informational)

unchecked-lowlevel

Impact: Medium
Confidence: Medium

ID-0
RoyaltySpliterStatic._pay(address,uint256) ignores return value by (sent) = ETHreceiver.call{value: amount}()

stl-contracts/contracts/package/royalty/RoyaltySpliterStatic.sol

Lines 70 to 76 in 019ba85

    
           function _pay(address ETHreceiver, uint256 amount) internal { 
        
               // slither-disable-start low-level-calls 
        
               // slither-disable-next-line calls-loop, unused-state 
        
               (bool sent, ) = ETHreceiver.call{value: amount}(""); 
        
               require(sent, "Failed to send Ether"); 
        
               // slither-disable-end low-level-calls 
        
           }

ID-1
MintPassOptimized.withdraw() ignores return value by (sent) = _msgSender().call{value: balance}()

stl-contracts/contracts/package/derived/MintPassOptimized.sol

Lines 101 to 106 in 019ba85

    
           function withdraw() public onlyOwner { 
        
               uint balance = address(this).balance; 
        
               //slither-disable-next-line low-level-calls 
        
               (bool sent, ) = _msgSender().call{value: balance}(""); 
        
               require(sent, "Failed to send Ether"); 
        
           }

write-after-write

Impact: Medium
Confidence: High

ID-2
VerifyAttestation.recoverTicketSignatureAddress(bytes,uint256).length is written in both
(length,hashIndex,None) = decodeLength(attestation,decodeIndex)
(length,decodeIndex,None) = decodeLength(attestation,decodeIndex)

stl-contracts/contracts/package/attestation/VerifyAttestation.sol

Line 205 in 019ba85

uint256 length;

dead-code

Impact: Informational
Confidence: Medium

ID-3
AsnDecode.decodeIA5String(bytes,uint256[],uint256,uint256) is never used and should be removed

stl-contracts/contracts/package/attestation/AsnDecode.sol

Lines 165 to 180 in 019ba85

    
           function decodeIA5String( 
        
               bytes memory byteCode, 
        
               uint256[] memory objCodes, 
        
               uint objCodeIndex, 
        
               uint decodeIndex 
        
           ) internal pure returns (Status memory) { 
        
               uint length = uint8(byteCode[decodeIndex++]); 
        
               bytes32 store = 0; 
        
               for (uint j = 0; j < length; j++) store |= bytes32(byteCode[decodeIndex++] & 0xFF) >> (j * 8); 
        
               objCodes[objCodeIndex++] = uint256(store); 
        
               Status memory retVal; 
        
               retVal.decodeIndex = decodeIndex; 
        
               retVal.objCodeIndex = objCodeIndex; 
        
               return retVal; 
        
           }

ID-4
VerifyAttestation.verifyEqualityProof(bytes,bytes,bytes,bytes) is never used and should be removed

stl-contracts/contracts/package/attestation/VerifyAttestation.sol

Lines 166 to 185 in 019ba85

    
           function verifyEqualityProof( 
        
               bytes memory com1, 
        
               bytes memory com2, 
        
               bytes memory proof, 
        
               bytes memory entropy 
        
           ) internal view returns (bool result) { 
        
               FullProofOfExponent memory pok; 
        
               bytes memory attestationData; 
        
               uint256 decodeIndex = 0; 
        
               uint256 length = 0; 
        
               (length, decodeIndex, ) = decodeLength(proof, 0); 
        
               (, attestationData, decodeIndex, ) = decodeElement(proof, decodeIndex); 
        
               pok.challenge = bytesToUint(attestationData); 
        
               (, pok.tPoint, decodeIndex, ) = decodeElement(proof, decodeIndex); 
        
               pok.entropy = entropy; 
        
               return verifyPOK(com1, com2, pok); 
        
           }

ID-5
VerifyAttestation.mapTo256BitInteger(bytes) is never used and should be removed

stl-contracts/contracts/package/attestation/VerifyAttestation.sol

Lines 265 to 268 in 019ba85

    
           function mapTo256BitInteger(bytes memory input) internal pure returns (uint256 res) { 
        
               bytes32 idHash = keccak256(input); 
        
               res = uint256(idHash); 
        
           }