feat: v2 contracts access control #247

skosito · 2024-07-23T19:07:45Z

closes #197

Summary by CodeRabbit

New Features
- Enhanced security through the introduction of a tssAddress parameter, allowing only authorized entities to perform critical withdrawal operations.
- New interfaces and events to improve error handling and event logging for custody and connector operations.
Bug Fixes
- Implemented access control checks to ensure only designated TSS addresses can execute sensitive functions, improving overall contract security.
Tests
- Updated tests to verify that only authorized TSS addresses can perform withdrawals and other restricted actions, reinforcing security measures.
Chores
- Removed outdated comments and streamlined function calls for clarity and maintainability.

coderabbitai · 2024-07-23T19:08:03Z

Warning

Rate limit exceeded

@skosito has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 4 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 9c324a0 and 77f2bf0.

Walkthrough

The recent changes enhance the security and functionality of various smart contracts by implementing stricter access controls, primarily centered around a new trusted signer (TSS) address. Key functions related to token withdrawals and transactions are now restricted to authorized entities, improving overall contract integrity and user experience through better error handling and event logging.

Changes

Files	Change Summary
`contracts/prototypes/evm/ERC20CustodyNew.sol`, `IERC20CustodyNew.sol`, `GatewayEVM.sol`	Introduced `tssAddress` for enhanced access control; added `onlyTSS` modifier for sensitive functions; implemented event and error interfaces for better logging.
`contracts/prototypes/evm/ZetaConnectorNative.sol`, `ZetaConnectorNonNative.sol`, `ZetaConnectorNewBase.sol`	Updated constructors to accept `tssAddress`; secured withdrawal functions with `onlyTSS` modifier, restricting access to authorized entities.
`test/fuzz/GatewayEVMEchidnaTest.sol`, `test/prototypes/GatewayEVMUniswap.spec.ts`	Modified deployment logic to include `tssAddress`; adjusted interactions to validate against `tssAddress`, enhancing test cases for access control.
`testFoundry/GatewayEVM.t.sol`, `GatewayEVMUpgrade.t.sol`, `GatewayEVMZEVM.t.sol`	Enhanced initialization of contracts with `tssAddress`; added tests to validate access control mechanisms enforcing sender checks against `tssAddress`.
`testFoundry/ZetaConnectorNative.t.sol`, `ZetaConnectorNonNative.t.sol`	Implemented TSS checks in withdrawal tests; modified contract structure to align with new event handling requirements, improving security during withdrawal operations.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant TSS
    participant ERC20CustodyNew
    participant GatewayEVM

    User->>ERC20CustodyNew: initiate withdrawal()
    ERC20CustodyNew->>TSS: validate TSS permissions
    TSS-->>ERC20CustodyNew: permission granted
    ERC20CustodyNew->>GatewayEVM: execute withdrawal
    GatewayEVM-->>User: withdrawal completed

Assessment against linked issues

Objective	Addressed	Explanation
Assess and document contract access control ( #197 )	✅
Update access control mechanisms for new contracts ( #197 )	✅
Ensure TSS address is utilized correctly ( #197 )	✅

🐇 "In the meadow, hops a bright hare,
With contracts changed, we dance in the air!
TSS now guards, with hops and bounds,
Secure transactions, where joy abounds.
With every withdrawal, a cheer will ring,
For safety and fun, let the blockchain sing!" 🐰

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai generate interesting stats about this repository and render them as a table.
- @coderabbitai show all the console.log statements in this repository.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

contracts/prototypes/evm/GatewayEVM.sol

@@ -56,24 +72,24 @@

    // Called by the TSS
    // Calling onRevert directly
-    function executeRevert(address destination, bytes calldata data) public payable {
+    function executeRevert(address destination, bytes calldata data) public payable onlyTSS {


contracts/prototypes/evm/ZetaConnectorNewBase.sol


    IGatewayEVM public immutable gateway;
    address public immutable zetaToken;
+    address public tssAddress;


contracts/prototypes/evm/ERC20CustodyNew.sol


    IGatewayEVM public gateway;
+    address public tssAddress;


codecov-commenter · 2024-07-23T19:11:06Z

Codecov Report

Attention: Patch coverage is 64.28571% with 5 lines in your changes missing coverage. Please review.

