-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor and test: accounting for the audit
- Loading branch information
Showing
7 changed files
with
625 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,39 +9,16 @@ import {IBridgeErrors} from "../interfaces/IBridgeErrors.sol"; | |
/// @author Mariapia Moscatiello - <[email protected]> | ||
abstract contract BridgeMessenger is IBridgeErrors { | ||
event FundsReceived(address indexed sender, uint256 value); | ||
event SourceGovernorUpdated(address indexed sourceGovernor); | ||
|
||
// Default payload data length includes the number of bytes of at least one address (20 bytes or 160 bits), | ||
// value (12 bytes or 96 bits) and the payload size (4 bytes or 32 bits) | ||
uint256 public constant DEFAULT_DATA_LENGTH = 36; | ||
// Source governor address on L1 that is authorized to propagate the transaction execution across the bridge | ||
address public sourceGovernor; | ||
|
||
/// @dev Receives native network token. | ||
receive() external payable { | ||
emit FundsReceived(msg.sender, msg.value); | ||
} | ||
|
||
/// @dev Changes the source governor address (original Timelock). | ||
/// @notice The only way to change the source governor address is by the Timelock on L1 to request that change. | ||
/// This triggers a self-contract transaction of BridgeMessenger that changes the source governor address. | ||
/// @param newSourceGovernor New source governor address. | ||
function changeSourceGovernor(address newSourceGovernor) external virtual { | ||
// Check if the change is authorized by the previous governor itself | ||
// This is possible only if all the checks in the message process function pass and the contract calls itself | ||
if (msg.sender != address(this)) { | ||
revert SelfCallOnly(msg.sender, address(this)); | ||
} | ||
|
||
// Check for the zero address | ||
if (newSourceGovernor == address(0)) { | ||
revert ZeroAddress(); | ||
} | ||
|
||
sourceGovernor = newSourceGovernor; | ||
emit SourceGovernorUpdated(newSourceGovernor); | ||
} | ||
|
||
/// @dev Processes received data. | ||
/// @param data Bytes message sent from L2 Wormhole Relayer contract. The data must be encoded as a set of | ||
/// continuous transactions packed into a single buffer, where each transaction is composed as follows: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,10 +13,13 @@ interface ICrossDomainMessenger { | |
/// @author Andrey Lebedev - <[email protected]> | ||
/// @author Mariapia Moscatiello - <[email protected]> | ||
contract OptimismMessenger is BridgeMessenger { | ||
event SourceGovernorUpdated(address indexed sourceGovernor); | ||
event MessageReceived(address indexed sourceMessageSender, bytes data); | ||
|
||
// CDM Contract Proxy (Home) address on L2 that receives the message across the bridge from the source L1 network | ||
address public immutable CDMContractProxyHome; | ||
// Source governor address on L1 that is authorized to propagate the transaction execution across the bridge | ||
address public sourceGovernor; | ||
|
||
/// @dev OptimismMessenger constructor. | ||
/// @param _CDMContractProxyHome CDM Contract Proxy (Home) address (Optimism). | ||
|
@@ -31,6 +34,26 @@ contract OptimismMessenger is BridgeMessenger { | |
sourceGovernor = _sourceGovernor; | ||
} | ||
|
||
/// @dev Changes the source governor address (original Timelock). | ||
/// @notice The only way to change the source governor address is by the Timelock on L1 to request that change. | ||
/// This triggers a self-contract transaction of BridgeMessenger that changes the source governor address. | ||
/// @param newSourceGovernor New source governor address. | ||
function changeSourceGovernor(address newSourceGovernor) external virtual { | ||
// Check if the change is authorized by the previous governor itself | ||
// This is possible only if all the checks in the message process function pass and the contract calls itself | ||
if (msg.sender != address(this)) { | ||
revert SelfCallOnly(msg.sender, address(this)); | ||
} | ||
|
||
// Check for the zero address | ||
if (newSourceGovernor == address(0)) { | ||
revert ZeroAddress(); | ||
} | ||
|
||
sourceGovernor = newSourceGovernor; | ||
emit SourceGovernorUpdated(newSourceGovernor); | ||
