diff --git a/audits/README.md b/audits/README.md index 9e68dac..ed2ea9b 100644 --- a/audits/README.md +++ b/audits/README.md @@ -23,6 +23,8 @@ An internal audit with a focus on `Update for Community Multisig (CM)` is locate An internal audit with a focus on `OptimismMesseger and WormholeMessenger` is located in this folder: [internal audit 9](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal9). +An internal audit with a focus on `Guard for Community Multisig (CM) (modular version)` is located in this folder: [internal audit 10](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10). + ### External audit Following the initial contracts [audit report](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/Valory%20Review%20Final.pdf), the recommendations are addressed here: [feedback](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/Addressing%20Initial%20ApeWorX%20Recommentations.pdf). diff --git a/audits/internal10/README.md b/audits/internal10/README.md new file mode 100644 index 0000000..7f44b7b --- /dev/null +++ b/audits/internal10/README.md @@ -0,0 +1,75 @@ +# autonolas-governance-audit +The review has been performed based on the contract code in the following repository:
+`https://github.com/valory-xyz/autonolas-governance`
+commit: `bde297d7dbb601fbe796f56fe03e917d60282cd0` or `tag: v1.1.11-pre-internal-audit`
+ +Update: 06-03-2024
+ +## Objectives +The audit focused on Guard contract for community mutisig (modular version).
+ +### Flatten version +Flatten version of contracts. [contracts](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10/analysis/contracts) + +### Coverage +Hardhat coverage has been performed before the audit and can be found here: +```sh +--------------------------------------|----------|----------|----------|----------|----------------| +File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines | +--------------------------------------|----------|----------|----------|----------|----------------| + contracts/multisigs/ | 98.18 | 96.15 | 100 | 99 | | + GuardCM.sol | 98.11 | 96.05 | 100 | 98.95 | 223 | + VerifyData.sol | 100 | 100 | 100 | 100 | | + contracts/multisigs/bridge_verifier/ | 49.12 | 47.37 | 50 | 49.44 | | + ProcessBridgedDataArbitrum.sol | 0 | 0 | 0 | 0 |... 55,56,60,64 | + ProcessBridgedDataGnosis.sol | 100 | 100 | 100 | 100 | | + ProcessBridgedDataOptimism.sol | 0 | 0 | 0 | 0 |... 75,76,80,83 | + ProcessBridgedDataPolygon.sol | 100 | 100 | 100 | 100 | | + ProcessBridgedDataWormhole.sol | 0 | 0 | 0 | 0 |... 67,72,73,77 | + VerifyBridgedData.sol | 100 | 100 | 100 | 100 | | +--------------------------------------|----------|----------|----------|----------|----------------| +``` +Please, pay attention. More tests are needed and magic offsets (like MIN_ARBITRUM_PAYLOAD_LENGTH) can only be checked during testing +[x] fixed + +### Storage timelock +Using sol2uml tools: https://github.com/naddison36/sol2uml
+```bash +sol2uml storage . -f png -c GuardCM -o . +Generated png file GuardCM.png +``` +Storage: [GuardCM](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10/analysis/GuardCM.png) + +### Security issues +Details in [slither_full](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10/analysis/slither_full.txt)
+All is false positive, discussed https://github.com/pessimistic-io/slitherin/blob/master/docs/arbitrary_call.md + +Minor issue:
+- Cached bytes4(data) +``` +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#25-38): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataArbitrum-flatten.sol#30) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataArbitrum-flatten.sol#36) +``` +[x] fixed + +- Checking for verifierL2s is contract in set function. +``` +function setBridgeMediatorL1BridgeParams( +if (verifierL2s[i].code.length == 0) { + revert AddressEmptyCode(verifierL2s[i]); +} +because if verifierL2s[i] is EOA +bridgeParams.verifierL2.delegatecall - always success, +ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol#L124 +``` +[x] fixed + +- Needing fix revert message +``` +Code correct. Ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol#L146 +revert("Function call reverted"); +replace to error-style message +revert FailedInnerCall(); +``` +[x] fixed diff --git a/audits/internal10/analysis/GuardCM.png b/audits/internal10/analysis/GuardCM.png new file mode 100644 index 0000000..aba7839 Binary files /dev/null and b/audits/internal10/analysis/GuardCM.png differ diff --git a/audits/internal10/analysis/contracts/GuardCM-flatten.sol b/audits/internal10/analysis/contracts/GuardCM-flatten.sol new file mode 100644 index 0000000..6c43646 --- /dev/null +++ b/audits/internal10/analysis/contracts/GuardCM-flatten.sol @@ -0,0 +1,489 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org +// File contracts/multisigs/VerifyData.sol + +// Original license: SPDX_License_Identifier: MIT +pragma solidity ^0.8.23; + +/// @title Enum - Collection of enums +/// @author Richard Meissner - +contract Enum { + enum Operation {Call, DelegateCall} +} + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/GuardCM.sol +interface IGovernor { + function state(uint256 proposalId) external returns (ProposalState); +} + +interface IBridgeVerifier { + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external; +} + +// Governor proposal state +enum ProposalState { + Pending, + Active, + Canceled, + Defeated, + Succeeded, + Queued, + Expired, + Executed +} + +// Struct for bridge parameters +struct BridgeParams { + // Data verifier contract for calls executed on L2 + address verifierL2; + // Bridge mediator (data receiving) contract on L2 + address bridgeMediatorL2; + // Chain Id: this value cannot practically be bigger than `floor(MAX_UINT64 / 2) - 36` as per EIP 2294 + uint64 chainId; +} + +/// @dev Only `owner` has a privilege, but the `sender` was provided. +/// @param sender Sender address. +/// @param owner Required sender address as an owner. +error OwnerOnly(address sender, address owner); + +/// @dev Only `manager` has a privilege, but the `sender` was provided. +/// @param sender Sender address. +/// @param manager Required sender address as an owner. +error ManagerOnly(address sender, address manager); + +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided zero value. +error ZeroValue(); + +/// @dev Wrong length of two arrays. +/// @param numValues1 Number of values in a first array. +/// @param numValues2 Number of of values in a second array. +/// @param numValues3 Number of of values in a third array. +/// @param numValues4 Number of of values in a fourth array. +error WrongArrayLength(uint256 numValues1, uint256 numValues2, uint256 numValues3, uint256 numValues4); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev No delegatecall is allowed. +error NoDelegateCall(); + +/// @dev No self multisig call is allowed. +error NoSelfCall(); + +/// @dev The proposal is not defeated. +/// @param proposalId Proposal Id. +/// @param state Current proposal state. +error NotDefeated(uint256 proposalId, ProposalState state); + +/// @dev Passed L2 chain Id is not supported. +/// @param chainId L2 chain Id. +error L2ChainIdNotSupported(uint256 chainId); + +/// @title GuardCM - Smart contract for Gnosis Safe community multisig (CM) guard +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +contract GuardCM is VerifyData { + event GovernorUpdated(address indexed governor); + event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); + event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed verifierL2s, + address[] indexed bridgeMediatorL2s, uint256[] chainIds); + event GovernorCheckProposalIdChanged(uint256 indexed proposalId); + event GuardPaused(address indexed account); + event GuardUnpaused(); + + // schedule selector + bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); + // scheduleBatch selector + bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); + // requireToPassMessage selector (Gnosis chain) + // Initial check governance proposal Id + // Calculated from the proposalHash function of the GovernorOLAS + uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; + // Minimum data length that is encoded for the schedule function, + // plus at least 4 bytes or 32 bits for the selector from the payload + uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + // Maximum chain Id as per EVM specs + uint256 public constant MAX_CHAIN_ID = type(uint64).max / 2 - 36; + + // Owner address + address public immutable owner; + // Multisig address + address public immutable multisig; + + // Governor address + address public governor; + // Guard pausing possibility + uint8 public paused = 1; + + // Mapping of L1 bridge mediator => (L2 verifier | uint64 supported L2 chain Id | L2 bridge mediator) + mapping(address => BridgeParams) public mapBridgeMediatorL1BridgeParams; + + /// @dev GuardCM constructor. + /// @param _timelock Timelock address. + /// @param _multisig Community multisig address. + /// @param _governor Governor address. + constructor( + address _timelock, + address _multisig, + address _governor + ) { + // Check for zero addresses + if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { + revert ZeroAddress(); + } + owner = _timelock; + multisig = _multisig; + governor = _governor; + } + + /// @dev Changes the governor. + /// @param newGovernor Address of a new governor. + function changeGovernor(address newGovernor) external { + if (msg.sender != owner) { + revert OwnerOnly(msg.sender, owner); + } + + // Check for the zero address + if (newGovernor == address(0)) { + revert ZeroAddress(); + } + + governor = newGovernor; + emit GovernorUpdated(newGovernor); + } + + /// @dev Changes the governor check proposal Id. + /// @param proposalId Governor check proposal Id. + function changeGovernorCheckProposalId(uint256 proposalId) external { + if (msg.sender != owner) { + revert OwnerOnly(msg.sender, owner); + } + + // Check for the zero value + if (proposalId == 0) { + revert ZeroValue(); + } + + governorCheckProposalId = proposalId; + emit GovernorCheckProposalIdChanged(proposalId); + } + + /// @dev Verifies authorized target and selector in the schedule or scheduleBatch function call. + /// @param data Data in bytes. + /// @param selector Schedule function selector. + function _verifySchedule(bytes memory data, bytes4 selector) internal { + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Prepare the decoding data sets + address[] memory targets; + bytes[] memory callDatas; + if (selector == SCHEDULE) { + targets = new address[](1); + callDatas = new bytes[](1); + // Decode the data in the schedule function + (targets[0], , callDatas[0], , , ) = + abi.decode(payload, (address, uint256, bytes, bytes32, bytes32, uint256)); + } else { + // Decode the data in the scheduleBatch function + (targets, , callDatas, , , ) = + abi.decode(payload, (address[], uint256[], bytes[], bytes32, bytes32, uint256)); + } + + // Traverse all the schedule targets and selectors extracted from calldatas + for (uint i = 0; i < targets.length; ++i) { + // Get the verifierL2 and L2 chain Id, if any + BridgeParams memory bridgeParams = mapBridgeMediatorL1BridgeParams[targets[i]]; + + // Check if the data goes across the bridge + if (bridgeParams.verifierL2 != address(0)) { + // Process the bridge logic + (bool success, bytes memory returndata) = bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector( + IBridgeVerifier.processBridgeData.selector, callDatas[i], bridgeParams.bridgeMediatorL2, bridgeParams.chainId)); + // Process unsuccessful delegatecall + if (!success) { + // Get the revert message bytes + if (returndata.length > 0) { + assembly { + let returndata_size := mload(returndata) + revert(add(32, returndata), returndata_size) + } + } else { + revert("Function call reverted"); + } + } + } else { + // Verify the data right away as it is not the bridged one + _verifyData(targets[i], callDatas[i], block.chainid); + } + } + } + + /// @dev Checks the transaction for authorized arguments. + /// @notice Scheduling in timelock is checked against authorized targets and signatures. + /// @notice No self-multisig function calls are allowed. + /// @param to Destination address of Safe transaction. + /// @param data Data payload of Safe transaction. + /// @param operation Operation type of Safe transaction. + function checkTransaction( + address to, + uint256, + bytes memory data, + Enum.Operation operation, + uint256, + uint256, + uint256, + address, + address payable, + bytes memory, + address + ) external { + // Just return if paused + if (paused == 1) { + // No delegatecall is allowed + if (operation == Enum.Operation.DelegateCall) { + revert NoDelegateCall(); + } + + // Call to the timelock + if (to == owner) { + // Data needs to have enough bytes at least to fit the selector + if (data.length < SELECTOR_DATA_LENGTH) { + revert IncorrectDataLength(data.length, SELECTOR_DATA_LENGTH); + } + + // Get the function signature + bytes4 functionSig = bytes4(data); + // Check the schedule or scheduleBatch function authorized parameters + // All other functions are not checked for + if (functionSig == SCHEDULE || functionSig == SCHEDULE_BATCH) { + // Data length is too short: need to have enough bytes for the schedule() function + // with one selector extracted from the payload + if (data.length < MIN_SCHEDULE_DATA_LENGTH) { + revert IncorrectDataLength(data.length, MIN_SCHEDULE_DATA_LENGTH); + } + + _verifySchedule(data, functionSig); + } + } else if (to == multisig) { + // No self multisig call is allowed + revert NoSelfCall(); + } + } + } + + /// @dev Authorizes combinations of targets, selectors and chain Ids. + /// @notice It is the contract owner responsibility to set correct L1 chain Ids where the contract is deployed + /// and corresponding supported L2-s, if the contract interacts with them. + /// @param targets Array of target addresses. + /// @param selectors Array of selectors for targets. + /// @param chainIds Chain Ids for authorized functions. + /// @param statuses Authorize if true, and restrict otherwise. + function setTargetSelectorChainIds( + address[] memory targets, + bytes4[] memory selectors, + uint256[] memory chainIds, + bool[] memory statuses + ) external { + // Check for the ownership + if (msg.sender != owner) { + revert OwnerOnly(msg.sender, owner); + } + + // Check array length + if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { + revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); + } + + // Traverse all the targets and selectors to build their paired values + for (uint256 i = 0; i < targets.length; ++i) { + // Check for zero address targets + if (targets[i] == address(0)) { + revert ZeroAddress(); + } + + // Check selector for zero selector value + if (selectors[i] == bytes4(0)) { + revert ZeroValue(); + } + + // Check chain Ids to be greater than zero + if (chainIds[i] == 0) { + revert ZeroValue(); + } + + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(targets[i])); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainIds[i] << 192; + + // Set the status of the target and selector combination + mapAllowedTargetSelectorChainIds[targetSelectorChainId] = statuses[i]; + } + + emit SetTargetSelectors(targets, selectors, chainIds, statuses); + } + + /// @dev Sets bridge mediator and L2 verifier contracts addresses on L1 and L2 chain Ids. + /// @notice It is the contract owner responsibility to set correct L1 bridge mediator contracts, + /// corresponding L2 verifier contracts, and supported chain Ids. + /// @param bridgeMediatorL1s Bridge mediator contract addresses on L1. + /// @param verifierL2s Corresponding L2 verifier contract addresses on L1. + /// @param chainIds Corresponding L2 chain Ids. + /// @param bridgeMediatorL2s Corresponding L2 bridge mediators. + function setBridgeMediatorL1BridgeParams( + address[] memory bridgeMediatorL1s, + address[] memory verifierL2s, + uint256[] memory chainIds, + address[] memory bridgeMediatorL2s + ) external { + // Check for the ownership + if (msg.sender != owner) { + revert OwnerOnly(msg.sender, owner); + } + + // Check for array correctness + if (bridgeMediatorL1s.length != verifierL2s.length || bridgeMediatorL1s.length != chainIds.length || + bridgeMediatorL1s.length != bridgeMediatorL2s.length) { + revert WrongArrayLength(bridgeMediatorL1s.length, verifierL2s.length, chainIds.length, bridgeMediatorL2s.length); + } + + // Link L1 and L2 bridge mediators, set L2 chain Ids and L2 verifiers + for (uint256 i = 0; i < chainIds.length; ++i) { + // Check for zero addresses + // Note that bridgeMediatorL2-s can be zero addresses, for example, for Arbitrum case + if (bridgeMediatorL1s[i] == address(0) || verifierL2s[i] == address(0)) { + revert ZeroAddress(); + } + + // Check chain Id + uint256 chainId = chainIds[i]; + if (chainId == 0 || chainId > MAX_CHAIN_ID) { + revert L2ChainIdNotSupported(chainId); + } + + // Set bridge params + BridgeParams storage bridgeParams = mapBridgeMediatorL1BridgeParams[bridgeMediatorL1s[i]]; + bridgeParams.verifierL2 = verifierL2s[i]; + bridgeParams.bridgeMediatorL2 = bridgeMediatorL2s[i]; + bridgeParams.chainId = uint64(chainIds[i]); + } + emit SetBridgeMediators(bridgeMediatorL1s, verifierL2s, bridgeMediatorL2s, chainIds); + } + + /// @dev Pauses the guard restoring a full CM functionality. + /// @notice The timeline is able to pause the guard via the voting. + /// @notice The CM can request pausing the guard is there was a proposal to check if the governance is alive. + /// If the proposal is defeated (not enough votes or never voted on), + /// the governance is considered inactive for about a week. + function pause() external { + if (msg.sender == owner) { + // Timelock can release the community multisig right away + paused = 2; + } else if (msg.sender == multisig) { + // Multisig needs to check if the governor check proposal Id state is defeated + ProposalState state = IGovernor(governor).state(governorCheckProposalId); + if (state == ProposalState.Defeated) { + paused = 2; + } else { + revert NotDefeated(governorCheckProposalId, state); + } + } else { + // msg.sender is not a timelock, nor a multisig + revert ManagerOnly(msg.sender, multisig); + } + + emit GuardPaused(msg.sender); + } + + /// @dev Unpauses the guard restricting the CM functionality back. + function unpause() external { + // Check for the ownership + if (msg.sender != owner) { + revert OwnerOnly(msg.sender, owner); + } + + paused = 1; + + emit GuardUnpaused(); + } + + /// @dev Guards the multisig call after its execution. + function checkAfterExecution(bytes32, bool) external {} + + /// @dev Gets the status of a target-selector-chainId combination. + /// @param target Target address. + /// @param selector Selector for a target. + /// @param chainId Corresponding chain Id. + /// @return status True, if the target-selector-chainId combination is authorized. + function getTargetSelectorChainId(address target, bytes4 selector, uint256 chainId) external view + returns (bool status) + { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(selector)) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + status = mapAllowedTargetSelectorChainIds[targetSelectorChainId]; + } +} diff --git a/audits/internal10/analysis/contracts/ProcessBridgedDataArbitrum-flatten.sol b/audits/internal10/analysis/contracts/ProcessBridgedDataArbitrum-flatten.sol new file mode 100644 index 0000000..bd49c49 --- /dev/null +++ b/audits/internal10/analysis/contracts/ProcessBridgedDataArbitrum-flatten.sol @@ -0,0 +1,174 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/VerifyBridgedData.sol +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataArbitrum - Smart contract for verifying the Guard CM bridged data on Arbitrum +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataArbitrum is VerifyBridgedData { + // unsafeCreateRetryableTicket selector in bridge mediator L1 + bytes4 public constant CREATE_TICKET_UNSAFE = bytes4(keccak256(bytes("unsafeCreateRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,uint256,bytes)"))); + // createRetryableTicket selector in bridge mediator L1 + bytes4 public constant CREATE_TICKET = bytes4(keccak256(bytes("createRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,uint256,bytes)"))); + // Minimum payload length for message on Arbitrum accounting for all required encoding and at least one selector + uint256 public constant MIN_ARBITRUM_PAYLOAD_LENGTH = 584; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != CREATE_TICKET_UNSAFE && functionSig != CREATE_TICKET) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_ARBITRUM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_ARBITRUM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the payload depending on the selector + (address targetAddress, , , , , , , , bytes memory targetPayload) = + abi.decode(payload, (address, uint256, uint256, address, address, uint256, uint256, uint256, bytes)); + + // Verify the scope of the data + _verifyData(targetAddress, targetPayload, chainId); + } +} diff --git a/audits/internal10/analysis/contracts/ProcessBridgedDataGnosis-flatten.sol b/audits/internal10/analysis/contracts/ProcessBridgedDataGnosis-flatten.sol new file mode 100644 index 0000000..45ea7a7 --- /dev/null +++ b/audits/internal10/analysis/contracts/ProcessBridgedDataGnosis-flatten.sol @@ -0,0 +1,195 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/VerifyBridgedData.sol +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/ProcessBridgedDataGnosis.sol +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataGnosis - Smart contract for verifying the Guard CM bridged data on Gnosis +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataGnosis is VerifyBridgedData { + // requireToPassMessage selector in bridge mediator L1 + bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); + // processMessageFromForeign selector (Gnosis chain) + bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); + // Minimum payload length for message on Gnosis accounting for all required encoding and at least one selector + uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != REQUIRE_TO_PASS_MESSAGE) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_GNOSIS_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (needs decoding), requestGasLimit + (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); + // Check that the home mediator matches the L2 bridge mediator address + if (homeMediator != bridgeMediatorL2) { + revert WrongL2BridgeMediator(homeMediator, bridgeMediatorL2); + } + + // Check the L2 initial selector + functionSig = bytes4(mediatorPayload); + if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { + revert WrongSelector(functionSig, chainId); + } + + // Copy the data without a selector + bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < bridgePayload.length; ++i) { + bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; + } + + // Decode the processMessageFromForeign payload: l2Message (executed on L2) + (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); + + // Verify processMessageFromForeign payload + _verifyBridgedData(l2Message, chainId); + } +} diff --git a/audits/internal10/analysis/contracts/ProcessBridgedDataOptimism-flatten.sol b/audits/internal10/analysis/contracts/ProcessBridgedDataOptimism-flatten.sol new file mode 100644 index 0000000..8a03965 --- /dev/null +++ b/audits/internal10/analysis/contracts/ProcessBridgedDataOptimism-flatten.sol @@ -0,0 +1,195 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/VerifyBridgedData.sol +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/ProcessBridgedDataOptimism.sol +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataOptimism - Smart contract for verifying the Guard CM bridged data on Optimism and Base +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataOptimism is VerifyBridgedData { + // sendMessage selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE = bytes4(keccak256(bytes("sendMessage(address,bytes,uint32)"))); + // processMessageFromSource selector (Optimism and Base chains) + bytes4 public constant PROCESS_MESSAGE_FROM_SOURCE = bytes4(keccak256(bytes("processMessageFromSource(bytes)"))); + // Minimum payload length for message on Optimism accounting for all required encoding and at least one selector + uint256 public constant MIN_OPTIMISM_PAYLOAD_LENGTH = 264; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_OPTIMISM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_OPTIMISM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the sendMessage payload: optimismMessenger (L2), mediatorPayload (needs decoding), minGasLimit + (address optimismMessenger, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint32)); + // Check that the optimism messenger matches the L2 bridge mediator address + if (optimismMessenger != bridgeMediatorL2) { + revert WrongL2BridgeMediator(optimismMessenger, bridgeMediatorL2); + } + + // Check the L2 initial selector + functionSig = bytes4(mediatorPayload); + if (functionSig != PROCESS_MESSAGE_FROM_SOURCE) { + revert WrongSelector(functionSig, chainId); + } + + // Copy the data without a selector + bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < bridgePayload.length; ++i) { + bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; + } + + // Decode the processMessageFromSource payload: l2Message (executed on L2) + (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); + + // Verify processMessageFromSource payload + _verifyBridgedData(l2Message, chainId); + } +} diff --git a/audits/internal10/analysis/contracts/ProcessBridgedDataPolygon-flatten.sol b/audits/internal10/analysis/contracts/ProcessBridgedDataPolygon-flatten.sol new file mode 100644 index 0000000..f42882a --- /dev/null +++ b/audits/internal10/analysis/contracts/ProcessBridgedDataPolygon-flatten.sol @@ -0,0 +1,180 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org + +// SPDX-License-Identifier: MIT + +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/VerifyBridgedData.sol +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/ProcessBridgedDataPolygon.sol + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataPolygon - Smart contract for verifying the Guard CM bridged data on Polygon +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataPolygon is VerifyBridgedData { + // sendMessageToChild selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); + // Minimum payload length for message on Polygon accounting for all required encoding and at least one selector + uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE_TO_CHILD) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_POLYGON_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + SELECTOR_DATA_LENGTH]; + } + + // Decode sendMessageToChild payload: fxGovernorTunnel (L2), l2Message (executed on L2) + (address fxGovernorTunnel, bytes memory l2Message) = abi.decode(payload, (address, bytes)); + // Check that the fxGovernorTunnel matches the L2 bridge mediator address + if (fxGovernorTunnel != bridgeMediatorL2) { + revert WrongL2BridgeMediator(fxGovernorTunnel, bridgeMediatorL2); + } + + // Verify sendMessageToChild payload + _verifyBridgedData(l2Message, chainId); + } +} diff --git a/audits/internal10/analysis/contracts/ProcessBridgedDataWormhole-flatten.sol b/audits/internal10/analysis/contracts/ProcessBridgedDataWormhole-flatten.sol new file mode 100644 index 0000000..1e6090d --- /dev/null +++ b/audits/internal10/analysis/contracts/ProcessBridgedDataWormhole-flatten.sol @@ -0,0 +1,190 @@ +// Sources flattened with hardhat v2.20.1 https://hardhat.org + +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, bytes4(data), chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/VerifyBridgedData.sol +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} + + +// File contracts/multisigs/bridge_verifier/ProcessBridgedDataWormhole.sol + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataWormhole - Smart contract for verifying the Guard CM bridged data on L2 via Wormhole standard +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataWormhole is VerifyBridgedData { + // sendPayloadToEvm selector in bridge mediator L1 with the possibility of refund for reverted calls + bytes4 public constant SEND_MESSAGE_REFUND = bytes4(keccak256(bytes("sendPayloadToEvm(uint16,address,bytes,uint256,uint256,uint16,address)"))); + // sendPayloadToEvm selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE = bytes4(keccak256(bytes("sendPayloadToEvm(uint16,address,bytes,uint256,uint256)"))); + // Minimum payload length for message sent via Wormhole accounting for all required encoding and at least one selector + uint256 public constant MIN_OPTIMISM_PAYLOAD_LENGTH = 520; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE && functionSig != SEND_MESSAGE_REFUND) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_OPTIMISM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_OPTIMISM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the payload depending on the selector + address wormholeMessenger; + bytes memory l2Message; + if (functionSig == SEND_MESSAGE) { + (, wormholeMessenger, l2Message, , ) = + abi.decode(payload, (uint16, address, bytes, uint256, uint256)); + } else { + (, wormholeMessenger, l2Message, , , , ) = + abi.decode(payload, (uint16, address, bytes, uint256, uint256, uint16, address)); + } + + // Check that the wormhole messenger matches the L2 bridge mediator address + if (wormholeMessenger != bridgeMediatorL2) { + revert WrongL2BridgeMediator(wormholeMessenger, bridgeMediatorL2); + } + + // Verify processMessageFromSource payload + _verifyBridgedData(l2Message, chainId); + } +} diff --git a/audits/internal10/analysis/contracts/script.sh b/audits/internal10/analysis/contracts/script.sh new file mode 100755 index 0000000..286784b --- /dev/null +++ b/audits/internal10/analysis/contracts/script.sh @@ -0,0 +1,20 @@ +#!/bin/bash + + slither_options=("call-graph" "constructor-calls" "contract-summary" "data-dependency" "function-summary" + "human-summary" "inheritance" "inheritance-graph" "modifiers" "require" "variable-order" "vars-and-auth") + echo -e "\nRunning slither routines ..." + for so in "${slither_options[@]}"; do + echo -e "\t$so" + slither . --print ${so} &> "slither_$so.txt" + done + echo -e "\tfull report" + slither . &> "slither_full.txt" + + # moving generated .dot files to the audit folder + count=`ls -1 *.dot 2>/dev/null | wc -l` + echo -e "\tgenerated $count .dot files" + for _filename in *.dot; do + filename="${_filename%.*}" + cat $_filename | dot -Tpng > slither_$filename.png + done + rm *.dot diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.Enum.call-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.Enum.call-graph.png new file mode 100644 index 0000000..bcaf83a Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.Enum.call-graph.png differ diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.GuardCM.call-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.GuardCM.call-graph.png new file mode 100644 index 0000000..6ac0e9e Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.GuardCM.call-graph.png differ diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.IBridgeVerifier.call-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.IBridgeVerifier.call-graph.png new file mode 100644 index 0000000..c8248a2 Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.IBridgeVerifier.call-graph.png differ diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.IGovernor.call-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.IGovernor.call-graph.png new file mode 100644 index 0000000..88705cc Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.IGovernor.call-graph.png differ diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..113aa5e Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_GuardCM-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_GuardCM-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..905d35e Binary files /dev/null and b/audits/internal10/analysis/slither_GuardCM-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.ProcessBridgedDataArbitrum.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.ProcessBridgedDataArbitrum.call-graph.png new file mode 100644 index 0000000..5bd50b9 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.ProcessBridgedDataArbitrum.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..43807c9 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..467c945 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataArbitrum-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.ProcessBridgedDataGnosis.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.ProcessBridgedDataGnosis.call-graph.png new file mode 100644 index 0000000..a941233 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.ProcessBridgedDataGnosis.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..30972cc Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..fa9612b Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataGnosis-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.ProcessBridgedDataOptimism.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.ProcessBridgedDataOptimism.call-graph.png new file mode 100644 index 0000000..f0c0e69 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.ProcessBridgedDataOptimism.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..fb09dd2 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..8eee122 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataOptimism-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.ProcessBridgedDataPolygon.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.ProcessBridgedDataPolygon.call-graph.png new file mode 100644 index 0000000..727b54b Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.ProcessBridgedDataPolygon.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..ee93180 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..dff3bc2 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataPolygon-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.ProcessBridgedDataWormhole.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.ProcessBridgedDataWormhole.call-graph.png new file mode 100644 index 0000000..1429139 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.ProcessBridgedDataWormhole.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.all_contracts.call-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.all_contracts.call-graph.png new file mode 100644 index 0000000..3fcaf49 Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.all_contracts.call-graph.png differ diff --git a/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.inheritance-graph.png b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.inheritance-graph.png new file mode 100644 index 0000000..5b7139e Binary files /dev/null and b/audits/internal10/analysis/slither_ProcessBridgedDataWormhole-flatten.sol.inheritance-graph.png differ diff --git a/audits/internal10/analysis/slither_call-graph.txt b/audits/internal10/analysis/slither_call-graph.txt new file mode 100644 index 0000000..426267e --- /dev/null +++ b/audits/internal10/analysis/slither_call-graph.txt @@ -0,0 +1,85 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers:Call Graph: ./ProcessBridgedDataArbitrum-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./ProcessBridgedDataArbitrum-flatten.sol.ProcessBridgedDataArbitrum.call-graph.dot + +INFO:Printers:Call Graph: ./ProcessBridgedDataWormhole-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./ProcessBridgedDataWormhole-flatten.sol.ProcessBridgedDataWormhole.call-graph.dot + +INFO:Printers:Call Graph: ./GuardCM-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./GuardCM-flatten.sol.Enum.call-graph.dot +Call Graph: ./GuardCM-flatten.sol.IGovernor.call-graph.dot +Call Graph: ./GuardCM-flatten.sol.IBridgeVerifier.call-graph.dot +Call Graph: ./GuardCM-flatten.sol.GuardCM.call-graph.dot + +INFO:Printers:Call Graph: ./ProcessBridgedDataGnosis-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./ProcessBridgedDataGnosis-flatten.sol.ProcessBridgedDataGnosis.call-graph.dot + +INFO:Printers:Call Graph: ./ProcessBridgedDataPolygon-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./ProcessBridgedDataPolygon-flatten.sol.ProcessBridgedDataPolygon.call-graph.dot + +INFO:Printers:Call Graph: ./ProcessBridgedDataOptimism-flatten.sol.all_contracts.call-graph.dot +Call Graph: ./ProcessBridgedDataOptimism-flatten.sol.ProcessBridgedDataOptimism.call-graph.dot + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_constructor-calls.txt b/audits/internal10/analysis/slither_constructor-calls.txt new file mode 100644 index 0000000..04edf6f --- /dev/null +++ b/audits/internal10/analysis/slither_constructor-calls.txt @@ -0,0 +1,95 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +INFO:Printers: +INFO:Printers: +####################### +####### GuardCM ####### +####################### + +## Constructor Call Sequence + - GuardCM + +## Constructor Definitions + +### GuardCM + + constructor( + address _timelock, + address _multisig, + address _governor + ) { + // Check for zero addresses + if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { + revert ZeroAddress(); + } + owner = _timelock; + multisig = _multisig; + governor = _governor; + } + +INFO:Printers: +INFO:Printers: +INFO:Printers: +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_contract-summary.txt b/audits/internal10/analysis/slither_contract-summary.txt new file mode 100644 index 0000000..a065fd5 --- /dev/null +++ b/audits/internal10/analysis/slither_contract-summary.txt @@ -0,0 +1,195 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract VerifyBridgedData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - processBridgeData(bytes,address,uint256) (external) + ++ Contract ProcessBridgedDataArbitrum (Most derived contract) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From ProcessBridgedDataArbitrum + - processBridgeData(bytes,address,uint256) (external) + +INFO:Printers: ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract VerifyBridgedData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - processBridgeData(bytes,address,uint256) (external) + ++ Contract ProcessBridgedDataWormhole (Most derived contract) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From ProcessBridgedDataWormhole + - processBridgeData(bytes,address,uint256) (external) + +INFO:Printers: ++ Contract Enum (Most derived contract) + ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract IGovernor (Most derived contract) + - From IGovernor + - state(uint256) (external) + ++ Contract IBridgeVerifier (Most derived contract) + - From IBridgeVerifier + - processBridgeData(bytes,address,uint256) (external) + ++ Contract GuardCM (Most derived contract) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From GuardCM + - _verifySchedule(bytes,bytes4) (internal) + - changeGovernor(address) (external) + - changeGovernorCheckProposalId(uint256) (external) + - checkAfterExecution(bytes32,bool) (external) + - checkTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes,address) (external) + - constructor(address,address,address) (public) + - getTargetSelectorChainId(address,bytes4,uint256) (external) + - pause() (external) + - setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]) (external) + - setTargetSelectorChainIds(address[],bytes4[],uint256[],bool[]) (external) + - unpause() (external) + +INFO:Printers: ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract VerifyBridgedData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - processBridgeData(bytes,address,uint256) (external) + ++ Contract ProcessBridgedDataGnosis (Most derived contract) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From ProcessBridgedDataGnosis + - processBridgeData(bytes,address,uint256) (external) + +INFO:Printers: ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract VerifyBridgedData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - processBridgeData(bytes,address,uint256) (external) + ++ Contract ProcessBridgedDataPolygon (Most derived contract) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From ProcessBridgedDataPolygon + - processBridgeData(bytes,address,uint256) (external) + +INFO:Printers: ++ Contract VerifyData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + ++ Contract VerifyBridgedData + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - processBridgeData(bytes,address,uint256) (external) + ++ Contract ProcessBridgedDataOptimism (Most derived contract) + - From VerifyBridgedData + - _verifyBridgedData(bytes,uint256) (internal) + - From VerifyData + - _verifyData(address,bytes,uint256) (internal) + - From ProcessBridgedDataOptimism + - processBridgeData(bytes,address,uint256) (external) + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_data-dependency.txt b/audits/internal10/analysis/slither_data-dependency.txt new file mode 100644 index 0000000..6a4999b --- /dev/null +++ b/audits/internal10/analysis/slither_data-dependency.txt @@ -0,0 +1,566 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract VerifyBridgedData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| data | [] | +| bridgeMediatorL2 | [] | +| chainId | [] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Function _verifyBridgedData(bytes,uint256) ++---------------------------------------------+-------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+-------------------------------------------+ +| data | ['data'] | +| chainId | [] | +| i | ['data', 'i', 'payloadLength'] | +| target | ['data', 'i', 'payloadLength'] | +| payloadLength | ['data', 'i'] | +| payload | ['data', 'i', 'payload', 'payloadLength'] | +| j | ['j'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++---------------------------------------------+-------------------------------------------+ +Function slitherConstructorConstantVariables() ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract VerifyBridgedData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| data | [] | +| bridgeMediatorL2 | [] | +| chainId | [] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Function _verifyBridgedData(bytes,uint256) ++---------------------------------------------+-------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+-------------------------------------------+ +| data | ['data'] | +| chainId | [] | +| i | ['data', 'i', 'payloadLength'] | +| target | ['data', 'i', 'payloadLength'] | +| payloadLength | ['data', 'i'] | +| payload | ['data', 'i', 'payload', 'payloadLength'] | +| j | ['j'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++---------------------------------------------+-------------------------------------------+ +Function slitherConstructorConstantVariables() ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Contract ProcessBridgedDataArbitrum ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | +| CREATE_TICKET_UNSAFE | ['CREATE_TICKET_UNSAFE'] | +| CREATE_TICKET | ['CREATE_TICKET'] | +| MIN_ARBITRUM_PAYLOAD_LENGTH | ['MIN_ARBITRUM_PAYLOAD_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++--------------------------------------------------------+---------------------------------------------------------------------------------------+ +| Variable | Dependencies | ++--------------------------------------------------------+---------------------------------------------------------------------------------------+ +| data | ['data'] | +| | [] | +| chainId | [] | +| functionSig | ['data'] | +| payload | ['SELECTOR_DATA_LENGTH', 'data', 'payload'] | +| i | ['i'] | +| targetAddress | ['SELECTOR_DATA_LENGTH', 'TUPLE_0', 'address', 'bytes', 'data', 'payload', 'uint256'] | +| targetPayload | ['SELECTOR_DATA_LENGTH', 'TUPLE_0', 'address', 'bytes', 'data', 'payload', 'uint256'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | +| ProcessBridgedDataArbitrum.CREATE_TICKET_UNSAFE | ['CREATE_TICKET_UNSAFE'] | +| ProcessBridgedDataArbitrum.CREATE_TICKET | ['CREATE_TICKET'] | +| ProcessBridgedDataArbitrum.MIN_ARBITRUM_PAYLOAD_LENGTH | ['MIN_ARBITRUM_PAYLOAD_LENGTH'] | ++--------------------------------------------------------+---------------------------------------------------------------------------------------+ +Function slitherConstructorConstantVariables() ++--------------------------------------------------------+--------------+ +| Variable | Dependencies | ++--------------------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | +| ProcessBridgedDataArbitrum.CREATE_TICKET_UNSAFE | [] | +| ProcessBridgedDataArbitrum.CREATE_TICKET | [] | +| ProcessBridgedDataArbitrum.MIN_ARBITRUM_PAYLOAD_LENGTH | [] | ++--------------------------------------------------------+--------------+ +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract VerifyBridgedData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| data | [] | +| bridgeMediatorL2 | [] | +| chainId | [] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Function _verifyBridgedData(bytes,uint256) ++---------------------------------------------+-------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+-------------------------------------------+ +| data | ['data'] | +| chainId | [] | +| i | ['data', 'i', 'payloadLength'] | +| target | ['data', 'i', 'payloadLength'] | +| payloadLength | ['data', 'i'] | +| payload | ['data', 'i', 'payload', 'payloadLength'] | +| j | ['j'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++---------------------------------------------+-------------------------------------------+ +Function slitherConstructorConstantVariables() ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +INFO:Printers: +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract VerifyBridgedData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| data | [] | +| bridgeMediatorL2 | [] | +| chainId | [] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Function _verifyBridgedData(bytes,uint256) ++---------------------------------------------+-------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+-------------------------------------------+ +| data | ['data'] | +| chainId | [] | +| i | ['data', 'i', 'payloadLength'] | +| target | ['data', 'i', 'payloadLength'] | +| payloadLength | ['data', 'i'] | +| payload | ['data', 'i', 'payload', 'payloadLength'] | +| j | ['j'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | ++---------------------------------------------+-------------------------------------------+ +Function slitherConstructorConstantVariables() ++---------------------------------------------+--------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | ++---------------------------------------------+--------------+ +Contract ProcessBridgedDataWormhole ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | +| SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | +| SEND_MESSAGE_REFUND | ['SEND_MESSAGE_REFUND'] | +| SEND_MESSAGE | ['SEND_MESSAGE'] | +| MIN_OPTIMISM_PAYLOAD_LENGTH | ['MIN_OPTIMISM_PAYLOAD_LENGTH'] | ++----------------------------------+--------------------------------------+ + +Function processBridgeData(bytes,address,uint256) ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| Variable | Dependencies | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------+ +| data | ['data'] | +| bridgeMediatorL2 | [] | +| chainId | [] | +| functionSig | ['data'] | +| payload | ['SELECTOR_DATA_LENGTH', 'data', 'payload'] | +| i | ['i'] | +| wormholeMessenger | ['SELECTOR_DATA_LENGTH', 'TUPLE_0', 'TUPLE_1', 'address', 'bytes', 'data', 'payload', 'uint16', 'uint256', 'wormholeMessenger'] | +| l2Message | ['SELECTOR_DATA_LENGTH', 'TUPLE_0', 'TUPLE_1', 'address', 'bytes', 'data', 'l2Message', 'payload', 'uint16', 'uint256'] | +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | ['SELECTOR_DATA_LENGTH'] | +| ProcessBridgedDataWormhole.SEND_MESSAGE_REFUND | ['SEND_MESSAGE_REFUND'] | +| ProcessBridgedDataWormhole.SEND_MESSAGE | ['SEND_MESSAGE'] | +| ProcessBridgedDataWormhole.MIN_OPTIMISM_PAYLOAD_LENGTH | ['MIN_OPTIMISM_PAYLOAD_LENGTH'] | ++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------+ +Function slitherConstructorConstantVariables() ++--------------------------------------------------------+--------------+ +| Variable | Dependencies | ++--------------------------------------------------------+--------------+ +| VerifyData.mapAllowedTargetSelectorChainIds | [] | +| VerifyBridgedData.SELECTOR_DATA_LENGTH | [] | +| ProcessBridgedDataWormhole.SEND_MESSAGE_REFUND | [] | +| ProcessBridgedDataWormhole.SEND_MESSAGE | [] | +| ProcessBridgedDataWormhole.MIN_OPTIMISM_PAYLOAD_LENGTH | [] | ++--------------------------------------------------------+--------------+ +INFO:Printers: +Contract Enum ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +INFO:Printers: +Contract Enum ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +INFO:Printers: +Contract Enum ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract IGovernor ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Function state(uint256) ++------------+--------------+ +| Variable | Dependencies | ++------------+--------------+ +| proposalId | [] | +| | [] | ++------------+--------------+ +INFO:Printers: +Contract Enum ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Contract VerifyData ++----------------------------------+--------------------------------------+ +| Variable | Dependencies | ++----------------------------------+--------------------------------------+ +| mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++----------------------------------+--------------------------------------+ + +Function _verifyData(address,bytes,uint256) ++---------------------------------------------+--------------------------------------------------------+ +| Variable | Dependencies | ++---------------------------------------------+--------------------------------------------------------+ +| target | [] | +| data | [] | +| chainId | [] | +| targetSelectorChainId | ['chainId', 'data', 'target', 'targetSelectorChainId'] | +| VerifyData.mapAllowedTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ++---------------------------------------------+--------------------------------------------------------+ +Contract IGovernor ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Function state(uint256) ++------------+--------------+ +| Variable | Dependencies | ++------------+--------------+ +| proposalId | [] | +| | [] | ++------------+--------------+ +Contract IBridgeVerifier ++----------+--------------+ +| Variable | Dependencies | ++----------+--------------+ ++----------+--------------+ + +Function processBridgeData(bytes,address,uint256) ++------------------+--------------+ +| Variable | Dependencies | ++------------------+--------------+ +| data | [] | +| bridgeMediatorL2 | [] | +| chainId | [] | ++------------------+--------------+ +Traceback (most recent call last): + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 814, in main_impl + ) = process_all(filename, args, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 102, in process_all + ) = process_single(compilation, args, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 82, in process_single + return _process(slither, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 138, in _process + printer_results = slither.run_printers() + File "/home/andrey/.local/lib/python3.10/site-packages/slither/slither.py", line 236, in run_printers + return [p.output(self._crytic_compile.target).data for p in self._printers] + File "/home/andrey/.local/lib/python3.10/site-packages/slither/slither.py", line 236, in + return [p.output(self._crytic_compile.target).data for p in self._printers] + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 56, in output + table.add_row([v.name, sorted(_get(v, f))]) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 16, in _get + { + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 19, in + if not isinstance(d, (TemporaryVariable, ReferenceVariable)) and d.name +AttributeError: 'ArrayType' object has no attribute 'name' +ERROR:root:Error in . +ERROR:root:Traceback (most recent call last): + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 814, in main_impl + ) = process_all(filename, args, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 102, in process_all + ) = process_single(compilation, args, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 82, in process_single + return _process(slither, detector_classes, printer_classes) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/__main__.py", line 138, in _process + printer_results = slither.run_printers() + File "/home/andrey/.local/lib/python3.10/site-packages/slither/slither.py", line 236, in run_printers + return [p.output(self._crytic_compile.target).data for p in self._printers] + File "/home/andrey/.local/lib/python3.10/site-packages/slither/slither.py", line 236, in + return [p.output(self._crytic_compile.target).data for p in self._printers] + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 56, in output + table.add_row([v.name, sorted(_get(v, f))]) + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 16, in _get + { + File "/home/andrey/.local/lib/python3.10/site-packages/slither/printers/summary/data_depenency.py", line 19, in + if not isinstance(d, (TemporaryVariable, ReferenceVariable)) and d.name +AttributeError: 'ArrayType' object has no attribute 'name' + diff --git a/audits/internal10/analysis/slither_full.txt b/audits/internal10/analysis/slither_full.txt new file mode 100644 index 0000000..d24d86e --- /dev/null +++ b/audits/internal10/analysis/slither_full.txt @@ -0,0 +1,257 @@ + +False positive. Ref: /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled +Warning: Function state mutability can be restricted to view + + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +False positive. +INFO:Detectors: +VerifyData.mapAllowedTargetSelectorChainIds (ProcessBridgedDataArbitrum-flatten.sol#18) is never initialized. It is used in: + - VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#25-38) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables + +Not issue, but good point for optimizing. +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#25-38): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataArbitrum-flatten.sol#30) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataArbitrum-flatten.sol#36) + +False positive. +Dubious typecast in ProcessBridgedDataArbitrum.processBridgeData(bytes,address,uint256) (ProcessBridgedDataArbitrum-flatten.sol#144-173): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (ProcessBridgedDataArbitrum-flatten.sol#151) +Dubious typecast in ProcessBridgedDataArbitrum.slitherConstructorConstantVariables() (ProcessBridgedDataArbitrum-flatten.sol#133-174): + bytes32 => bytes4 casting occurs in CREATE_TICKET_UNSAFE = bytes4(keccak256(bytes)(bytes(unsafeCreateRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,uint256,bytes)))) (ProcessBridgedDataArbitrum-flatten.sol#135) + bytes32 => bytes4 casting occurs in CREATE_TICKET = bytes4(keccak256(bytes)(bytes(createRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,uint256,bytes)))) (ProcessBridgedDataArbitrum-flatten.sol#137) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + +Not issue. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#74-111) uses assembly + - INLINE ASM (ProcessBridgedDataArbitrum-flatten.sol#81-88) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage + +False positive. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#74-111) is never used and should be removed +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code + +Not issue. +INFO:Detectors: +Function VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#74-111) contains magic numbers: 20, 16 +Function VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataArbitrum-flatten.sol#25-38) contains magic numbers: 160, 192 +Function ProcessBridgedDataArbitrum.processBridgeData(bytes,address,uint256) (ProcessBridgedDataArbitrum-flatten.sol#144-173) contains magic number: 4 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. +INFO:Detectors: +VerifyData.mapAllowedTargetSelectorChainIds (ProcessBridgedDataWormhole-flatten.sol#18) is never initialized. It is used in: + - VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataWormhole-flatten.sol#25-38) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables + + +False positive. +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataWormhole-flatten.sol#25-38): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataWormhole-flatten.sol#30) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataWormhole-flatten.sol#36) +Dubious typecast in ProcessBridgedDataWormhole.processBridgeData(bytes,address,uint256) (ProcessBridgedDataWormhole-flatten.sol#148-189): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (ProcessBridgedDataWormhole-flatten.sol#155) +Dubious typecast in ProcessBridgedDataWormhole.slitherConstructorConstantVariables() (ProcessBridgedDataWormhole-flatten.sol#136-190): + bytes32 => bytes4 casting occurs in SEND_MESSAGE_REFUND = bytes4(keccak256(bytes)(bytes(sendPayloadToEvm(uint16,address,bytes,uint256,uint256,uint16,address)))) (ProcessBridgedDataWormhole-flatten.sol#138) + bytes32 => bytes4 casting occurs in SEND_MESSAGE = bytes4(keccak256(bytes)(bytes(sendPayloadToEvm(uint16,address,bytes,uint256,uint256)))) (ProcessBridgedDataWormhole-flatten.sol#140) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + + +False positive. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataWormhole-flatten.sol#74-111) uses assembly + - INLINE ASM (ProcessBridgedDataWormhole-flatten.sol#81-88) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage + + +Not issue. +INFO:Detectors: +Function VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataWormhole-flatten.sol#74-111) contains magic numbers: 20, 16 +Function VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataWormhole-flatten.sol#25-38) contains magic numbers: 160, 192 +Function ProcessBridgedDataWormhole.processBridgeData(bytes,address,uint256) (ProcessBridgedDataWormhole-flatten.sol#148-189) contains magic number: 4 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. trusted destinations. +INFO:Detectors: +GuardCM._verifySchedule(bytes,bytes4) (GuardCM-flatten.sol#225-274) uses delegatecall to a input-controlled function id + - (success,returndata) = bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector(IBridgeVerifier.processBridgeData.selector,callDatas[i_scope_0],bridgeParams.bridgeMediatorL2,bridgeParams.chainId)) (GuardCM-flatten.sol#255-256) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall + +Probably False positive. Disputed question. +INFO:Detectors: +Manipulated call found: (success,returndata) = bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector(IBridgeVerifier.processBridgeData.selector,callDatas[i_scope_0],bridgeParams.bridgeMediatorL2,bridgeParams.chainId)) (GuardCM-flatten.sol#255-256) in GuardCM._verifySchedule(bytes,bytes4) (GuardCM-flatten.sol#225-274) +Only the calldata could be manipulated + The calldata could be manipulated through GuardCM.checkTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes,address) (GuardCM-flatten.sol#282-327) + The calldata could be manipulated through GuardCM.setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]) (GuardCM-flatten.sol#391-429) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/arbitrary_call.md + +Not issue. For optimization +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (GuardCM-flatten.sol#32-45): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (GuardCM-flatten.sol#37) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (GuardCM-flatten.sol#43) +Dubious typecast in GuardCM.checkTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes,address) (GuardCM-flatten.sol#282-327): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (GuardCM-flatten.sol#310) +Dubious typecast in GuardCM.setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]) (GuardCM-flatten.sol#391-429): + uint256 => uint64 casting occurs in bridgeParams.chainId = uint64(chainIds[i]) (GuardCM-flatten.sol#426) + +Not issue. See above. +Dubious typecast in GuardCM.slitherConstructorConstantVariables() (GuardCM-flatten.sol#134-489): + bytes32 => bytes4 casting occurs in SCHEDULE = bytes4(keccak256(bytes)(bytes(schedule(address,uint256,bytes,bytes32,bytes32,uint256)))) (GuardCM-flatten.sol#144) + bytes32 => bytes4 casting occurs in SCHEDULE_BATCH = bytes4(keccak256(bytes)(bytes(scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)))) (GuardCM-flatten.sol#146) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + +False positive. +INFO:Detectors: +Reentrancy in GuardCM.pause() (GuardCM-flatten.sol#436-454): + External calls: + - state = IGovernor(governor).state(governorCheckProposalId) (GuardCM-flatten.sol#442) + State variables written after the call(s): + - paused = 2 (GuardCM-flatten.sol#444) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2 +INFO:Detectors: + +False positive. +Reentrancy in GuardCM.pause() (GuardCM-flatten.sol#436-454): + External calls: + - state = IGovernor(governor).state(governorCheckProposalId) (GuardCM-flatten.sol#442) + Event emitted after the call(s): + - GuardPaused(msg.sender) (GuardCM-flatten.sol#453) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3 + +Not issue. +INFO:Detectors: +GuardCM._verifySchedule(bytes,bytes4) (GuardCM-flatten.sol#225-274) uses assembly + - INLINE ASM (GuardCM-flatten.sol#261-264) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Detectors: + +Not issue. +INFO:Detectors: +Low level call in GuardCM._verifySchedule(bytes,bytes4) (GuardCM-flatten.sol#225-274): + - (success,returndata) = bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector(IBridgeVerifier.processBridgeData.selector,callDatas[i_scope_0],bridgeParams.bridgeMediatorL2,bridgeParams.chainId)) (GuardCM-flatten.sol#255-256) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls + +Not issue. +INFO:Detectors: +Variable GuardCM.setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]).bridgeMediatorL1s (GuardCM-flatten.sol#392) is too similar to GuardCM.setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]).bridgeMediatorL2s (GuardCM-flatten.sol#395) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar +INFO:Detectors: +Function VerifyData._verifyData(address,bytes,uint256) (GuardCM-flatten.sol#32-45) contains magic numbers: 160, 192 +Function GuardCM._verifySchedule(bytes,bytes4) (GuardCM-flatten.sol#225-274) contains magic numbers: 4, 32 +Function GuardCM.setTargetSelectorChainIds(address[],bytes4[],uint256[],bool[]) (GuardCM-flatten.sol#336-382) contains magic numbers: 160, 192 +Function GuardCM.getTargetSelectorChainId(address,bytes4,uint256) (GuardCM-flatten.sol#476-488) contains magic numbers: 160, 192 +Function GuardCM.slitherConstructorVariables() (GuardCM-flatten.sol#134-489) contains magic number: 88250008686885504216650933897987879122244685460173810624866685274624741477673 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. +INFO:Detectors: +VerifyData.mapAllowedTargetSelectorChainIds (ProcessBridgedDataGnosis-flatten.sol#18) is never initialized. It is used in: + - VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataGnosis-flatten.sol#25-38) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables + +False positive. See above. +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataGnosis-flatten.sol#25-38): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataGnosis-flatten.sol#30) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataGnosis-flatten.sol#36) +Dubious typecast in ProcessBridgedDataGnosis.processBridgeData(bytes,address,uint256) (ProcessBridgedDataGnosis-flatten.sol#147-194): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (ProcessBridgedDataGnosis-flatten.sol#154) + bytes => bytes4 casting occurs in functionSig = bytes4(mediatorPayload) (ProcessBridgedDataGnosis-flatten.sol#178) +Dubious typecast in ProcessBridgedDataGnosis.slitherConstructorConstantVariables() (ProcessBridgedDataGnosis-flatten.sol#135-195): + bytes32 => bytes4 casting occurs in REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes)(bytes(requireToPassMessage(address,bytes,uint256)))) (ProcessBridgedDataGnosis-flatten.sol#137) + bytes32 => bytes4 casting occurs in PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes)(bytes(processMessageFromForeign(bytes)))) (ProcessBridgedDataGnosis-flatten.sol#139) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + +Not issue. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataGnosis-flatten.sol#74-111) uses assembly + - INLINE ASM (ProcessBridgedDataGnosis-flatten.sol#81-88) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage + +Not issue. +INFO:Detectors: +Function VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataGnosis-flatten.sol#74-111) contains magic numbers: 20, 16 +Function VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataGnosis-flatten.sol#25-38) contains magic numbers: 160, 192 +Function ProcessBridgedDataGnosis.processBridgeData(bytes,address,uint256) (ProcessBridgedDataGnosis-flatten.sol#147-194) contains magic number: 4 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. Not in storage. +INFO:Detectors: +In a function ProcessBridgedDataGnosis.processBridgeData(bytes,address,uint256) (ProcessBridgedDataGnosis-flatten.sol#147-194) variable VerifyBridgedData.SELECTOR_DATA_LENGTH (ProcessBridgedDataGnosis-flatten.sol#57) is read multiple times +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/multiple_storage_read.md + +False positive. +INFO:Detectors: +VerifyData.mapAllowedTargetSelectorChainIds (ProcessBridgedDataPolygon-flatten.sol#19) is never initialized. It is used in: + - VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataPolygon-flatten.sol#26-39) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables + +False positive. See above. +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataPolygon-flatten.sol#26-39): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataPolygon-flatten.sol#31) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataPolygon-flatten.sol#37) +Dubious typecast in ProcessBridgedDataPolygon.processBridgeData(bytes,address,uint256) (ProcessBridgedDataPolygon-flatten.sol#147-179): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (ProcessBridgedDataPolygon-flatten.sol#154) +Dubious typecast in ProcessBridgedDataPolygon.slitherConstructorConstantVariables() (ProcessBridgedDataPolygon-flatten.sol#137-180): + bytes32 => bytes4 casting occurs in SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes)(bytes(sendMessageToChild(address,bytes)))) (ProcessBridgedDataPolygon-flatten.sol#139) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + +Not issue. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataPolygon-flatten.sol#75-112) uses assembly + - INLINE ASM (ProcessBridgedDataPolygon-flatten.sol#82-89) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage + +Not issue. +INFO:Detectors: +Function VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataPolygon-flatten.sol#75-112) contains magic numbers: 20, 16 +Function VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataPolygon-flatten.sol#26-39) contains magic numbers: 160, 192 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. +INFO:Detectors: +VerifyData.mapAllowedTargetSelectorChainIds (ProcessBridgedDataOptimism-flatten.sol#18) is never initialized. It is used in: + - VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataOptimism-flatten.sol#25-38) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables + +False positive. See above. +INFO:Detectors: +Dubious typecast in VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataOptimism-flatten.sol#25-38): + bytes => bytes4 casting occurs in targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160 (ProcessBridgedDataOptimism-flatten.sol#30) + bytes => bytes4 casting occurs in revert NotAuthorized(address,bytes4,uint256)(target,bytes4(data),chainId) (ProcessBridgedDataOptimism-flatten.sol#36) +Dubious typecast in ProcessBridgedDataOptimism.processBridgeData(bytes,address,uint256) (ProcessBridgedDataOptimism-flatten.sol#147-194): + bytes => bytes4 casting occurs in functionSig = bytes4(data) (ProcessBridgedDataOptimism-flatten.sol#154) + bytes => bytes4 casting occurs in functionSig = bytes4(mediatorPayload) (ProcessBridgedDataOptimism-flatten.sol#178) +Dubious typecast in ProcessBridgedDataOptimism.slitherConstructorConstantVariables() (ProcessBridgedDataOptimism-flatten.sol#135-195): + bytes32 => bytes4 casting occurs in SEND_MESSAGE = bytes4(keccak256(bytes)(bytes(sendMessage(address,bytes,uint32)))) (ProcessBridgedDataOptimism-flatten.sol#137) + bytes32 => bytes4 casting occurs in PROCESS_MESSAGE_FROM_SOURCE = bytes4(keccak256(bytes)(bytes(processMessageFromSource(bytes)))) (ProcessBridgedDataOptimism-flatten.sol#139) +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/dubious_typecast.md + +Not issue. +INFO:Detectors: +VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataOptimism-flatten.sol#74-111) uses assembly + - INLINE ASM (ProcessBridgedDataOptimism-flatten.sol#81-88) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Detectors: + +Not issue. +INFO:Detectors: +Function VerifyBridgedData._verifyBridgedData(bytes,uint256) (ProcessBridgedDataOptimism-flatten.sol#74-111) contains magic numbers: 20, 16 +Function VerifyData._verifyData(address,bytes,uint256) (ProcessBridgedDataOptimism-flatten.sol#25-38) contains magic numbers: 160, 192 +Function ProcessBridgedDataOptimism.processBridgeData(bytes,address,uint256) (ProcessBridgedDataOptimism-flatten.sol#147-194) contains magic number: 4 +Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md + +False positive. +INFO:Detectors: +In a function ProcessBridgedDataOptimism.processBridgeData(bytes,address,uint256) (ProcessBridgedDataOptimism-flatten.sol#147-194) variable VerifyBridgedData.SELECTOR_DATA_LENGTH (ProcessBridgedDataOptimism-flatten.sol#57) is read multiple times + diff --git a/audits/internal10/analysis/slither_function-summary.txt b/audits/internal10/analysis/slither_function-summary.txt new file mode 100644 index 0000000..72884d6 --- /dev/null +++ b/audits/internal10/analysis/slither_function-summary.txt @@ -0,0 +1,468 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyBridgedData +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH'] +Inheritance:: ['VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['SELECTOR_DATA_LENGTH'] | [] | [] | 1 | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract ProcessBridgedDataArbitrum +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH', 'CREATE_TICKET_UNSAFE', 'CREATE_TICKET', 'MIN_ARBITRUM_PAYLOAD_LENGTH'] +Inheritance:: ['VerifyBridgedData', 'VerifyData'] + ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+-----------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+-----------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | ['CREATE_TICKET', 'CREATE_TICKET_UNSAFE'] | [] | ['_verifyData', 'abi.decode()'] | ['abi.decode(payload,(address,uint256,uint256,address,address,uint256,uint256,uint256,bytes))', 'new bytes(data.length - SELECTOR_DATA_LENGTH)'] | 4 | +| | | | ['MIN_ARBITRUM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | | ['revert IncorrectDataLength(uint256,uint256)', 'revert WrongSelector(bytes4,uint256)'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['CREATE_TICKET', 'CREATE_TICKET_UNSAFE'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['MIN_ARBITRUM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | | | | ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+-----------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyBridgedData +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH'] +Inheritance:: ['VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['SELECTOR_DATA_LENGTH'] | [] | [] | 1 | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract ProcessBridgedDataWormhole +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE_REFUND', 'SEND_MESSAGE', 'MIN_OPTIMISM_PAYLOAD_LENGTH'] +Inheritance:: ['VerifyBridgedData', 'VerifyData'] + ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | [] | ['_verifyBridgedData', 'abi.decode()'] | ['abi.decode(payload,(uint16,address,bytes,uint256,uint256))', 'abi.decode(payload,(uint16,address,bytes,uint256,uint256,uint16,address))'] | 6 | +| | | | ['SEND_MESSAGE', 'SEND_MESSAGE_REFUND'] | | ['revert IncorrectDataLength(uint256,uint256)', 'revert WrongL2BridgeMediator(address,address)'] | ['new bytes(data.length - SELECTOR_DATA_LENGTH)'] | | +| | | | | | ['revert WrongSelector(bytes4,uint256)'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['SEND_MESSAGE', 'SEND_MESSAGE_REFUND'] | | | | ++------------------------------------------+------------+-----------+---------------------------------------------------------+---------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract Enum +Contract vars: [] +Inheritance:: [] + ++----------+------------+-----------+------+-------+----------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++----------+------------+-----------+------+-------+----------------+----------------+-----------------------+ ++----------+------------+-----------+------+-------+----------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract IGovernor +Contract vars: [] +Inheritance:: [] + ++----------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++----------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ +| state(uint256) | external | [] | [] | [] | [] | [] | 2 | ++----------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract IBridgeVerifier +Contract vars: [] +Inheritance:: [] + ++------------------------------------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | ++------------------------------------------+------------+-----------+------+-------+----------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract GuardCM +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SCHEDULE', 'SCHEDULE_BATCH', 'governorCheckProposalId', 'MIN_SCHEDULE_DATA_LENGTH', 'SELECTOR_DATA_LENGTH', 'MAX_CHAIN_ID', 'owner', 'multisig', 'governor', 'paused', 'mapBridgeMediatorL1BridgeParams'] +Inheritance:: ['VerifyData'] + ++--------------------------------------------------------------------------------------------------------------+------------+-----------+------------------------------------------------------+----------------------------------------------+---------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++--------------------------------------------------------------------------------------------------------------+------------+-----------+------------------------------------------------------+----------------------------------------------+---------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| constructor(address,address,address) | public | [] | [] | ['governor', 'multisig'] | ['revert ZeroAddress()'] | [] | 2 | +| | | | | ['owner'] | | | | +| changeGovernor(address) | external | [] | ['msg.sender', 'owner'] | ['governor'] | ['revert OwnerOnly(address,address)', 'revert ZeroAddress()'] | [] | 3 | +| changeGovernorCheckProposalId(uint256) | external | [] | ['msg.sender', 'owner'] | ['governorCheckProposalId'] | ['revert OwnerOnly(address,address)', 'revert ZeroValue()'] | [] | 3 | +| _verifySchedule(bytes,bytes4) | internal | [] | ['SCHEDULE', 'SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'abi.decode()'] | ['abi.decode(payload,(address,uint256,bytes,bytes32,bytes32,uint256))', 'abi.decode(payload,(address[],uint256[],bytes[],bytes32,bytes32,uint256))'] | 7 | +| | | | ['block.chainid', 'mapBridgeMediatorL1BridgeParams'] | | ['abi.encodeWithSelector()', 'mload(uint256)'] | ['abi.encodeWithSelector(IBridgeVerifier.processBridgeData.selector,callDatas[i_scope_0],bridgeParams.bridgeMediatorL2,bridgeParams.chainId)', 'bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector(IBridgeVerifier.processBridgeData.selector,callDatas[i_scope_0],bridgeParams.bridgeMediatorL2,bridgeParams.chainId))'] | | +| | | | | | ['revert(string)', 'revert(uint256,uint256)'] | ['new address[](1)', 'new bytes(data.length - SELECTOR_DATA_LENGTH)'] | | +| | | | | | | ['new bytes[](1)'] | | +| checkTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes,address) | external | [] | ['MIN_SCHEDULE_DATA_LENGTH', 'SCHEDULE'] | [] | ['_verifySchedule', 'revert IncorrectDataLength(uint256,uint256)'] | [] | 8 | +| | | | ['SCHEDULE_BATCH', 'SELECTOR_DATA_LENGTH'] | | ['revert NoDelegateCall()', 'revert NoSelfCall()'] | | | +| | | | ['multisig', 'owner'] | | | | | +| | | | ['paused'] | | | | | +| setTargetSelectorChainIds(address[],bytes4[],uint256[],bool[]) | external | [] | ['msg.sender', 'owner'] | ['mapAllowedTargetSelectorChainIds'] | ['revert OwnerOnly(address,address)', 'revert WrongArrayLength(uint256,uint256,uint256,uint256)'] | [] | 7 | +| | | | | | ['revert ZeroAddress()', 'revert ZeroValue()'] | | | +| setBridgeMediatorL1BridgeParams(address[],address[],uint256[],address[]) | external | [] | ['MAX_CHAIN_ID', 'mapBridgeMediatorL1BridgeParams'] | ['mapBridgeMediatorL1BridgeParams'] | ['revert L2ChainIdNotSupported(uint256)', 'revert OwnerOnly(address,address)'] | [] | 6 | +| | | | ['msg.sender', 'owner'] | | ['revert WrongArrayLength(uint256,uint256,uint256,uint256)', 'revert ZeroAddress()'] | | | +| pause() | external | [] | ['governor', 'governorCheckProposalId'] | ['paused'] | ['revert ManagerOnly(address,address)', 'revert NotDefeated(uint256,ProposalState)'] | ['IGovernor(governor).state(governorCheckProposalId)'] | 4 | +| | | | ['msg.sender', 'multisig'] | | | | | +| | | | ['owner'] | | | | | +| unpause() | external | [] | ['msg.sender', 'owner'] | ['paused'] | ['revert OwnerOnly(address,address)'] | [] | 2 | +| checkAfterExecution(bytes32,bool) | external | [] | [] | [] | [] | [] | 1 | +| getTargetSelectorChainId(address,bytes4,uint256) | external | [] | ['mapAllowedTargetSelectorChainIds'] | [] | [] | [] | 1 | +| slitherConstructorVariables() | internal | [] | [] | ['governorCheckProposalId', 'paused'] | [] | [] | 1 | +| slitherConstructorConstantVariables() | internal | [] | [] | ['MAX_CHAIN_ID', 'MIN_SCHEDULE_DATA_LENGTH'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['SCHEDULE', 'SCHEDULE_BATCH'] | | | | +| | | | | ['SELECTOR_DATA_LENGTH'] | | | | ++--------------------------------------------------------------------------------------------------------------+------------+-----------+------------------------------------------------------+----------------------------------------------+---------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyBridgedData +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH'] +Inheritance:: ['VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['SELECTOR_DATA_LENGTH'] | [] | [] | 1 | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract ProcessBridgedDataGnosis +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH', 'REQUIRE_TO_PASS_MESSAGE', 'PROCESS_MESSAGE_FROM_FOREIGN', 'MIN_GNOSIS_PAYLOAD_LENGTH'] +Inheritance:: ['VerifyBridgedData', 'VerifyData'] + ++------------------------------------------+------------+-----------+---------------------------------------------------------------+---------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+---------------------------------------------------------------+---------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | ['MIN_GNOSIS_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_FOREIGN'] | [] | ['_verifyBridgedData', 'abi.decode()'] | ['abi.decode(bridgePayload,(bytes))', 'abi.decode(payload,(address,bytes,uint256))'] | 7 | +| | | | ['REQUIRE_TO_PASS_MESSAGE', 'SELECTOR_DATA_LENGTH'] | | ['revert IncorrectDataLength(uint256,uint256)', 'revert WrongL2BridgeMediator(address,address)'] | ['new bytes(data.length - SELECTOR_DATA_LENGTH)', 'new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH)'] | | +| | | | | | ['revert WrongSelector(bytes4,uint256)'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['MIN_GNOSIS_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_FOREIGN'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['REQUIRE_TO_PASS_MESSAGE', 'SELECTOR_DATA_LENGTH'] | | | | ++------------------------------------------+------------+-----------+---------------------------------------------------------------+---------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyBridgedData +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH'] +Inheritance:: ['VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['SELECTOR_DATA_LENGTH'] | [] | [] | 1 | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract ProcessBridgedDataPolygon +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE_TO_CHILD', 'MIN_POLYGON_PAYLOAD_LENGTH'] +Inheritance:: ['VerifyBridgedData', 'VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------------------------+--------------------------------------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------------------------+--------------------------------------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | ['MIN_POLYGON_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | [] | ['_verifyBridgedData', 'abi.decode()'] | ['abi.decode(payload,(address,bytes))', 'new bytes(data.length - SELECTOR_DATA_LENGTH)'] | 5 | +| | | | ['SEND_MESSAGE_TO_CHILD'] | | ['revert IncorrectDataLength(uint256,uint256)', 'revert WrongL2BridgeMediator(address,address)'] | | | +| | | | | | ['revert WrongSelector(bytes4,uint256)'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['MIN_POLYGON_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['SEND_MESSAGE_TO_CHILD'] | | | | ++------------------------------------------+------------+-----------+--------------------------------------------------------+--------------------------------------------------------+--------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyData +Contract vars: ['mapAllowedTargetSelectorChainIds'] +Inheritance:: [] + ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | ++------------------------------------+------------+-----------+--------------------------------------+-------+--------------------------------------------------+----------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract VerifyBridgedData +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH'] +Inheritance:: ['VerifyData'] + ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['SELECTOR_DATA_LENGTH'] | [] | [] | 1 | ++------------------------------------------+------------+-----------+--------------------------------------+--------------------------+-------------------------------------------------------------------------+------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Printers: +Contract ProcessBridgedDataOptimism +Contract vars: ['mapAllowedTargetSelectorChainIds', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE', 'PROCESS_MESSAGE_FROM_SOURCE', 'MIN_OPTIMISM_PAYLOAD_LENGTH'] +Inheritance:: ['VerifyBridgedData', 'VerifyData'] + ++------------------------------------------+------------+-----------+----------------------------------------------------------------+----------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ +| Function | Visibility | Modifiers | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++------------------------------------------+------------+-----------+----------------------------------------------------------------+----------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ +| processBridgeData(bytes,address,uint256) | external | [] | [] | [] | [] | [] | 2 | +| _verifyBridgedData(bytes,uint256) | internal | [] | ['SELECTOR_DATA_LENGTH'] | [] | ['_verifyData', 'mload(uint256)'] | ['new bytes(payloadLength)'] | 5 | +| | | | | | ['revert DataLengthIncorrect(uint256,uint256)', 'revert ZeroAddress()'] | | | +| _verifyData(address,bytes,uint256) | internal | [] | ['mapAllowedTargetSelectorChainIds'] | [] | ['revert NotAuthorized(address,bytes4,uint256)'] | [] | 2 | +| processBridgeData(bytes,address,uint256) | external | [] | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_SOURCE'] | [] | ['_verifyBridgedData', 'abi.decode()'] | ['abi.decode(bridgePayload,(bytes))', 'abi.decode(payload,(address,bytes,uint32))'] | 7 | +| | | | ['SELECTOR_DATA_LENGTH', 'SEND_MESSAGE'] | | ['revert IncorrectDataLength(uint256,uint256)', 'revert WrongL2BridgeMediator(address,address)'] | ['new bytes(data.length - SELECTOR_DATA_LENGTH)', 'new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH)'] | | +| | | | | | ['revert WrongSelector(bytes4,uint256)'] | | | +| slitherConstructorConstantVariables() | internal | [] | [] | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_SOURCE'] | ['keccak256(bytes)'] | [] | 1 | +| | | | | ['SELECTOR_DATA_LENGTH', 'SEND_MESSAGE'] | | | | ++------------------------------------------+------------+-----------+----------------------------------------------------------------+----------------------------------------------------------------+--------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------+ + ++-----------+------------+------+-------+----------------+----------------+-----------------------+ +| Modifiers | Visibility | Read | Write | Internal Calls | External Calls | Cyclomatic Complexity | ++-----------+------------+------+-------+----------------+----------------+-----------------------+ ++-----------+------------+------+-------+----------------+----------------+-----------------------+ + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_human-summary.txt b/audits/internal10/analysis/slither_human-summary.txt new file mode 100644 index 0000000..e5695bf --- /dev/null +++ b/audits/internal10/analysis/slither_human-summary.txt @@ -0,0 +1,164 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 3 +Source lines of code (SLOC) in source files: 76 +Number of assembly lines: 0 +Number of optimization issues: 0 +Number of informational issues: 7 +Number of low issues: 0 +Number of medium issues: 3 +Number of high issues: 1 + ++----------------------------+-------------+------+------------+--------------+----------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++----------------------------+-------------+------+------------+--------------+----------+ +| ProcessBridgedDataArbitrum | 5 | | | No | Assembly | ++----------------------------+-------------+------+------------+--------------+----------+ +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 3 +Source lines of code (SLOC) in source files: 86 +Number of assembly lines: 0 +Number of optimization issues: 0 +Number of informational