Project coverage is 60.91%. Comparing base (a2da596) to head (77f2bf0).

Files	Patch %	Lines
contracts/prototypes/evm/ERC20CustodyNew.sol	50.00%	2 Missing ⚠️
contracts/prototypes/evm/ZetaConnectorNewBase.sol	50.00%	2 Missing ⚠️
contracts/prototypes/evm/GatewayEVM.sol	75.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #247      +/-   ##
==========================================
- Coverage   61.08%   60.91%   -0.17%     
==========================================
  Files          16       16              
  Lines         388      394       +6     
  Branches      104      103       -1     
==========================================
+ Hits          237      240       +3     
- Misses        151      154       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

coderabbitai

Actionable comments posted: 3

Outside diff range, codebase verification and nitpick comments (3)

contracts/prototypes/evm/GatewayEVM.sol (3)
Line range hint 75-81:
Address potential reentrancy vulnerabilities.

The executeRevert function may be vulnerable to reentrancy attacks. Consider using the nonReentrant modifier.
-  function executeRevert(address destination, bytes calldata data) public payable onlyTSS {
+  function executeRevert(address destination, bytes calldata data) public payable onlyTSS nonReentrant {
Tools

GitHub Check: Slither

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

Line range hint 75-81:
Avoid low-level calls.

Low-level calls using call are error-prone and should be avoided if possible. Consider using a more secure method.
-  (bool success, bytes memory result) = destination.call{value: msg.value}("");
+  (bool success, bytes memory result) = Address.functionCallWithValue(destination, "", msg.value);
Tools

GitHub Check: Slither

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

Line range hint 86-92:
Address potential reentrancy vulnerabilities.

The execute function may be vulnerable to reentrancy attacks. Consider using the nonReentrant modifier.
-  function execute(address destination, bytes calldata data) external payable onlyTSS returns (bytes memory) {
+  function execute(address destination, bytes calldata data) external payable onlyTSS nonReentrant returns (bytes memory) {

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a2da596 and 58160e8.

Files ignored due to path filters (39)

pkg/contracts/prototypes/evm/erc20custodynew.sol/erc20custodynew.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/gatewayevm.sol/gatewayevm.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/gatewayevmupgradetest.sol/gatewayevmupgradetest.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/ierc20custodynew.sol/ierc20custodynewerrors.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/ierc20custodynew.sol/ierc20custodynewevents.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/igatewayevm.sol/igatewayevmerrors.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/izetaconnector.sol/izetaconnectorevents.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/zetaconnectornative.sol/zetaconnectornative.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/zetaconnectornewbase.sol/zetaconnectornewbase.go is excluded by !pkg/**
pkg/contracts/prototypes/evm/zetaconnectornonnative.sol/zetaconnectornonnative.go is excluded by !pkg/**
pkg/contracts/prototypes/zevm/gatewayzevm.sol/gatewayzevm.go is excluded by !pkg/**
pkg/contracts/zevm/zrc20new.sol/zrc20new.go is excluded by !pkg/**
typechain-types/contracts/prototypes/evm/ERC20CustodyNew.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/IERC20CustodyNew.sol/IERC20CustodyNewErrors.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/IERC20CustodyNew.sol/IERC20CustodyNewEvents.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/IERC20CustodyNew.sol/index.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/IZetaConnector.sol/IZetaConnectorEvents.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/IZetaConnector.sol/index.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/ZetaConnectorNative.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/ZetaConnectorNewBase.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/ZetaConnectorNonNative.ts is excluded by !typechain-types/**
typechain-types/contracts/prototypes/evm/index.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ERC20CustodyNew__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/GatewayEVMUpgradeTest__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/GatewayEVM__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IERC20CustodyNew.sol/IERC20CustodyNewErrors__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IERC20CustodyNew.sol/IERC20CustodyNewEvents__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IERC20CustodyNew.sol/index.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IGatewayEVM.sol/IGatewayEVMErrors__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IZetaConnector.sol/IZetaConnectorEvents__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/IZetaConnector.sol/index.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ZetaConnectorNative__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ZetaConnectorNewBase__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/ZetaConnectorNonNative__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/evm/index.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/prototypes/zevm/GatewayZEVM__factory.ts is excluded by !typechain-types/**
typechain-types/factories/contracts/zevm/ZRC20New.sol/ZRC20New__factory.ts is excluded by !typechain-types/**
typechain-types/hardhat.d.ts is excluded by !typechain-types/**
typechain-types/index.ts is excluded by !typechain-types/**