} | ||
|
||
/// @dev Processes a message received from the CDM Contract Proxy (Home) contract. | ||
/// @notice The sender must be the Source Governor address (Timelock). | ||
/// @param data Bytes message sent from the CDM Contract Proxy (Home) contract. The data must be encoded as a set of | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,27 +8,30 @@ import {BridgeMessenger} from "./BridgeMessenger.sol"; | |
/// @author Andrey Lebedev - <[email protected]> | ||
/// @author Mariapia Moscatiello - <[email protected]> | ||
contract WormholeMessenger is BridgeMessenger { | ||
event MessageReceived(address indexed sourceMessageSender, bytes data, bytes32 deliveryHash, uint256 sourceChain); | ||
event SourceGovernorUpdated(bytes32 indexed sourceGovernor); | ||
event MessageReceived(bytes32 indexed sourceMessageSender, bytes data, bytes32 deliveryHash, uint256 sourceChain); | ||
|
||
// L2 Wormhole Relayer address that receives the message across the bridge from the source L1 network | ||
address public immutable wormholeRelayer; | ||
// Source governor chain Id | ||
uint16 public immutable sourceGovernorChainId; | ||
// Source governor address on L1 that is authorized to propagate the transaction execution across the bridge | ||
bytes32 public sourceGovernor; | ||
// Source governor address on L1 that is authorized to propagate the transaction execution across the bridge | ||
mapping(bytes32 => bool) public mapDeliveryHashes; | ||
|
||
/// @dev WormholeMessenger constructor. | ||
/// @param _wormholeRelayer L2 Wormhole Relayer address. | ||
/// @param _sourceGovernor Source governor address (ETH). | ||
/// @param _sourceGovernorChainId Source governor wormhole format chain Id. | ||
constructor(address _wormholeRelayer, address _sourceGovernor, uint16 _sourceGovernorChainId) { | ||
constructor(address _wormholeRelayer, bytes32 _sourceGovernor, uint16 _sourceGovernorChainId) { | ||
// Check for zero addresses | ||
if (_wormholeRelayer == address(0) || _sourceGovernor == address(0)) { | ||
if (_wormholeRelayer == address(0)) { | ||
revert ZeroAddress(); | ||
} | ||
|
||
// Check source governor chain Id | ||
if (_sourceGovernorChainId == 0) { | ||
if (_sourceGovernor == 0 || _sourceGovernorChainId == 0) { | ||
revert ZeroValue(); | ||
} | ||
|
||
|
@@ -37,6 +40,26 @@ contract WormholeMessenger is BridgeMessenger { | |
sourceGovernorChainId = _sourceGovernorChainId; | ||
} | ||
|
||
/// @dev Changes the source governor address (original Timelock). | ||
/// @notice The only way to change the source governor address is by the Timelock on L1 to request that change. | ||
/// This triggers a self-contract transaction of BridgeMessenger that changes the source governor address. | ||
/// @param newSourceGovernor New source governor address. | ||
function changeSourceGovernor(bytes32 newSourceGovernor) external virtual { | ||
// Check if the change is authorized by the previous governor itself | ||
// This is possible only if all the checks in the message process function pass and the contract calls itself | ||
if (msg.sender != address(this)) { | ||
revert SelfCallOnly(msg.sender, address(this)); | ||
} | ||
|
||
// Check for the zero address | ||
if (newSourceGovernor == 0) { | ||
revert ZeroValue(); | ||
} | ||
|
||
sourceGovernor = newSourceGovernor; | ||
emit SourceGovernorUpdated(newSourceGovernor); | ||
} | ||
|
||
/// @dev Processes a message received from L2 Wormhole Relayer contract. | ||
/// @notice The sender must be the source governor address (Timelock). | ||
/// @param data Bytes message sent from L2 Wormhole Relayer contract. The data must be encoded as a set of | ||
|
@@ -66,10 +89,9 @@ contract WormholeMessenger is BridgeMessenger { | |
} | ||
|
||
// Check for the source governor address | ||
address governor = sourceGovernor; | ||
address bridgeGovernor = address(uint160(uint256(sourceAddress))); | ||
if (bridgeGovernor != governor) { | ||
revert SourceGovernorOnly(bridgeGovernor, governor); | ||
bytes32 governor = sourceGovernor; | ||
if (governor != sourceAddress) { | ||
revert SourceGovernorOnly32(sourceAddress, governor); | ||
} | ||
|
||
// Check the delivery hash uniqueness | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.