issues: 6 +Number of low issues: 0 +Number of medium issues: 3 +Number of high issues: 1 + ++----------------------------+-------------+------+------------+--------------+----------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++----------------------------+-------------+------+------------+--------------+----------+ +| ProcessBridgedDataWormhole | 5 | | | No | Assembly | ++----------------------------+-------------+------+------------+--------------+----------+ +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 5 +Source lines of code (SLOC) in source files: 260 +Number of assembly lines: 0 +Number of optimization issues: 0 +Number of informational issues: 10 +Number of low issues: 2 +Number of medium issues: 4 +Number of high issues: 2 + ++-----------------+-------------+------+------------+--------------+--------------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++-----------------+-------------+------+------------+--------------+--------------+ +| Enum | 0 | | | No | | +| IGovernor | 1 | | | No | | +| IBridgeVerifier | 1 | | | No | | +| GuardCM | 14 | | | Yes | Delegatecall | +| | | | | | Assembly | ++-----------------+-------------+------+------------+--------------+--------------+ +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 3 +Source lines of code (SLOC) in source files: 87 +Number of assembly lines: 0 +Number of optimization issues: 1 +Number of informational issues: 6 +Number of low issues: 0 +Number of medium issues: 3 +Number of high issues: 1 + ++--------------------------+-------------+------+------------+--------------+----------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++--------------------------+-------------+------+------------+--------------+----------+ +| ProcessBridgedDataGnosis | 5 | | | No | Assembly | ++--------------------------+-------------+------+------------+--------------+----------+ +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 3 +Source lines of code (SLOC) in source files: 77 +Number of assembly lines: 0 +Number of optimization issues: 0 +Number of informational issues: 5 +Number of low issues: 0 +Number of medium issues: 3 +Number of high issues: 1 + ++---------------------------+-------------+------+------------+--------------+----------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++---------------------------+-------------+------+------------+--------------+----------+ +| ProcessBridgedDataPolygon | 5 | | | No | Assembly | ++---------------------------+-------------+------+------------+--------------+----------+ +INFO:Printers: +Compiled with solc +Total number of contracts in source files: 3 +Source lines of code (SLOC) in source files: 87 +Number of assembly lines: 0 +Number of optimization issues: 1 +Number of informational issues: 6 +Number of low issues: 0 +Number of medium issues: 3 +Number of high issues: 1 + ++----------------------------+-------------+------+------------+--------------+----------+ +| Name | # functions | ERCS | ERC20 info | Complex code | Features | ++----------------------------+-------------+------+------------+--------------+----------+ +| ProcessBridgedDataOptimism | 5 | | | No | Assembly | ++----------------------------+-------------+------+------------+--------------+----------+ +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_inheritance-graph.txt b/audits/internal10/analysis/slither_inheritance-graph.txt new file mode 100644 index 0000000..bfc8db5 --- /dev/null +++ b/audits/internal10/analysis/slither_inheritance-graph.txt @@ -0,0 +1,76 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers:Inheritance Graph: ./ProcessBridgedDataArbitrum-flatten.sol.inheritance-graph.dot + +INFO:Printers:Inheritance Graph: ./ProcessBridgedDataWormhole-flatten.sol.inheritance-graph.dot + +INFO:Printers:Inheritance Graph: ./GuardCM-flatten.sol.inheritance-graph.dot + +INFO:Printers:Inheritance Graph: ./ProcessBridgedDataGnosis-flatten.sol.inheritance-graph.dot + +INFO:Printers:Inheritance Graph: ./ProcessBridgedDataPolygon-flatten.sol.inheritance-graph.dot + +INFO:Printers:Inheritance Graph: ./ProcessBridgedDataOptimism-flatten.sol.inheritance-graph.dot + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_inheritance.txt b/audits/internal10/analysis/slither_inheritance.txt new file mode 100644 index 0000000..c263a26 --- /dev/null +++ b/audits/internal10/analysis/slither_inheritance.txt @@ -0,0 +1,212 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ VerifyData + ++ VerifyBridgedData + -> VerifyData + ++ ProcessBridgedDataArbitrum + -> VerifyBridgedData +, [VerifyData] + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ VerifyData + -> VerifyBridgedData +, [ProcessBridgedDataArbitrum] + ++ VerifyBridgedData + -> ProcessBridgedDataArbitrum + ++ ProcessBridgedDataArbitrum + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ VerifyData + ++ VerifyBridgedData + -> VerifyData + ++ ProcessBridgedDataWormhole + -> VerifyBridgedData +, [VerifyData] + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ VerifyData + -> VerifyBridgedData +, [ProcessBridgedDataWormhole] + ++ VerifyBridgedData + -> ProcessBridgedDataWormhole + ++ ProcessBridgedDataWormhole + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ Enum + ++ VerifyData + ++ IGovernor + ++ IBridgeVerifier + ++ GuardCM + -> VerifyData + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ Enum + ++ VerifyData + -> GuardCM + ++ IGovernor + ++ IBridgeVerifier + ++ GuardCM + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ VerifyData + ++ VerifyBridgedData + -> VerifyData + ++ ProcessBridgedDataGnosis + -> VerifyBridgedData +, [VerifyData] + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ VerifyData + -> VerifyBridgedData +, [ProcessBridgedDataGnosis] + ++ VerifyBridgedData + -> ProcessBridgedDataGnosis + ++ ProcessBridgedDataGnosis + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ VerifyData + ++ VerifyBridgedData + -> VerifyData + ++ ProcessBridgedDataPolygon + -> VerifyBridgedData +, [VerifyData] + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ VerifyData + -> VerifyBridgedData +, [ProcessBridgedDataPolygon] + ++ VerifyBridgedData + -> ProcessBridgedDataPolygon + ++ ProcessBridgedDataPolygon + +INFO:Printers:Inheritance +Child_Contract -> Immediate_Base_Contracts [Not_Immediate_Base_Contracts] ++ VerifyData + ++ VerifyBridgedData + -> VerifyData + ++ ProcessBridgedDataOptimism + -> VerifyBridgedData +, [VerifyData] + + +Base_Contract -> Immediate_Child_Contracts + [Not_Immediate_Child_Contracts] + ++ VerifyData + -> VerifyBridgedData +, [ProcessBridgedDataOptimism] + ++ VerifyBridgedData + -> ProcessBridgedDataOptimism + ++ ProcessBridgedDataOptimism + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_modifiers.txt b/audits/internal10/analysis/slither_modifiers.txt new file mode 100644 index 0000000..d659f9f --- /dev/null +++ b/audits/internal10/analysis/slither_modifiers.txt @@ -0,0 +1,159 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Contract ProcessBridgedDataArbitrum ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| processBridgeData | [] | +| _verifyBridgedData | [] | +| _verifyData | [] | +| processBridgeData | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Printers: +Contract ProcessBridgedDataWormhole ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| processBridgeData | [] | +| _verifyBridgedData | [] | +| _verifyData | [] | +| processBridgeData | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Printers: +Contract Enum ++----------+-----------+ +| Function | Modifiers | ++----------+-----------+ ++----------+-----------+ +INFO:Printers: +Contract IGovernor ++----------+-----------+ +| Function | Modifiers | ++----------+-----------+ +| state | [] | ++----------+-----------+ +INFO:Printers: +Contract IBridgeVerifier ++-------------------+-----------+ +| Function | Modifiers | ++-------------------+-----------+ +| processBridgeData | [] | ++-------------------+-----------+ +INFO:Printers: +Contract GuardCM ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| _verifyData | [] | +| constructor | [] | +| changeGovernor | [] | +| changeGovernorCheckProposalId | [] | +| _verifySchedule | [] | +| checkTransaction | [] | +| setTargetSelectorChainIds | [] | +| setBridgeMediatorL1BridgeParams | [] | +| pause | [] | +| unpause | [] | +| checkAfterExecution | [] | +| getTargetSelectorChainId | [] | +| slitherConstructorVariables | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Printers: +Contract ProcessBridgedDataGnosis ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| processBridgeData | [] | +| _verifyBridgedData | [] | +| _verifyData | [] | +| processBridgeData | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Printers: +Contract ProcessBridgedDataPolygon ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| processBridgeData | [] | +| _verifyBridgedData | [] | +| _verifyData | [] | +| processBridgeData | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Printers: +Contract ProcessBridgedDataOptimism ++-------------------------------------+-----------+ +| Function | Modifiers | ++-------------------------------------+-----------+ +| processBridgeData | [] | +| _verifyBridgedData | [] | +| _verifyData | [] | +| processBridgeData | [] | +| slitherConstructorConstantVariables | [] | ++-------------------------------------+-----------+ +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_require.txt b/audits/internal10/analysis/slither_require.txt new file mode 100644 index 0000000..328b480 --- /dev/null +++ b/audits/internal10/analysis/slither_require.txt @@ -0,0 +1,159 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Contract ProcessBridgedDataArbitrum ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| processBridgeData | | +| _verifyBridgedData | | +| _verifyData | | +| processBridgeData | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Printers: +Contract ProcessBridgedDataWormhole ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| processBridgeData | | +| _verifyBridgedData | | +| _verifyData | | +| processBridgeData | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Printers: +Contract Enum ++----------+-------------------+ +| Function | require or assert | ++----------+-------------------+ ++----------+-------------------+ +INFO:Printers: +Contract IGovernor ++----------+-------------------+ +| Function | require or assert | ++----------+-------------------+ +| state | | ++----------+-------------------+ +INFO:Printers: +Contract IBridgeVerifier ++-------------------+-------------------+ +| Function | require or assert | ++-------------------+-------------------+ +| processBridgeData | | ++-------------------+-------------------+ +INFO:Printers: +Contract GuardCM ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| _verifyData | | +| constructor | | +| changeGovernor | | +| changeGovernorCheckProposalId | | +| _verifySchedule | | +| checkTransaction | | +| setTargetSelectorChainIds | | +| setBridgeMediatorL1BridgeParams | | +| pause | | +| unpause | | +| checkAfterExecution | | +| getTargetSelectorChainId | | +| slitherConstructorVariables | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Printers: +Contract ProcessBridgedDataGnosis ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| processBridgeData | | +| _verifyBridgedData | | +| _verifyData | | +| processBridgeData | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Printers: +Contract ProcessBridgedDataPolygon ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| processBridgeData | | +| _verifyBridgedData | | +| _verifyData | | +| processBridgeData | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Printers: +Contract ProcessBridgedDataOptimism ++-------------------------------------+-------------------+ +| Function | require or assert | ++-------------------------------------+-------------------+ +| processBridgeData | | +| _verifyBridgedData | | +| _verifyData | | +| processBridgeData | | +| slitherConstructorConstantVariables | | ++-------------------------------------+-------------------+ +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_variable-order.txt b/audits/internal10/analysis/slither_variable-order.txt new file mode 100644 index 0000000..5aebb50 --- /dev/null +++ b/audits/internal10/analysis/slither_variable-order.txt @@ -0,0 +1,134 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +ProcessBridgedDataArbitrum: ++---------------------------------------------+--------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+--------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | ++---------------------------------------------+--------------------------+------+--------+ + +INFO:Printers: +ProcessBridgedDataWormhole: ++---------------------------------------------+--------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+--------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | ++---------------------------------------------+--------------------------+------+--------+ + +INFO:Printers: +Enum: ++------+------+------+--------+ +| Name | Type | Slot | Offset | ++------+------+------+--------+ ++------+------+------+--------+ + +IGovernor: ++------+------+------+--------+ +| Name | Type | Slot | Offset | ++------+------+------+--------+ ++------+------+------+--------+ + +IBridgeVerifier: ++------+------+------+--------+ +| Name | Type | Slot | Offset | ++------+------+------+--------+ ++------+------+------+--------+ + +GuardCM: ++---------------------------------------------+----------------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+----------------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | +| GuardCM.governorCheckProposalId | uint256 | 1 | 0 | +| GuardCM.governor | address | 2 | 0 | +| GuardCM.paused | uint8 | 2 | 20 | +| GuardCM.mapBridgeMediatorL1BridgeParams | mapping(address => BridgeParams) | 3 | 0 | ++---------------------------------------------+----------------------------------+------+--------+ + +INFO:Printers: +ProcessBridgedDataGnosis: ++---------------------------------------------+--------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+--------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | ++---------------------------------------------+--------------------------+------+--------+ + +INFO:Printers: +ProcessBridgedDataPolygon: ++---------------------------------------------+--------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+--------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | ++---------------------------------------------+--------------------------+------+--------+ + +INFO:Printers: +ProcessBridgedDataOptimism: ++---------------------------------------------+--------------------------+------+--------+ +| Name | Type | Slot | Offset | ++---------------------------------------------+--------------------------+------+--------+ +| VerifyData.mapAllowedTargetSelectorChainIds | mapping(uint256 => bool) | 0 | 0 | ++---------------------------------------------+--------------------------+------+--------+ + +INFO:Slither:. analyzed (20 contracts) diff --git a/audits/internal10/analysis/slither_vars-and-auth.txt b/audits/internal10/analysis/slither_vars-and-auth.txt new file mode 100644 index 0000000..b14e49e --- /dev/null +++ b/audits/internal10/analysis/slither_vars-and-auth.txt @@ -0,0 +1,257 @@ +'solc --version' running +'solc ./ProcessBridgedDataArbitrum-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataArbitrum-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataArbitrum-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataWormhole-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataWormhole-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataWormhole-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./GuardCM-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./GuardCM-flatten.sol: +Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. +--> GuardCM-flatten.sol + +Warning: Function state mutability can be restricted to view + --> GuardCM-flatten.sol:32:5: + | +32 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataGnosis-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataGnosis-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataGnosis-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataPolygon-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataPolygon-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataPolygon-flatten.sol:26:5: + | +26 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +'solc --version' running +'solc ./ProcessBridgedDataOptimism-flatten.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths .,/home/andrey/valory/autonolas-governance/audits/internal10/analysis/contracts' running +Compilation warnings/errors on ./ProcessBridgedDataOptimism-flatten.sol: +Warning: Function state mutability can be restricted to view + --> ProcessBridgedDataOptimism-flatten.sol:25:5: + | +25 | function _verifyData(address target, bytes memory data, uint256 chainId) internal { + | ^ (Relevant source part starts here and spans across multiple lines). + + +INFO:Printers: +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract VerifyBridgedData ++-------------------------------------+--------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------+--------------------------+ +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| slitherConstructorConstantVariables | ['SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------+--------------------------+ + +Contract ProcessBridgedDataArbitrum ++-------------------------------------+--------------------------------------------------------------------------------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------------------------------------------------------------------------------+--------------------------+ +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| slitherConstructorConstantVariables | ['CREATE_TICKET', 'CREATE_TICKET_UNSAFE', 'MIN_ARBITRUM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------------------------------------------------------------------------------+--------------------------+ + +INFO:Printers: +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract VerifyBridgedData ++-------------------------------------+--------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------+--------------------------+ +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| slitherConstructorConstantVariables | ['SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------+--------------------------+ + +Contract ProcessBridgedDataWormhole ++-------------------------------------+------------------------------------------------------------------------------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+------------------------------------------------------------------------------------------------+--------------------------+ +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| slitherConstructorConstantVariables | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE', 'SEND_MESSAGE_REFUND'] | [] | ++-------------------------------------+------------------------------------------------------------------------------------------------+--------------------------+ + +INFO:Printers: +Contract Enum ++----------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++----------+-------------------------+--------------------------+ ++----------+-------------------------+--------------------------+ + +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract IGovernor ++----------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++----------+-------------------------+--------------------------+ +| state | [] | [] | ++----------+-------------------------+--------------------------+ + +Contract IBridgeVerifier ++-------------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------+-------------------------+--------------------------+ +| processBridgeData | [] | [] | ++-------------------+-------------------------+--------------------------+ + +Contract GuardCM ++-------------------------------------+----------------------------------------------------------------------------------------------------+---------------------------------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+----------------------------------------------------------------------------------------------------+---------------------------------------------------+ +| _verifyData | [] | [] | +| constructor | ['governor', 'multisig', 'owner'] | [] | +| changeGovernor | ['governor'] | ['msg.sender != owner'] | +| changeGovernorCheckProposalId | ['governorCheckProposalId'] | ['msg.sender != owner'] | +| _verifySchedule | [] | [] | +| checkTransaction | [] | [] | +| setTargetSelectorChainIds | ['mapAllowedTargetSelectorChainIds'] | ['msg.sender != owner'] | +| setBridgeMediatorL1BridgeParams | ['mapBridgeMediatorL1BridgeParams'] | ['msg.sender != owner'] | +| pause | ['paused'] | ['msg.sender == multisig', 'msg.sender == owner'] | +| unpause | ['paused'] | ['msg.sender != owner'] | +| checkAfterExecution | [] | [] | +| getTargetSelectorChainId | [] | [] | +| slitherConstructorVariables | ['governorCheckProposalId', 'paused'] | [] | +| slitherConstructorConstantVariables | ['MAX_CHAIN_ID', 'MIN_SCHEDULE_DATA_LENGTH', 'SCHEDULE', 'SCHEDULE_BATCH', 'SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+----------------------------------------------------------------------------------------------------+---------------------------------------------------+ + +INFO:Printers: +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract VerifyBridgedData ++-------------------------------------+--------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------+--------------------------+ +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| slitherConstructorConstantVariables | ['SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------+--------------------------+ + +Contract ProcessBridgedDataGnosis ++-------------------------------------+------------------------------------------------------------------------------------------------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+------------------------------------------------------------------------------------------------------------------+--------------------------+ +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| slitherConstructorConstantVariables | ['MIN_GNOSIS_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_FOREIGN', 'REQUIRE_TO_PASS_MESSAGE', 'SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+------------------------------------------------------------------------------------------------------------------+--------------------------+ + +INFO:Printers: +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract VerifyBridgedData ++-------------------------------------+--------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------+--------------------------+ +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| slitherConstructorConstantVariables | ['SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------+--------------------------+ + +Contract ProcessBridgedDataPolygon ++-------------------------------------+---------------------------------------------------------------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+---------------------------------------------------------------------------------+--------------------------+ +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| slitherConstructorConstantVariables | ['MIN_POLYGON_PAYLOAD_LENGTH', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE_TO_CHILD'] | [] | ++-------------------------------------+---------------------------------------------------------------------------------+--------------------------+ + +INFO:Printers: +Contract VerifyData ++-------------+-------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------+-------------------------+--------------------------+ +| _verifyData | [] | [] | ++-------------+-------------------------+--------------------------+ + +Contract VerifyBridgedData ++-------------------------------------+--------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------+--------------------------+ +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| slitherConstructorConstantVariables | ['SELECTOR_DATA_LENGTH'] | [] | ++-------------------------------------+--------------------------+--------------------------+ + +Contract ProcessBridgedDataOptimism ++-------------------------------------+--------------------------------------------------------------------------------------------------------+--------------------------+ +| Function | State variables written | Conditions on msg.sender | ++-------------------------------------+--------------------------------------------------------------------------------------------------------+--------------------------+ +| processBridgeData | [] | [] | +| _verifyBridgedData | [] | [] | +| _verifyData | [] | [] | +| processBridgeData | [] | [] | +| slitherConstructorConstantVariables | ['MIN_OPTIMISM_PAYLOAD_LENGTH', 'PROCESS_MESSAGE_FROM_SOURCE', 'SELECTOR_DATA_LENGTH', 'SEND_MESSAGE'] | [] | ++-------------------------------------+--------------------------------------------------------------------------------------------------------+--------------------------+ + +INFO:Slither:. analyzed (20 contracts) diff --git a/contracts/bridges/WormholeMessenger.sol b/contracts/bridges/WormholeMessenger.sol index e0695ef..123793d 100644 --- a/contracts/bridges/WormholeMessenger.sol +++ b/contracts/bridges/WormholeMessenger.sol @@ -17,7 +17,7 @@ contract WormholeMessenger is BridgeMessenger { uint16 public immutable sourceGovernorChainId; // Source governor address on L1 that is authorized to propagate the transaction execution across the bridge bytes32 public sourceGovernor; - // Source governor address on L1 that is authorized to propagate the transaction execution across the bridge + // Map of delivery hashes mapping(bytes32 => bool) public mapDeliveryHashes; /// @dev WormholeMessenger constructor. diff --git a/contracts/multisigs/GuardCM.sol b/contracts/multisigs/GuardCM.sol index 75a2b2b..a467379 100644 --- a/contracts/multisigs/GuardCM.sol +++ b/contracts/multisigs/GuardCM.sol @@ -2,11 +2,24 @@ pragma solidity ^0.8.23; import {Enum} from "@gnosis.pm/safe-contracts/contracts/common/Enum.sol"; +import {VerifyData} from "./VerifyData.sol"; interface IGovernor { function state(uint256 proposalId) external returns (ProposalState); } +interface IBridgeVerifier { + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external; +} + // Governor proposal state enum ProposalState { Pending, @@ -19,6 +32,16 @@ enum ProposalState { Executed } +// Struct for bridge parameters +struct BridgeParams { + // Data verifier contract for calls executed on L2 + address verifierL2; + // Bridge mediator (data receiving) contract on L2 + address bridgeMediatorL2; + // Chain Id: this value cannot practically be bigger than `floor(MAX_UINT64 / 2) - 36` as per EIP 2294 + uint64 chainId; +} + /// @dev Only `owner` has a privilege, but the `sender` was provided. /// @param sender Sender address. /// @param owner Required sender address as an owner. @@ -37,15 +60,11 @@ error ZeroValue(); /// @dev Wrong length of two arrays. /// @param numValues1 Number of values in a first array. -/// @param numValues2 Numberf of values in a second array. -/// @param numValues3 Numberf of values in a third array. -/// @param numValues4 Numberf of values in a fourth array. +/// @param numValues2 Number of of values in a second array. +/// @param numValues3 Number of of values in a third array. +/// @param numValues4 Number of of values in a fourth array. error WrongArrayLength(uint256 numValues1, uint256 numValues2, uint256 numValues3, uint256 numValues4); -/// @dev Provided bridged mediator is not unique. -/// @param bridgeMediator Bridge mediator address. -error BridgeMediatorNotUnique(address bridgeMediator); - /// @dev Provided incorrect data length. /// @param expected Expected minimum data length. /// @param provided Provided data length. @@ -57,38 +76,30 @@ error NoDelegateCall(); /// @dev No self multisig call is allowed. error NoSelfCall(); -/// @dev The combination of target and selector is not authorized. -/// @param target Target address. -/// @param selector Function selector. -/// @param chainId Chain Id. -error NotAuthorized(address target, bytes4 selector, uint256 chainId); - /// @dev The proposal is not defeated. /// @param proposalId Proposal Id. /// @param state Current proposal state. error NotDefeated(uint256 proposalId, ProposalState state); +/// @dev Delegatecall reverted. +error DelegateCallFailed(); + +/// @dev Only the contract address is allowed, but the EOA account was provided. +/// @param account Account address. +error ContractOnly(address account); + /// @dev Passed L2 chain Id is not supported. /// @param chainId L2 chain Id. error L2ChainIdNotSupported(uint256 chainId); -/// @dev Provided wrong function selector. -/// @param functionSig Function selector. -/// @param chainId Chain Id. -error WrongSelector(bytes4 functionSig, uint256 chainId); - -/// @dev Provided wrong L2 bridge mediator address. -/// @param provided Provided address. -/// @param expected Expected address. -error WrongL2BridgeMediator(address provided, address expected); - /// @title GuardCM - Smart contract for Gnosis Safe community multisig (CM) guard /// @author Aleksandr Kuperman - /// @author Andrey Lebedev - -contract GuardCM { +contract GuardCM is VerifyData { event GovernorUpdated(address indexed governor); event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); - event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); + event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed verifierL2s, + address[] indexed bridgeMediatorL2s, uint256[] chainIds); event GovernorCheckProposalIdChanged(uint256 indexed proposalId); event GuardPaused(address indexed account); event GuardUnpaused(); @@ -98,11 +109,6 @@ contract GuardCM { // scheduleBatch selector bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); // requireToPassMessage selector (Gnosis chain) - bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); - // processMessageFromForeign selector (Gnosis chain) - bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); - // sendMessageToChild selector (Polygon) - bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); // Initial check governance proposal Id // Calculated from the proposalHash function of the GovernorOLAS uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; @@ -111,10 +117,8 @@ contract GuardCM { uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; // Minimum data length that contains at least a selector (4 bytes or 32 bits) uint256 public constant SELECTOR_DATA_LENGTH = 4; - // Minimum payload length for message on Gnosis accounting for all required encoding and at least one selector - uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; - // Minimum payload length for message on Polygon accounting for all required encoding and at least one selector - uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; + // Maximum chain Id as per EVM specs + uint256 public constant MAX_CHAIN_ID = type(uint64).max / 2 - 36; // Owner address address public immutable owner; @@ -126,10 +130,8 @@ contract GuardCM { // Guard pausing possibility uint8 public paused = 1; - // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled - mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; - // Mapping of bridge mediator address L1 => (bridge mediator L2 address | uint64 supported L2 chain Id) - mapping(address => uint256) public mapBridgeMediatorL1L2ChainIds; + // Mapping of L1 bridge mediator => (L2 verifier | uint64 supported L2 chain Id | L2 bridge mediator) + mapping(address => BridgeParams) public mapBridgeMediatorL1BridgeParams; /// @dev GuardCM constructor. /// @param _timelock Timelock address. @@ -181,156 +183,6 @@ contract GuardCM { emit GovernorCheckProposalIdChanged(proposalId); } - /// @dev Verifies authorized combinations of target and selector. - /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled - /// @param target Target address. - /// @param data Payload bytes. - /// @param chainId Chain Id. - function _verifyData(address target, bytes memory data, uint256 chainId) internal { - // Push a pair of key defining variables into one key - // target occupies first 160 bits - uint256 targetSelectorChainId = uint256(uint160(target)); - // selector occupies next 32 bits - targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; - // chainId occupies next 64 bits - targetSelectorChainId |= chainId << 192; - - // Check the authorized combination of target and selector - if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { - revert NotAuthorized(target, bytes4(data), chainId); - } - } - - /// @dev Verifies the bridged data for authorized combinations of targets and selectors. - /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: - /// address target, uint96 value, uint32 payloadLength, bytes payload. - /// @param data Payload bytes. - /// @param chainId L2 chain Id. - function _verifyBridgedData(bytes memory data, uint256 chainId) internal { - // Unpack and process the data - // We need to skip first 12 bytes as those are zeros from encoding - for (uint256 i = 0; i < data.length;) { - address target; - uint32 payloadLength; - // solhint-disable-next-line no-inline-assembly - assembly { - // First 20 bytes is the address (160 bits) - i := add(i, 20) - target := mload(add(data, i)) - // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) - i := add(i, 16) - payloadLength := mload(add(data, i)) - } - - // Check for the zero address - if (target == address(0)) { - revert ZeroAddress(); - } - - // The payload length must be at least of the a function selector size - if (payloadLength < SELECTOR_DATA_LENGTH) { - revert IncorrectDataLength(payloadLength, SELECTOR_DATA_LENGTH); - } - - // Get the payload - bytes memory payload = new bytes(payloadLength); - for (uint256 j = 0; j < payloadLength; ++j) { - payload[j] = data[i + j]; - } - // Offset the data by the payload number of bytes - i += payloadLength; - - // Verify the scope of the data - _verifyData(target, payload, chainId); - } - } - - /// @dev Processes bridged data: checks the header and verifies the payload. - /// @param data Full data bytes with the header. - /// @param bridgeMediatorL2 Address of a bridged mediator on L2. - /// @param chainId L2 chain Id. - function _processBridgeData( - bytes memory data, - address bridgeMediatorL2, - uint256 chainId - ) internal - { - // Gnosis chains - if (chainId == 100 || chainId == 10200) { - // Check the L1 initial selector - bytes4 functionSig = bytes4(data); - if (functionSig != REQUIRE_TO_PASS_MESSAGE) { - revert WrongSelector(functionSig, chainId); - } - - // Check if the data length is less than a size of a selector plus the message minimum payload size - if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { - revert IncorrectDataLength(data.length, MIN_GNOSIS_PAYLOAD_LENGTH); - } - - // Copy the data without the selector - bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); - for (uint256 i = 0; i < payload.length; ++i) { - payload[i] = data[i + 4]; - } - - // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (need decoding), requestGasLimit - (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); - // Check that the home mediator matches the L2 bridge mediator address - if (homeMediator != bridgeMediatorL2) { - revert WrongL2BridgeMediator(homeMediator, bridgeMediatorL2); - } - - // Check the L2 initial selector - functionSig = bytes4(mediatorPayload); - if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { - revert WrongSelector(functionSig, chainId); - } - - // Copy the data without a selector - bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); - for (uint256 i = 0; i < bridgePayload.length; ++i) { - bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; - } - - // Decode the processMessageFromForeign payload: l2Message (executed on L2) - (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); - - // Verify processMessageFromForeign payload - _verifyBridgedData(l2Message, chainId); - } - - // Polygon chains - if (chainId == 137 || chainId == 80001) { - // Check the L1 initial selector - bytes4 functionSig = bytes4(data); - if (functionSig != SEND_MESSAGE_TO_CHILD) { - revert WrongSelector(functionSig, chainId); - } - - // Check if the data length is less than a size of a selector plus the message minimum payload size - if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { - revert IncorrectDataLength(data.length, MIN_POLYGON_PAYLOAD_LENGTH); - } - - // Copy the data without the selector - bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); - for (uint256 i = 0; i < payload.length; ++i) { - payload[i] = data[i + SELECTOR_DATA_LENGTH]; - } - - // Decode sendMessageToChild payload: fxGovernorTunnel (L2), l2Message (executed on L2) - (address fxGovernorTunnel, bytes memory l2Message) = abi.decode(payload, (address, bytes)); - // Check that the fxGovernorTunnel matches the L2 bridge mediator address - if (fxGovernorTunnel != bridgeMediatorL2) { - revert WrongL2BridgeMediator(fxGovernorTunnel, bridgeMediatorL2); - } - - // Verify sendMessageToChild payload - _verifyBridgedData(l2Message, chainId); - } - } - /// @dev Verifies authorized target and selector in the schedule or scheduleBatch function call. /// @param data Data in bytes. /// @param selector Schedule function selector. @@ -358,19 +210,26 @@ contract GuardCM { // Traverse all the schedule targets and selectors extracted from calldatas for (uint i = 0; i < targets.length; ++i) { - // Get the bridgeMediatorL2 and L2 chain Id, if any - uint256 bridgeMediatorL2ChainId = mapBridgeMediatorL1L2ChainIds[targets[i]]; - // bridgeMediatorL2 occupies first 160 bits - address bridgeMediatorL2 = address(uint160(bridgeMediatorL2ChainId)); + // Get the verifierL2 and L2 chain Id, if any + BridgeParams memory bridgeParams = mapBridgeMediatorL1BridgeParams[targets[i]]; // Check if the data goes across the bridge - if (bridgeMediatorL2 != address(0)) { - // Get the chain Id - // L2 chain Id occupies next 64 bits - uint256 chainId = bridgeMediatorL2ChainId >> 160; - + if (bridgeParams.verifierL2 != address(0)) { // Process the bridge logic - _processBridgeData(callDatas[i], bridgeMediatorL2, chainId); + (bool success, bytes memory returnData) = bridgeParams.verifierL2.delegatecall(abi.encodeWithSelector( + IBridgeVerifier.processBridgeData.selector, callDatas[i], bridgeParams.bridgeMediatorL2, bridgeParams.chainId)); + // Process unsuccessful delegatecall + if (!success) { + // Get the revert message bytes + if (returnData.length > 0) { + assembly { + let returnDataSize := mload(returnData) + revert(add(32, returnData), returnDataSize) + } + } else { + revert DelegateCallFailed(); + } + } } else { // Verify the data right away as it is not the bridged one _verifyData(targets[i], callDatas[i], block.chainid); @@ -486,16 +345,18 @@ contract GuardCM { emit SetTargetSelectors(targets, selectors, chainIds, statuses); } - /// @dev Sets bridge mediator contracts addresses and L2 chain Ids. + /// @dev Sets bridge mediator and L2 verifier contracts addresses on L1 and L2 chain Ids. /// @notice It is the contract owner responsibility to set correct L1 bridge mediator contracts, - /// corresponding L2 bridge mediator contracts, and supported chain Ids. + /// corresponding L2 verifier contracts, and supported chain Ids. /// @param bridgeMediatorL1s Bridge mediator contract addresses on L1. - /// @param bridgeMediatorL2s Corresponding bridge mediator contract addresses on L2. + /// @param verifierL2s Corresponding L2 verifier contract addresses on L1. /// @param chainIds Corresponding L2 chain Ids. - function setBridgeMediatorChainIds( + /// @param bridgeMediatorL2s Corresponding L2 bridge mediators. + function setBridgeMediatorL1BridgeParams( address[] memory bridgeMediatorL1s, - address[] memory bridgeMediatorL2s, - uint256[] memory chainIds + address[] memory verifierL2s, + uint256[] memory chainIds, + address[] memory bridgeMediatorL2s ) external { // Check for the ownership if (msg.sender != owner) { @@ -503,32 +364,38 @@ contract GuardCM { } // Check for array correctness - if (bridgeMediatorL1s.length != bridgeMediatorL2s.length || bridgeMediatorL1s.length != chainIds.length) { - revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); + if (bridgeMediatorL1s.length != verifierL2s.length || bridgeMediatorL1s.length != chainIds.length || + bridgeMediatorL1s.length != bridgeMediatorL2s.length) { + revert WrongArrayLength(bridgeMediatorL1s.length, verifierL2s.length, chainIds.length, bridgeMediatorL2s.length); } - // Link L1 and L2 bridge mediators, set L2 chain Ids + // Link L1 and L2 bridge mediators, set L2 chain Ids and L2 verifiers for (uint256 i = 0; i < chainIds.length; ++i) { // Check for zero addresses - if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { + // Note that bridgeMediatorL2-s can be zero addresses, for example, for Arbitrum case + // TODO: make possible bridgeMediatorL1s[i] to be address(0) in order to remove the L2 chain from the list? + if (bridgeMediatorL1s[i] == address(0) || verifierL2s[i] == address(0)) { revert ZeroAddress(); } - // Check supported chain Ids on L2 + // Check that the verifier is a contract + if (verifierL2s[i].code.length == 0) { + revert ContractOnly(verifierL2s[i]); + } + + // Check chain Id uint256 chainId = chainIds[i]; - if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { + if (chainId == 0 || chainId > MAX_CHAIN_ID) { revert L2ChainIdNotSupported(chainId); } - - // Push a pair of key defining variables into one key - // bridgeMediatorL2 occupies first 160 bits - uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); - // L2 chain Id occupies next 64 bits - bridgeMediatorL2ChainId |= chainId << 160; - mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1s[i]] = bridgeMediatorL2ChainId; + + // Set bridge params + BridgeParams storage bridgeParams = mapBridgeMediatorL1BridgeParams[bridgeMediatorL1s[i]]; + bridgeParams.verifierL2 = verifierL2s[i]; + bridgeParams.bridgeMediatorL2 = bridgeMediatorL2s[i]; + bridgeParams.chainId = uint64(chainIds[i]); } - - emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); + emit SetBridgeMediators(bridgeMediatorL1s, verifierL2s, bridgeMediatorL2s, chainIds); } /// @dev Pauses the guard restoring a full CM functionality. @@ -589,19 +456,4 @@ contract GuardCM { status = mapAllowedTargetSelectorChainIds[targetSelectorChainId]; } - - /// @dev Gets the address of a bridge mediator contract address on L2 and corresponding L2 chain Id. - /// @param bridgeMediatorL1 Bridge mediator contract addresses on L1. - /// @return bridgeMediatorL2 Corresponding bridge mediator contract addresses on L2. - /// @return chainId Corresponding L2 chain Ids. - function getBridgeMediatorChainId(address bridgeMediatorL1) external view - returns (address bridgeMediatorL2, uint256 chainId) - { - // Get the bridgeMediatorL2 and L2 chain Id - uint256 bridgeMediatorL2ChainId = mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1]; - // bridgeMediatorL2 occupies first 160 bits - bridgeMediatorL2 = address(uint160(bridgeMediatorL2ChainId)); - // L2 chain Id occupies next 64 bits - chainId = bridgeMediatorL2ChainId >> 160; - } } \ No newline at end of file diff --git a/contracts/multisigs/VerifyData.sol b/contracts/multisigs/VerifyData.sol new file mode 100644 index 0000000..c34a77c --- /dev/null +++ b/contracts/multisigs/VerifyData.sol @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +/// @dev The combination of target and selector is not authorized. +/// @param target Target address. +/// @param selector Function selector. +/// @param chainId Chain Id. +error NotAuthorized(address target, bytes4 selector, uint256 chainId); + +/// @title VerifyData - Smart contract for verifying the Guard CM data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyData { + // Mapping of (target address | bytes4 selector | uint64 chain Id) => enabled / disabled + mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; + + /// @dev Verifies authorized combinations of target and selector. + /// @notice The bottom-most internal function is still not "view" since some reverts are not explicitly handled + /// @param target Target address. + /// @param data Payload bytes. + /// @param chainId Chain Id. + function _verifyData(address target, bytes memory data, uint256 chainId) internal { + // Push a pair of key defining variables into one key + // target occupies first 160 bits + uint256 targetSelectorChainId = uint256(uint160(target)); + // selector occupies next 32 bits + bytes4 targetSelector = bytes4(data); + targetSelectorChainId |= uint256(uint32(targetSelector)) << 160; + // chainId occupies next 64 bits + targetSelectorChainId |= chainId << 192; + + // Check the authorized combination of target and selector + if (!mapAllowedTargetSelectorChainIds[targetSelectorChainId]) { + revert NotAuthorized(target, targetSelector, chainId); + } + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/ProcessBridgedDataArbitrum.sol b/contracts/multisigs/bridge_verifier/ProcessBridgedDataArbitrum.sol new file mode 100644 index 0000000..6bce2d3 --- /dev/null +++ b/contracts/multisigs/bridge_verifier/ProcessBridgedDataArbitrum.sol @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyBridgedData} from "./VerifyBridgedData.sol"; + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @title ProcessBridgedDataArbitrum - Smart contract for verifying the Guard CM bridged data on Arbitrum +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataArbitrum is VerifyBridgedData { + // unsafeCreateRetryableTicket selector in bridge mediator L1 + bytes4 public constant CREATE_TICKET_UNSAFE = bytes4(keccak256(bytes("unsafeCreateRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,bytes)"))); + // createRetryableTicket selector in bridge mediator L1 + bytes4 public constant CREATE_TICKET = bytes4(keccak256(bytes("createRetryableTicket(address,uint256,uint256,address,address,uint256,uint256,bytes)"))); + // Minimum payload length for message on Arbitrum accounting for all required encoding and at least one selector + uint256 public constant MIN_ARBITRUM_PAYLOAD_LENGTH = 324; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != CREATE_TICKET_UNSAFE && functionSig != CREATE_TICKET) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_ARBITRUM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_ARBITRUM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the payload depending on the selector + (address targetAddress, , , , , , , bytes memory targetPayload) = + abi.decode(payload, (address, uint256, uint256, address, address, uint256, uint256, bytes)); + + // Verify the scope of the data + _verifyData(targetAddress, targetPayload, chainId); + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/ProcessBridgedDataGnosis.sol b/contracts/multisigs/bridge_verifier/ProcessBridgedDataGnosis.sol new file mode 100644 index 0000000..5f0400e --- /dev/null +++ b/contracts/multisigs/bridge_verifier/ProcessBridgedDataGnosis.sol @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyBridgedData} from "./VerifyBridgedData.sol"; + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataGnosis - Smart contract for verifying the Guard CM bridged data on Gnosis +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataGnosis is VerifyBridgedData { + // requireToPassMessage selector in bridge mediator L1 + bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); + // processMessageFromForeign selector (Gnosis chain) + bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); + // Minimum payload length for message on Gnosis accounting for all required encoding and at least one selector + uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != REQUIRE_TO_PASS_MESSAGE) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_GNOSIS_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (needs decoding), requestGasLimit + (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); + // Check that the home mediator matches the L2 bridge mediator address + if (homeMediator != bridgeMediatorL2) { + revert WrongL2BridgeMediator(homeMediator, bridgeMediatorL2); + } + + // Check the L2 initial selector + functionSig = bytes4(mediatorPayload); + if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { + revert WrongSelector(functionSig, chainId); + } + + // Copy the data without a selector + bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < bridgePayload.length; ++i) { + bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; + } + + // Decode the processMessageFromForeign payload: l2Message (executed on L2) + (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); + + // Verify processMessageFromForeign payload + _verifyBridgedData(l2Message, chainId); + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/ProcessBridgedDataOptimism.sol b/contracts/multisigs/bridge_verifier/ProcessBridgedDataOptimism.sol new file mode 100644 index 0000000..f98951d --- /dev/null +++ b/contracts/multisigs/bridge_verifier/ProcessBridgedDataOptimism.sol @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyBridgedData} from "./VerifyBridgedData.sol"; + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataOptimism - Smart contract for verifying the Guard CM bridged data on Optimism and Base +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataOptimism is VerifyBridgedData { + // sendMessage selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE = bytes4(keccak256(bytes("sendMessage(address,bytes,uint32)"))); + // processMessageFromSource selector (Optimism and Base chains) + bytes4 public constant PROCESS_MESSAGE_FROM_SOURCE = bytes4(keccak256(bytes("processMessageFromSource(bytes)"))); + // Minimum payload length for message on Optimism accounting for all required encoding and at least one selector + uint256 public constant MIN_OPTIMISM_PAYLOAD_LENGTH = 292; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_OPTIMISM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_OPTIMISM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the sendMessage payload: optimismMessenger (L2), mediatorPayload (needs decoding), minGasLimit + (address optimismMessenger, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint32)); + // Check that the optimism messenger matches the L2 bridge mediator address + if (optimismMessenger != bridgeMediatorL2) { + revert WrongL2BridgeMediator(optimismMessenger, bridgeMediatorL2); + } + + // Check the L2 initial selector + functionSig = bytes4(mediatorPayload); + if (functionSig != PROCESS_MESSAGE_FROM_SOURCE) { + revert WrongSelector(functionSig, chainId); + } + + // Copy the data without a selector + bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < bridgePayload.length; ++i) { + bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; + } + + // Decode the processMessageFromSource payload: l2Message (executed on L2) + (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); + + // Verify processMessageFromSource payload + _verifyBridgedData(l2Message, chainId); + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/ProcessBridgedDataPolygon.sol b/contracts/multisigs/bridge_verifier/ProcessBridgedDataPolygon.sol new file mode 100644 index 0000000..4ae2e86 --- /dev/null +++ b/contracts/multisigs/bridge_verifier/ProcessBridgedDataPolygon.sol @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyBridgedData} from "./VerifyBridgedData.sol"; + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataPolygon - Smart contract for verifying the Guard CM bridged data on Polygon +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataPolygon is VerifyBridgedData { + // sendMessageToChild selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); + // Minimum payload length for message on Polygon accounting for all required encoding and at least one selector + uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE_TO_CHILD) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_POLYGON_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + SELECTOR_DATA_LENGTH]; + } + + // Decode sendMessageToChild payload: fxGovernorTunnel (L2), l2Message (executed on L2) + (address fxGovernorTunnel, bytes memory l2Message) = abi.decode(payload, (address, bytes)); + // Check that the fxGovernorTunnel matches the L2 bridge mediator address + if (fxGovernorTunnel != bridgeMediatorL2) { + revert WrongL2BridgeMediator(fxGovernorTunnel, bridgeMediatorL2); + } + + // Verify sendMessageToChild payload + _verifyBridgedData(l2Message, chainId); + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/ProcessBridgedDataWormhole.sol b/contracts/multisigs/bridge_verifier/ProcessBridgedDataWormhole.sol new file mode 100644 index 0000000..8df2080 --- /dev/null +++ b/contracts/multisigs/bridge_verifier/ProcessBridgedDataWormhole.sol @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyBridgedData} from "./VerifyBridgedData.sol"; + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error IncorrectDataLength(uint256 expected, uint256 provided); + +/// @dev Provided wrong function selector. +/// @param functionSig Function selector. +/// @param chainId Chain Id. +error WrongSelector(bytes4 functionSig, uint256 chainId); + +/// @dev Provided wrong L2 bridge mediator address. +/// @param provided Provided address. +/// @param expected Expected address. +error WrongL2BridgeMediator(address provided, address expected); + +/// @title ProcessBridgedDataWormhole - Smart contract for verifying the Guard CM bridged data on L2 via Wormhole standard +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +contract ProcessBridgedDataWormhole is VerifyBridgedData { + // sendPayloadToEvm selector in bridge mediator L1 with the possibility of refund for reverted calls + bytes4 public constant SEND_MESSAGE_REFUND = bytes4(keccak256(bytes("sendPayloadToEvm(uint16,address,bytes,uint256,uint256,uint16,address)"))); + // sendPayloadToEvm selector in bridge mediator L1 + bytes4 public constant SEND_MESSAGE = bytes4(keccak256(bytes("sendPayloadToEvm(uint16,address,bytes,uint256,uint256)"))); + // Minimum payload length for message sent via Wormhole accounting for all required encoding and at least one selector + uint256 public constant MIN_OPTIMISM_PAYLOAD_LENGTH = 324; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external override + { + // Check the L1 initial selector + bytes4 functionSig = bytes4(data); + if (functionSig != SEND_MESSAGE && functionSig != SEND_MESSAGE_REFUND) { + revert WrongSelector(functionSig, chainId); + } + + // Check if the data length is less than a size of a selector plus the message minimum payload size + if (data.length < MIN_OPTIMISM_PAYLOAD_LENGTH) { + revert IncorrectDataLength(data.length, MIN_OPTIMISM_PAYLOAD_LENGTH); + } + + // Copy the data without the selector + bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); + for (uint256 i = 0; i < payload.length; ++i) { + payload[i] = data[i + 4]; + } + + // Decode the payload depending on the selector + address wormholeMessenger; + bytes memory l2Message; + if (functionSig == SEND_MESSAGE) { + (, wormholeMessenger, l2Message, , ) = + abi.decode(payload, (uint16, address, bytes, uint256, uint256)); + } else { + (, wormholeMessenger, l2Message, , , , ) = + abi.decode(payload, (uint16, address, bytes, uint256, uint256, uint16, address)); + } + + // Check that the wormhole messenger matches the L2 bridge mediator address + if (wormholeMessenger != bridgeMediatorL2) { + revert WrongL2BridgeMediator(wormholeMessenger, bridgeMediatorL2); + } + + // Verify processMessageFromSource payload + _verifyBridgedData(l2Message, chainId); + } +} \ No newline at end of file diff --git a/contracts/multisigs/bridge_verifier/VerifyBridgedData.sol b/contracts/multisigs/bridge_verifier/VerifyBridgedData.sol new file mode 100644 index 0000000..9e77245 --- /dev/null +++ b/contracts/multisigs/bridge_verifier/VerifyBridgedData.sol @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.23; + +import {VerifyData} from "../VerifyData.sol"; + +/// @dev Provided zero address. +error ZeroAddress(); + +/// @dev Provided incorrect data length. +/// @param expected Expected minimum data length. +/// @param provided Provided data length. +error DataLengthIncorrect(uint256 expected, uint256 provided); + +/// @title VerifyBridgedData - Smart contract for verifying the Guard CM bridged data +/// @author Aleksandr Kuperman - +/// @author Andrey Lebedev - +/// @author Mariapia Moscatiello - +abstract contract VerifyBridgedData is VerifyData { + // Minimum data length that contains at least a selector (4 bytes or 32 bits) + uint256 public constant SELECTOR_DATA_LENGTH = 4; + + /// @dev Processes bridged data: checks the header and verifies the payload. + /// @param data Full data bytes with the header. + /// @param bridgeMediatorL2 Address of a bridged mediator on L2. + /// @param chainId L2 chain Id. + function processBridgeData( + bytes memory data, + address bridgeMediatorL2, + uint256 chainId + ) external virtual; + + /// @dev Verifies the bridged data for authorized combinations of targets and selectors. + /// @notice The processed data is packed as a set of bytes that are assembled using the following parameters: + /// address target, uint96 value, uint32 payloadLength, bytes payload. + /// @param data Payload bytes. + /// @param chainId L2 chain Id. + function _verifyBridgedData(bytes memory data, uint256 chainId) internal { + // Unpack and process the data + // We need to skip first 12 bytes as those are zeros from encoding + for (uint256 i = 0; i < data.length;) { + address target; + uint32 payloadLength; + // solhint-disable-next-line no-inline-assembly + assembly { + // First 20 bytes is the address (160 bits) + i := add(i, 20) + target := mload(add(data, i)) + // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) + i := add(i, 16) + payloadLength := mload(add(data, i)) + } + + // Check for the zero address + if (target == address(0)) { + revert ZeroAddress(); + } + + // The payload length must be at least of the a function selector size + if (payloadLength < SELECTOR_DATA_LENGTH) { + revert DataLengthIncorrect(payloadLength, SELECTOR_DATA_LENGTH); + } + + // Get the payload + bytes memory payload = new bytes(payloadLength); + for (uint256 j = 0; j < payloadLength; ++j) { + payload[j] = data[i + j]; + } + // Offset the data by the payload number of bytes + i += payloadLength; + + // Verify the scope of the data + _verifyData(target, payload, chainId); + } + } +} \ No newline at end of file diff --git a/scripts/deployment/bridges/optimistic/test/messenger_sepolia_base_sepolia_governor.js b/scripts/deployment/bridges/optimistic/test/messenger_sepolia_base_sepolia_governor.js index 5d15778..864cb63 100644 --- a/scripts/deployment/bridges/optimistic/test/messenger_sepolia_base_sepolia_governor.js +++ b/scripts/deployment/bridges/optimistic/test/messenger_sepolia_base_sepolia_governor.js @@ -99,7 +99,7 @@ async function main() { const balanceETHBefore = await baseSepoliaProvider.getBalance(EOAbaseSepolia.address); // Build the final payload to be passed from the imaginary Timelock - const messengerPayload = await optimismMessenger.interface.encodeFunctionData("processMessageFromForeign", [data]); + const messengerPayload = await optimismMessenger.interface.encodeFunctionData("processMessageFromSource", [data]); const minGasLimit = "2000000"; const timelockPayload = await CDMProxy.interface.encodeFunctionData("sendMessage", [optimismMessengerAddress, messengerPayload, minGasLimit]); diff --git a/scripts/deployment/bridges/optimistic/test/messenger_sepolia_optimistic_sepolia_governor.js b/scripts/deployment/bridges/optimistic/test/messenger_sepolia_optimistic_sepolia_governor.js index 3b80715..a392f36 100644 --- a/scripts/deployment/bridges/optimistic/test/messenger_sepolia_optimistic_sepolia_governor.js +++ b/scripts/deployment/bridges/optimistic/test/messenger_sepolia_optimistic_sepolia_governor.js @@ -99,7 +99,7 @@ async function main() { const balanceETHBefore = await optimisticSepoliaProvider.getBalance(EOAoptimisticSepolia.address); // Build the final payload to be passed from the imaginary Timelock - const messengerPayload = await optimismMessenger.interface.encodeFunctionData("processMessageFromForeign", [data]); + const messengerPayload = await optimismMessenger.interface.encodeFunctionData("processMessageFromSource", [data]); const minGasLimit = "2000000"; const timelockPayload = await CDMProxy.interface.encodeFunctionData("sendMessage", [optimismMessengerAddress, messengerPayload, minGasLimit]); diff --git a/test/GuardCM.js b/test/GuardCM.js index bbb3ff5..29b7a09 100644 --- a/test/GuardCM.js +++ b/test/GuardCM.js @@ -16,25 +16,95 @@ describe("Community Multisig Guard", function () { let olas; let ve; let governor; + let processBridgedDataGnosis; + let processBridgedDataPolygon; + let processBridgedDataArbitrum; + let processBridgedDataOptimism; + let processBridgedDataWormhole; let signers; let deployer; - const l1BridgeMediators = ["0x4C36d2919e407f0Cc2Ee3c993ccF8ac26d9CE64e", "0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2"]; - const l2BridgeMediators =["0x15bd56669F57192a97dF41A2aa8f4403e9491776", "0x9338b5153AE39BB89f50468E608eD9d764B755fD"]; - const l2ChainIds = [100, 137]; + const AddressZero = "0x" + "0".repeat(40); const Bytes32Zero = "0x" + "0".repeat(64); const Bytes4Zero = "0x" + "0".repeat(8); + + const l1BridgeMediators = [ + // gnosis (AMBProxyForeign) + "0x4C36d2919e407f0Cc2Ee3c993ccF8ac26d9CE64e", + // polygon (FxRoot) + "0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2", + // arbitrum (Inbox) + "0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3f", + // arbitrum (Inbox) + "0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3f", + // optimism (L1CrossDomainMessenger) + "0x25ace71c97B33Cc4729CF772ae268934F7ab5fA1", + // celo (L1WormholeRelayer) + "0x27428DD2d3DD32A4D7f7C497eAaa23130d894911", + // celo (L1WormholeRelayer) + "0x27428DD2d3DD32A4D7f7C497eAaa23130d894911" + ]; + const l2BridgeMediators = [ + // gnosis (HomeMediator) + "0x15bd56669F57192a97dF41A2aa8f4403e9491776", + // polygon (FxGovernorTunnel) + "0x9338b5153AE39BB89f50468E608eD9d764B755fD", + // arbitrum (None) + AddressZero, + // arbitrum (None) + AddressZero, + // optimism (OptimismMessenger) + "0x670Ac235EE13C0B2a5065282bBB0c61cfB354592", + // celo (WormholeMessenger) + "0x945550dECe7E40ae70C6ebf5699637927eAF13E9", + // celo (WormholeMessenger) + "0x945550dECe7E40ae70C6ebf5699637927eAF13E9" + ]; + + // gnosis, polygon, arbitrum, arbitrum, optimism, celo, celo + const l2ChainIds = [100, 137, 42161, 42161, 10, 42220, 42220]; + const verifiersL2 = new Array(l2ChainIds.length); + // bytes4(keccak256("changeMultisigPermission")) = 0x82694b1d + const l2SelectorPermission = "0x82694b1d"; + // bytes4(keccak256("mint")) = 0x40c10f19 + const l2SelectorMint = "0x40c10f19"; + const l2Selectors = [l2SelectorPermission, l2SelectorPermission, l2SelectorMint, l2SelectorMint, l2SelectorMint, + l2SelectorMint, l2SelectorMint]; + + // ServiceRegistryL2 on Gnosis + const gnosisContractAddress = "0x9338b5153AE39BB89f50468E608eD9d764B755fD"; + const gnosisPayload = "0xdc8601b300000000000000000000000015bd56669f57192a97df41a2aa8f4403e9491776000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e84800000000000000000000000000000000000000000000000000000000000000124cd9e30d9000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000d09338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000003d77596beb0f130a4415df3d2d8232b3d3d31e4400000000000000000000000000000000000000000000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000006e7f594f680f7abad18b7a63de50f0fee47dfd0600000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + // ServiceRegistryL2 on Polygon + const polygonContractAddress = "0xE3607b00E75f6405248323A9417ff6b39B244b50"; + const polygonPayload = "0xb47204770000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000d0e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d00000000000000000000000034c895f302d0b5cf52ec0edd3945321eb0f83dd50000000000000000000000000000000000000000000000000000000000000000e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d000000000000000000000000d8bcc126ff31d2582018715d5291a508530587b0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000"; + // ERC20 mock token on Arbitrum + const arbitrumContractAddress = "0xeDd71796B90eaCc56B074C39BAC90ED2Ca6D93Ee"; + const arbitrumPayload = "0x679b6ded000000000000000000000000edd71796b90eacc56b074c39bac90ed2ca6d93ee00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f3207567800000000000000000000000052370ee170c0e2767b32687166791973a0de796600000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000ac7e0000000000000000000000000000000000000000000000000000000005f5e1000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000"; + const