Files selected for processing (17)

contracts/prototypes/evm/ERC20CustodyNew.sol (2 hunks)
contracts/prototypes/evm/GatewayEVM.sol (5 hunks)
contracts/prototypes/evm/IERC20CustodyNew.sol (1 hunks)
contracts/prototypes/evm/IGatewayEVM.sol (1 hunks)
contracts/prototypes/evm/IZetaConnector.sol (1 hunks)
contracts/prototypes/evm/ZetaConnectorNative.sol (3 hunks)
contracts/prototypes/evm/ZetaConnectorNewBase.sol (1 hunks)
contracts/prototypes/evm/ZetaConnectorNonNative.sol (2 hunks)
contracts/prototypes/zevm/GatewayZEVM.sol (2 hunks)
contracts/zevm/ZRC20New.sol (4 hunks)
test/fuzz/GatewayEVMEchidnaTest.sol (1 hunks)
test/prototypes/GatewayEVMUniswap.spec.ts (2 hunks)
testFoundry/GatewayEVM.t.sol (17 hunks)
testFoundry/GatewayEVMUpgrade.t.sol (1 hunks)
testFoundry/GatewayEVMZEVM.t.sol (6 hunks)
testFoundry/ZetaConnectorNative.t.sol (9 hunks)
testFoundry/ZetaConnectorNonNative.t.sol (10 hunks)

Files skipped from review due to trivial changes (1)

contracts/zevm/ZRC20New.sol

Additional context used

Path-based instructions (11)

contracts/prototypes/evm/IZetaConnector.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/IERC20CustodyNew.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

test/fuzz/GatewayEVMEchidnaTest.sol (1)

Pattern test/**: Review the test files for proper coverage, edge cases, and best practices.

contracts/prototypes/evm/IGatewayEVM.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/ZetaConnectorNewBase.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/ZetaConnectorNonNative.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/ZetaConnectorNative.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/ERC20CustodyNew.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

test/prototypes/GatewayEVMUniswap.spec.ts (1)

Pattern test/**: Review the test files for proper coverage, edge cases, and best practices.

contracts/prototypes/zevm/GatewayZEVM.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

contracts/prototypes/evm/GatewayEVM.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

GitHub Check: Slither

contracts/prototypes/evm/ZetaConnectorNewBase.sol

[warning] 19-19: State variables that could be declared immutable
ZetaConnectorNewBase.tssAddress (contracts/prototypes/evm/ZetaConnectorNewBase.sol#19) should be immutable

contracts/prototypes/evm/ERC20CustodyNew.sol

[warning] 18-18: State variables that could be declared immutable
ERC20CustodyNew.tssAddress (contracts/prototypes/evm/ERC20CustodyNew.sol#18) should be immutable

contracts/prototypes/evm/GatewayEVM.sol

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

[notice] 75-81: Reentrancy vulnerabilities
Reentrancy in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
External calls:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
- Revertable(destination).onRevert(data) (contracts/prototypes/evm/GatewayEVM.sol#78)
External calls sending eth:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
Event emitted after the call(s):
- Reverted(destination,msg.value,data) (contracts/prototypes/evm/GatewayEVM.sol#80)

[warning] 75-81: Low-level calls
Low level call in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

[notice] 86-92: Reentrancy vulnerabilities
Reentrancy in GatewayEVM.execute(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#86-92):
External calls:
- result = _execute(destination,data) (contracts/prototypes/evm/GatewayEVM.sol#87)
- (success,result) = destination.call{value: msg.value}(data) (contracts/prototypes/evm/GatewayEVM.sol#67)
Event emitted after the call(s):
- Executed(destination,msg.value,data) (contracts/prototypes/evm/GatewayEVM.sol#89)

Additional comments not posted (67)

contracts/prototypes/evm/IZetaConnector.sol (3)

5-5: LGTM!

The Withdraw event declaration follows Solidity best practices.

6-6: LGTM!

The WithdrawAndCall event declaration follows Solidity best practices.

7-7: LGTM!

