From 5470f33a52feae1f0d955cb2889fc334eaf497ee Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 12:50:10 +0800 Subject: [PATCH 1/6] fix Immunefi Report #31869 --- src/ORMP.sol | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/ORMP.sol b/src/ORMP.sol index a241dc3..39b0913 100644 --- a/src/ORMP.sol +++ b/src/ORMP.sol @@ -92,6 +92,7 @@ contract ORMP is ReentrancyGuard, Channel { emit MessageAssigned(msgHash, uc.oracle, uc.relayer, oracleFee, relayerFee, params); // refund + require(msg.value >= relayerFee + oracleFee, "!fee"); if (msg.value > relayerFee + oracleFee) { uint256 refundFee = msg.value - (relayerFee + oracleFee); _sendValue(refund, refundFee); @@ -158,10 +159,7 @@ contract ORMP is ReentrancyGuard, Channel { require(gasAvailable - gasAvailable / 64 > message.gasLimit, "!gas"); // Deliver the message to user application contract address. (dispatchResult,) = message.to.excessivelySafeCall( - message.gasLimit, - msg.value, - 0, - abi.encodePacked(message.encoded, msgHash, message.fromChainId, message.from) + message.gasLimit, 0, 0, abi.encodePacked(message.encoded, msgHash, message.fromChainId, message.from) ); } From 7feb5c3b28575799fe3ba5e3cbc044c8b8133de9 Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 12:51:32 +0800 Subject: [PATCH 2/6] fix Immunefi Report #31869 --- tron/ORMP.f.sol | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tron/ORMP.f.sol b/tron/ORMP.f.sol index 4c9fdb2..00d0441 100644 --- a/tron/ORMP.f.sol +++ b/tron/ORMP.f.sol @@ -471,6 +471,7 @@ contract ORMP is ReentrancyGuard, Channel { emit MessageAssigned(msgHash, uc.oracle, uc.relayer, oracleFee, relayerFee, params); // refund + require(msg.value >= relayerFee + oracleFee, "!fee"); if (msg.value > relayerFee + oracleFee) { uint256 refundFee = msg.value - (relayerFee + oracleFee); _sendValue(refund, refundFee); @@ -537,10 +538,7 @@ contract ORMP is ReentrancyGuard, Channel { require(gasAvailable - gasAvailable / 64 > message.gasLimit, "!gas"); // Deliver the message to user application contract address. (dispatchResult,) = message.to.excessivelySafeCall( - message.gasLimit, - msg.value, - 0, - abi.encodePacked(message.encoded, msgHash, message.fromChainId, message.from) + message.gasLimit, 0, 0, abi.encodePacked(message.encoded, msgHash, message.fromChainId, message.from) ); } From d5663b6d4a4af7c818ae339cd55a9a2c0412ab1b Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 13:02:22 +0800 Subject: [PATCH 3/6] rm payable --- src/ORMP.sol | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ORMP.sol b/src/ORMP.sol index 39b0913..d76a59d 100644 --- a/src/ORMP.sol +++ b/src/ORMP.sol @@ -142,7 +142,6 @@ contract ORMP is ReentrancyGuard, Channel { /// @return dispatchResult Result of the message dispatch. function recv(Message calldata message, bytes calldata proof) external - payable recvNonReentrant returns (bool dispatchResult) { From df29e38aa3d0d8e6e8ad117ff04680a9f4af9b45 Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 13:10:42 +0800 Subject: [PATCH 4/6] rm payable --- tron/ORMP.f.sol | 1 - 1 file changed, 1 deletion(-) diff --git a/tron/ORMP.f.sol b/tron/ORMP.f.sol index 00d0441..9152f3c 100644 --- a/tron/ORMP.f.sol +++ b/tron/ORMP.f.sol @@ -521,7 +521,6 @@ contract ORMP is ReentrancyGuard, Channel { /// @return dispatchResult Result of the message dispatch. function recv(Message calldata message, bytes calldata proof) external - payable recvNonReentrant returns (bool dispatchResult) { From a62c1a3b4ce9d36c115a7544ae325657027d3117 Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 13:55:35 +0800 Subject: [PATCH 5/6] bump version to 2.1.0 --- package.json | 2 +- src/ORMP.sol | 2 +- src/eco/Oracle.sol | 2 +- src/eco/Relayer.sol | 2 +- tron/ORMP.f.sol | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index da04d3d..1f25744 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@msgport/ormp", - "version": "2.0.0", + "version": "2.1.0", "description": "Oracle and Relayer based Message Protocol", "repository": "https://github.com/msgport/ORMP", "author": "Msgport dev", diff --git a/src/ORMP.sol b/src/ORMP.sol index d76a59d..a9ecf9f 100644 --- a/src/ORMP.sol +++ b/src/ORMP.sol @@ -30,7 +30,7 @@ contract ORMP is ReentrancyGuard, Channel { constructor(address dao) Channel(dao) {} function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } /// @dev Send a cross-chain message over the endpoint. diff --git a/src/eco/Oracle.sol b/src/eco/Oracle.sol index 29d4d47..08e6520 100644 --- a/src/eco/Oracle.sol +++ b/src/eco/Oracle.sol @@ -36,7 +36,7 @@ contract Oracle is Verifier { receive() external payable {} function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } /// @dev Only could be called by owner. diff --git a/src/eco/Relayer.sol b/src/eco/Relayer.sol index c12a3ef..53e0f08 100644 --- a/src/eco/Relayer.sol +++ b/src/eco/Relayer.sol @@ -43,7 +43,7 @@ contract Relayer { } function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } receive() external payable {} diff --git a/tron/ORMP.f.sol b/tron/ORMP.f.sol index 9152f3c..2a048a9 100644 --- a/tron/ORMP.f.sol +++ b/tron/ORMP.f.sol @@ -409,7 +409,7 @@ contract ORMP is ReentrancyGuard, Channel { constructor(address dao) Channel(dao) {} function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } /// @dev Send a cross-chain message over the endpoint. From 1e6a1838b74fb9abc92fd8211329e0564c5f2a34 Mon Sep 17 00:00:00 2001 From: echo Date: Mon, 3 Jun 2024 13:58:43 +0800 Subject: [PATCH 6/6] bump version to 0.2.1 --- tron/Oracle.f.sol | 2 +- tron/Relayer.f.sol | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tron/Oracle.f.sol b/tron/Oracle.f.sol index d46a4f6..bb62e0d 100644 --- a/tron/Oracle.f.sol +++ b/tron/Oracle.f.sol @@ -164,7 +164,7 @@ contract Oracle is Verifier { receive() external payable {} function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } /// @dev Only could be called by owner. diff --git a/tron/Relayer.f.sol b/tron/Relayer.f.sol index e9aebce..c3d4ed6 100644 --- a/tron/Relayer.f.sol +++ b/tron/Relayer.f.sol @@ -143,7 +143,7 @@ contract Relayer { } function version() public pure returns (string memory) { - return "2.0.0"; + return "2.1.0"; } receive() external payable {}