arbitrumPayload2 = "0x6e6e8a6a000000000000000000000000edd71796b90eacc56b074c39bac90ed2ca6d93ee00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f3207567800000000000000000000000052370ee170c0e2767b32687166791973a0de796600000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000ac7e0000000000000000000000000000000000000000000000000000000005f5e1000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000"; + // ERC20 mock token on Optimism + const optimismContractAddress = "0x118173028162C1b7c6Bf8488bd5dA2abd7c30F9D"; + const optimismPayload = "0x3dbb202b000000000000000000000000670ac235ee13c0b2a5065282bbb0c61cfb354592000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e848000000000000000000000000000000000000000000000000000000000000000c4d3042d2b00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000068118173028162c1b7c6bf8488bd5da2abd7c30f9d0000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + // ERC20 mock token on Celo + const celoContractAddress = "0x34235f9D447f9F54167e2Ac7A0F4283cB3fAD669"; + const celoPayload = "0x4b5ca6f4000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e900000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e8480000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e9000000000000000000000000000000000000000000000000000000000000006834235f9d447f9f54167e2ac7a0f4283cb3fad6690000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de79660000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000"; + const celoPayload2 = "0x8fecdd02000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e900000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e8480000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e9000000000000000000000000000000000000000000000000000000000000006834235f9d447f9f54167e2ac7a0f4283cb3fad6690000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de79660000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000"; + + const l2ContractAddresses = [ + gnosisContractAddress, + polygonContractAddress, + arbitrumContractAddress, + arbitrumContractAddress, + optimismContractAddress, + celoContractAddress, + celoContractAddress + ]; + const safeThreshold = 7; const initialVotingDelay = 5; const initialVotingPeriod = 10; const initialProposalThreshold = ethers.utils.parseEther("5"); const quorum = 1; const localChainId = 31337; - const l2Selector = "0x82694b1d"; - const gnosisContractAddress = "0x9338b5153AE39BB89f50468E608eD9d764B755fD"; - const gnosisPayload = "0xdc8601b300000000000000000000000015bd56669f57192a97df41a2aa8f4403e9491776000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e84800000000000000000000000000000000000000000000000000000000000000124cd9e30d9000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000d09338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000003d77596beb0f130a4415df3d2d8232b3d3d31e4400000000000000000000000000000000000000000000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000006e7f594f680f7abad18b7a63de50f0fee47dfd0600000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; - const polygonContractAddress = "0xE3607b00E75f6405248323A9417ff6b39B244b50"; - const polygonPayload = "0xb47204770000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000d0e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d00000000000000000000000034c895f302d0b5cf52ec0edd3945321eb0f83dd50000000000000000000000000000000000000000000000000000000000000000e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d000000000000000000000000d8bcc126ff31d2582018715d5291a508530587b0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000"; beforeEach(async function () { const GnosisSafe = await ethers.getContractFactory("GnosisSafe"); @@ -91,11 +161,41 @@ describe("Community Multisig Guard", function () { ve = await VotingEscrow.deploy(olas.address, "Voting Escrow OLAS", "veOLAS"); await ve.deployed(); + // Deploy the governor const Governor = await ethers.getContractFactory("GovernorOLAS"); governor = await Governor.deploy(ve.address, timelock.address, initialVotingDelay, initialVotingPeriod, initialProposalThreshold, quorum); await governor.deployed(); + // Deploy L2 verifiers + const ProcessBridgedDataGnosis = await ethers.getContractFactory("ProcessBridgedDataGnosis"); + processBridgedDataGnosis = await ProcessBridgedDataGnosis.deploy(); + await processBridgedDataGnosis.deployed(); + verifiersL2[0] = processBridgedDataGnosis.address; + + const ProcessBridgedDataPolygon = await ethers.getContractFactory("ProcessBridgedDataPolygon"); + processBridgedDataPolygon = await ProcessBridgedDataPolygon.deploy(); + await processBridgedDataPolygon.deployed(); + verifiersL2[1] = processBridgedDataPolygon.address; + + const ProcessBridgedDataArbitrum = await ethers.getContractFactory("ProcessBridgedDataArbitrum"); + processBridgedDataArbitrum = await ProcessBridgedDataArbitrum.deploy(); + await processBridgedDataArbitrum.deployed(); + verifiersL2[2] = processBridgedDataArbitrum.address; + verifiersL2[3] = processBridgedDataArbitrum.address; + + const ProcessBridgedDataOptimism = await ethers.getContractFactory("ProcessBridgedDataOptimism"); + processBridgedDataOptimism = await ProcessBridgedDataOptimism.deploy(); + await processBridgedDataOptimism.deployed(); + verifiersL2[4] = processBridgedDataOptimism.address; + + const ProcessBridgedDataWormhole = await ethers.getContractFactory("ProcessBridgedDataWormhole"); + processBridgedDataWormhole = await ProcessBridgedDataWormhole.deploy(); + await processBridgedDataWormhole.deployed(); + verifiersL2[5] = processBridgedDataWormhole.address; + verifiersL2[6] = processBridgedDataWormhole.address; + + // Deploy Guard CM const GuardCM = await ethers.getContractFactory("GuardCM"); guard = await GuardCM.deploy(timelock.address, multisig.address, governor.address); await guard.deployed(); @@ -200,37 +300,57 @@ describe("Community Multisig Guard", function () { it("Set bridge mediators", async function () { // Try to set selectors not by the timelock await expect( - guard.setBridgeMediatorChainIds([], [], []) + guard.setBridgeMediatorL1BridgeParams([], [], [], []) ).to.be.revertedWithCustomError(guard, "OwnerOnly"); // Incorrect L2 setup - let setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [l1BridgeMediators, [], []]); + let setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[l1BridgeMediators[0]], [], [], []]); + await expect( + timelock.execute(guard.address, setBridgeMediatorsPayload) + ).to.be.reverted; + + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[l1BridgeMediators[0]], [verifiersL2[0]], [], []]); await expect( timelock.execute(guard.address, setBridgeMediatorsPayload) ).to.be.reverted; - setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [l1BridgeMediators, l2BridgeMediators, []]); + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[l1BridgeMediators[0]], [verifiersL2[0]], [0], []]); await expect( timelock.execute(guard.address, setBridgeMediatorsPayload) ).to.be.reverted; // Zero addresses and chain Ids - setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [[AddressZero], [AddressZero], [0]]); + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[AddressZero], [AddressZero], [0], [AddressZero]]); + await expect( + timelock.execute(guard.address, setBridgeMediatorsPayload) + ).to.be.reverted; + + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[signers[1].address], [AddressZero], [0], [AddressZero]]); + await expect( + timelock.execute(guard.address, setBridgeMediatorsPayload) + ).to.be.reverted; + + // L2 verifier is an EOA + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[signers[1].address], [signers[2].address], [0], [AddressZero]]); await expect( timelock.execute(guard.address, setBridgeMediatorsPayload) ).to.be.reverted; - setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [[signers[1].address], [AddressZero], [0]]); + // Chain Id is out of bounds + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[l1BridgeMediators[0]], [verifiersL2[0]], [0], [AddressZero]]); await expect( timelock.execute(guard.address, setBridgeMediatorsPayload) ).to.be.reverted; - setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [[signers[1].address], [signers[2].address], [0]]); + setBridgeMediatorsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [[l1BridgeMediators[0]], [verifiersL2[0]], [ethers.constants.MaxUint256], [AddressZero]]); await expect( timelock.execute(guard.address, setBridgeMediatorsPayload) ).to.be.reverted; @@ -645,6 +765,9 @@ describe("Community Multisig Guard", function () { }); it("Swapping the CM Guard by the Timelock", async function () { + // Take a snapshot of the current state of the blockchain + const snapshot = await helpers.takeSnapshot(); + // Add timelock as a module let nonce = await multisig.nonce(); let txHashData = await safeContracts.buildContractCall(multisig, "enableModule", [timelock.address], nonce, 0, 0); @@ -682,26 +805,34 @@ describe("Community Multisig Guard", function () { const curGuard = await ethers.provider.getStorageAt(multisig.address, guardStorageSlot); const guardAddress = "0x" + curGuard.slice(26); expect(guardAddress).to.equal(newGuard.address.toLowerCase()); + + // Restore to the state of the snapshot + await snapshot.restore(); }); }); context("Timelock manipulation via the CM across the bridge", async function () { it("CM Guard with a bridged data in a schedule function", async function () { + // Take a snapshot of the current state of the blockchain + const snapshot = await helpers.takeSnapshot(); + // Authorize pre-defined target, selector and chainId + const permissions = new Array(l2ChainIds.length).fill(true); const setTargetSelectorChainIdsPayload = guard.interface.encodeFunctionData("setTargetSelectorChainIds", - [[gnosisContractAddress, polygonContractAddress], [l2Selector, l2Selector], [100, 137], [true, true]]); + [l2ContractAddresses, l2Selectors, l2ChainIds, permissions]); await timelock.execute(guard.address, setTargetSelectorChainIdsPayload); // Set bridge mediator contract addresses and chain Ids - const setBridgeMediatorChainIdsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [l1BridgeMediators, l2BridgeMediators, l2ChainIds]); - await timelock.execute(guard.address, setBridgeMediatorChainIdsPayload); + const setBridgeMediatorL1BridgeParamsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [l1BridgeMediators, verifiersL2, l2ChainIds, l2BridgeMediators]); + await timelock.execute(guard.address, setBridgeMediatorL1BridgeParamsPayload); // Check that the bridge mediators are set correctly for (let i = 0; i < l1BridgeMediators.length; i++) { - const result = await guard.getBridgeMediatorChainId(l1BridgeMediators[i]); - expect(result.bridgeMediatorL2).to.equal(l2BridgeMediators[i]); + const result = await guard.mapBridgeMediatorL1BridgeParams(l1BridgeMediators[i]); + expect(result.verifierL2).to.equal(verifiersL2[i]); expect(result.chainId).to.equal(l2ChainIds[i]); + expect(result.bridgeMediatorL2).to.equal(l2BridgeMediators[i]); } // Check Gnosis payload @@ -713,18 +844,50 @@ describe("Community Multisig Guard", function () { txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[1], 0, polygonPayload, Bytes32Zero, Bytes32Zero, 0]); await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Check Arbitrum payload + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[2], 0, arbitrumPayload, + Bytes32Zero, Bytes32Zero, 0]); + await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Check Arbitrum payload2 + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[2], 0, arbitrumPayload2, + Bytes32Zero, Bytes32Zero, 0]); + await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Check Optimism payload + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[4], 0, optimismPayload, + Bytes32Zero, Bytes32Zero, 0]); + await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Check celo payload + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[5], 0, celoPayload, + Bytes32Zero, Bytes32Zero, 0]); + await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Check celo payload2 + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[6], 0, celoPayload2, + Bytes32Zero, Bytes32Zero, 0]); + await guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero); + + // Restore to the state of the snapshot + await snapshot.restore(); }); it("Should fail with the incorrect bridged data in a schedule function", async function () { + // Take a snapshot of the current state of the blockchain + const snapshot = await helpers.takeSnapshot(); + // Authorize pre-defined target, selector and chainId + const permissions = new Array(l2ChainIds.length).fill(true); const setTargetSelectorChainIdsPayload = guard.interface.encodeFunctionData("setTargetSelectorChainIds", - [[gnosisContractAddress, polygonContractAddress], [l2Selector, l2Selector], [10200, 80001], [true, true]]); + [l2ContractAddresses, l2Selectors, l2ChainIds, permissions]); await timelock.execute(guard.address, setTargetSelectorChainIdsPayload); // Set bridge mediator contract addresses and chain Ids - const setBridgeMediatorChainIdsPayload = guard.interface.encodeFunctionData("setBridgeMediatorChainIds", - [l1BridgeMediators, l2BridgeMediators, [10200, 80001]]); - await timelock.execute(guard.address, setBridgeMediatorChainIdsPayload); + const setBridgeMediatorL1BridgeParamsPayload = guard.interface.encodeFunctionData("setBridgeMediatorL1BridgeParams", + [l1BridgeMediators, verifiersL2, l2ChainIds, l2BridgeMediators]); + await timelock.execute(guard.address, setBridgeMediatorL1BridgeParamsPayload); // Check Gnosis payload // Second payload data has a zero target address @@ -741,7 +904,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "IncorrectDataLength"); + ).to.be.revertedWithCustomError(processBridgedDataGnosis, "DataLengthIncorrect"); // processMessageFromForeign selector is incorrect errorGnosisPayload = "0xdc8601b300000000000000000000000015bd56669f57192a97df41a2aa8f4403e9491776000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e84800000000000000000000000000000000000000000000000000000000000000124aa9e30d9000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000d09338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000003d77596beb0f130a4415df3d2d8232b3d3d31e4400000000000000000000000000000000000000000000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000006e7f594f680f7abad18b7a63de50f0fee47dfd0600000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; @@ -749,7 +912,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "WrongSelector"); + ).to.be.revertedWithCustomError(processBridgedDataGnosis, "WrongSelector"); // homeMediator address is incorrect errorGnosisPayload = "0xdc8601b300000000000000000000000015bd56669f57192a97df41a2aa8f4403e9491775000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e84800000000000000000000000000000000000000000000000000000000000000124aa9e30d9000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000d09338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000003d77596beb0f130a4415df3d2d8232b3d3d31e4400000000000000000000000000000000000000000000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000006e7f594f680f7abad18b7a63de50f0fee47dfd0600000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; @@ -757,7 +920,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "WrongL2BridgeMediator"); + ).to.be.revertedWithCustomError(processBridgedDataGnosis, "WrongL2BridgeMediator"); // requireToPassMessage selector is incorrect errorGnosisPayload = "0xaa8601b300000000000000000000000015bd56669f57192a97df41a2aa8f4403e9491776000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e84800000000000000000000000000000000000000000000000000000000000000124aa9e30d9000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000d09338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000003d77596beb0f130a4415df3d2d8232b3d3d31e4400000000000000000000000000000000000000000000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd0000000000000000000000000000004482694b1d0000000000000000000000006e7f594f680f7abad18b7a63de50f0fee47dfd0600000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; @@ -765,7 +928,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "WrongSelector"); + ).to.be.revertedWithCustomError(processBridgedDataGnosis, "WrongSelector"); // gnosis payload length is incorrect errorGnosisPayload = "0xdc8601b3"; @@ -773,7 +936,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "IncorrectDataLength"); + ).to.be.revertedWithCustomError(processBridgedDataGnosis, "IncorrectDataLength"); // Check Polygon payload // fxGovernorTunnel address is incorrect @@ -782,7 +945,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "WrongL2BridgeMediator"); + ).to.be.revertedWithCustomError(processBridgedDataPolygon, "WrongL2BridgeMediator"); // sendMessageToChild selector is incorrect errorPolygonPayload = "0xaa7204770000000000000000000000009338b5153ae39bb89f50468e608ed9d764b755fd000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000d0e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d00000000000000000000000034c895f302d0b5cf52ec0edd3945321eb0f83dd50000000000000000000000000000000000000000000000000000000000000000e3607b00e75f6405248323a9417ff6b39b244b500000000000000000000000000000004482694b1d000000000000000000000000d8bcc126ff31d2582018715d5291a508530587b0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000"; @@ -790,7 +953,7 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "WrongSelector"); + ).to.be.revertedWithCustomError(processBridgedDataPolygon, "WrongSelector"); // polygon payload length is incorrect errorPolygonPayload = "0xb4720477"; @@ -798,7 +961,85 @@ describe("Community Multisig Guard", function () { Bytes32Zero, Bytes32Zero, 0]); await expect( guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) - ).to.be.revertedWithCustomError(guard, "IncorrectDataLength"); + ).to.be.revertedWithCustomError(processBridgedDataPolygon, "IncorrectDataLength"); + + // Check Arbitrum payload + // createRetryableTicket or unsafeCreateRetryableTicket selector is incorrect + let errorArbitrumPayload = "0x679b6de1"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[2], 0, errorArbitrumPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataArbitrum, "WrongSelector"); + + // arbitrum payload length is incorrect + errorArbitrumPayload = "0x679b6ded"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[2], 0, errorArbitrumPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataArbitrum, "IncorrectDataLength"); + + // Check Optimism payload + // optimismMessenger address is incorrect + let errorOptimismPayload = "0x3dbb202b000000000000000000000000670ac235ee13c0b2a5065282bbb0c61cfb354590000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e848000000000000000000000000000000000000000000000000000000000000000c4d3042d2b00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000068118173028162c1b7c6bf8488bd5da2abd7c30f9d0000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[4], 0, errorOptimismPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "WrongL2BridgeMediator"); + + // processMessageFromSource selector is incorrect + errorOptimismPayload = "0x3dbb202b000000000000000000000000670ac235ee13c0b2a5065282bbb0c61cfb354592000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000001e848000000000000000000000000000000000000000000000000000000000000000c4d3042d2a00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000068118173028162c1b7c6bf8488bd5da2abd7c30f9d0000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de7966000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[4], 0, errorOptimismPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "WrongSelector"); + + // optimism sendMessage selector is incorrect + errorOptimismPayload = "0x3dbb202a"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[4], 0, errorOptimismPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "WrongSelector"); + + // optimism payload length is incorrect + errorOptimismPayload = "0x3dbb202b00"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[4], 0, errorOptimismPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "IncorrectDataLength"); + + // Check Celo payload + // wormholeMessenger address is incorrect + let errorCeloPayload = "0x4b5ca6f4000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e800000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e8480000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000945550dece7e40ae70c6ebf5699637927eaf13e9000000000000000000000000000000000000000000000000000000000000006834235f9d447f9f54167e2ac7a0f4283cb3fad6690000000000000000000000000000004440c10f1900000000000000000000000052370ee170c0e2767b32687166791973a0de79660000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[5], 0, errorCeloPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "WrongL2BridgeMediator"); + + // wormhole sendPayloadToEvm selector is incorrect + errorCeloPayload = "0x4b5ca6f0"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[5], 0, errorCeloPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "WrongSelector"); + + // celo payload length is incorrect + errorCeloPayload = "0x4b5ca6f400"; + txData = await timelock.interface.encodeFunctionData("schedule", [l1BridgeMediators[5], 0, errorCeloPayload, + Bytes32Zero, Bytes32Zero, 0]); + await expect( + guard.checkTransaction(timelock.address, 0, txData, 0, 0, 0, 0, AddressZero, AddressZero, "0x", AddressZero) + ).to.be.revertedWithCustomError(processBridgedDataOptimism, "IncorrectDataLength"); + + // Restore to the state of the snapshot + await snapshot.restore(); }); }); });