The WithdrawAndRevert event declaration follows Solidity best practices.

contracts/prototypes/evm/IERC20CustodyNew.sol (5)

5-5: LGTM!

The Withdraw event declaration follows Solidity best practices.

6-6: LGTM!

The WithdrawAndCall event declaration follows Solidity best practices.

7-7: LGTM!

The WithdrawAndRevert event declaration follows Solidity best practices.

11-11: LGTM!

The ZeroAddress error declaration follows Solidity best practices.

12-12: LGTM!

The InvalidSender error declaration follows Solidity best practices.

test/fuzz/GatewayEVMEchidnaTest.sol (2)

19-20: LGTM!

The constructor changes enhance the initialization of the ERC20CustodyNew contract by passing the tssAddress parameter.

Line range hint 22-31:
LGTM!

The testExecuteWithERC20 function follows best practices for testing ERC20 token transactions.

contracts/prototypes/evm/IGatewayEVM.sol (1)

21-21: LGTM!

The new error declaration InvalidSender is consistent with other error declarations in the interface.

contracts/prototypes/evm/ZetaConnectorNewBase.sol (3)

15-15: LGTM!

The new error declaration InvalidSender is consistent with other error declarations in the contract.

22-27: LGTM!

The new modifier onlyTSS correctly restricts access to functions to the TSS address and reverts with an appropriate error if the sender is not the TSS address.

29-35: LGTM!

The constructor correctly initializes the state variables and checks for zero addresses, ensuring secure and correct initialization.

contracts/prototypes/evm/ZetaConnectorNonNative.sol (4)

9-10: LGTM!

The constructor correctly passes the parameters to the base contract, ensuring secure and correct initialization.

14-17: LGTM!

The withdraw function correctly restricts access to the TSS address and performs the withdrawal operation securely.

Line range hint 20-28:
LGTM!

The withdrawAndCall function correctly restricts access to the TSS address and performs the withdrawal and call operation securely.

Line range hint 31-39:
LGTM!

The withdrawAndRevert function correctly restricts access to the TSS address and performs the withdrawal and revert operation securely.
contracts/prototypes/evm/ZetaConnectorNative.sol (4)
16-18: Verify the correctness of the onlyTSS modifier.

The withdraw function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.

Verification successful

The onlyTSS modifier correctly restricts access to the withdraw function.

The modifier ensures that only the address stored in tssAddress can call the function, reverting with InvalidSender if the check fails.

contracts/prototypes/evm/ZetaConnectorNewBase.sol
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in Solidity files. Expect: Correct implementation of the modifier.
rg --glob '*.sol' -A 5 'modifier onlyTSS'
Length of output: 1895
Line range hint 22-28:
Verify the correctness of the onlyTSS modifier.

The withdrawAndCall function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.
Verification successful

The onlyTSS modifier is correctly implemented.

The onlyTSS modifier in ZetaConnectorNewBase.sol ensures that the function can only be called by the address stored in tssAddress. This correctly restricts access to the withdrawAndCall function in ZetaConnectorNative.sol.
contracts/prototypes/evm/ZetaConnectorNewBase.sol:
modifier onlyTSS() {
    if (msg.sender != tssAddress) {
        revert InvalidSender();
    }
    _;
}
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Locate all Solidity files and search for the `onlyTSS` modifier within those files
fd -e sol | xargs rg 'modifier onlyTSS'
Length of output: 547

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier in ZetaConnectorNative.sol.

# Search for the `onlyTSS` modifier definition within ZetaConnectorNative.sol
rg 'modifier onlyTSS' contracts/prototypes/evm/ZetaConnectorNative.sol

# If not found, check for inheritance from other contracts
rg 'is ' contracts/prototypes/evm/ZetaConnectorNative.sol
Length of output: 555

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier in ZetaConnectorNewBase.sol.

# Search for the `onlyTSS` modifier definition within ZetaConnectorNewBase.sol
rg 'modifier onlyTSS' -A 5 contracts/prototypes/evm/ZetaConnectorNewBase.sol
Length of output: 206
Line range hint 33-39:
Verify the correctness of the onlyTSS modifier.

The withdrawAndRevert function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.

Verification successful

Verification of the onlyTSS Modifier Implementation

The withdrawAndRevert function in ZetaConnectorNative.sol correctly includes the onlyTSS modifier. The ZetaConnectorNative contract inherits from ZetaConnectorNewBase, which defines the onlyTSS modifier. Additionally, the tssAddress is properly set in the constructor of ZetaConnectorNative, ensuring that the modifier functions as intended.

contracts/prototypes/evm/ZetaConnectorNative.sol inherits from ZetaConnectorNewBase and uses the onlyTSS modifier.

The tssAddress is correctly set in the constructor.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type sol -A 5 $'modifier onlyTSS'
Length of output: 67

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg 'modifier onlyTSS' -A 5 --glob '**/*.sol'
Length of output: 1898

Script:
#!/bin/bash
# Description: Verify the relationship between `ZetaConnectorNative.sol` and `ZetaConnectorNewBase.sol` and the setting of `tssAddress`.

# Check if `ZetaConnectorNative.sol` inherits from `ZetaConnectorNewBase.sol` or uses the `onlyTSS` modifier.
rg 'ZetaConnectorNewBase' contracts/prototypes/evm/ZetaConnectorNative.sol
rg 'onlyTSS' contracts/prototypes/evm/ZetaConnectorNative.sol

# Verify the setting of `tssAddress` in `ZetaConnectorNative.sol`.
rg 'tssAddress' contracts/prototypes/evm/ZetaConnectorNative.sol
Length of output: 905
11-12: Verify the correctness of the constructor parameter handling.

The constructor now accepts an additional parameter _tssAddress and passes it to the parent constructor. Ensure that _tssAddress is correctly handled and passed.

Verification successful

Verified the correctness of the constructor parameter handling.

The constructor in ZetaConnectorNative correctly passes the _tssAddress parameter to the parent constructor in ZetaConnectorNewBase, which appropriately handles it.

ZetaConnectorNewBase constructor:

Checks for zero addresses.

Assigns _tssAddress to tssAddress.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the constructor parameter handling in the parent contract.

# Test: Search for the constructor in the parent contract. Expect: Correct handling of the additional parameter.
rg --type solidity -A 5 $'constructor(address _gateway, address _zetaToken, address _tssAddress)'
Length of output: 131

Script:
#!/bin/bash
# Description: Verify the constructor parameter handling in the parent contract.

# Find all Solidity files and search for the constructor in the parent contract.
fd -e sol | xargs rg 'constructor(address _gateway, address _zetaToken, address _tssAddress)'
Length of output: 95

Script:
#!/bin/bash
# Description: Locate the parent contract and inspect its constructor for the additional parameter.

# Find the Solidity file containing the parent contract definition.
fd -e sol | xargs rg -l 'contract ZetaConnectorNewBase' | xargs rg -A 10 'constructor(address _gateway, address _zetaToken, address _tssAddress)'
Length of output: 147

Script:
#!/bin/bash
# Description: Locate the parent contract and inspect its constructors.

# Find the Solidity file containing the parent contract definition.
fd -e sol | xargs rg -l 'contract ZetaConnectorNewBase' | xargs rg -A 10 'constructor('
Length of output: 164

Script:
#!/bin/bash
# Description: Locate the parent contract and inspect its constructors.

# Find the Solidity file containing the parent contract definition.
fd -e sol | xargs rg -l 'contract ZetaConnectorNewBase' | xargs rg -A 10 'constructor\('
Length of output: 515
contracts/prototypes/evm/ERC20CustodyNew.sol (4)
37-40: Verify the correctness of the onlyTSS modifier.

The withdraw function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.

Verification successful

Let's correct the file type and re-run the search for the onlyTSS modifier.

The onlyTSS modifier is correctly implemented.

The onlyTSS modifier in the withdraw function correctly restricts access by ensuring that only the TSS address can call the function. The modifier checks if msg.sender is equal to tssAddress and reverts with InvalidSender if the check fails.

contracts/prototypes/evm/ERC20CustodyNew.sol: modifier onlyTSS() { if (msg.sender != tssAddress) { revert InvalidSender(); } _; }
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in Solidity files. Expect: Correct implementation of the modifier.
rg --type-add 'solidity:*.sol' --type solidity -A 5 'modifier onlyTSS'
Length of output: 1924
28-33: Verify the correctness of the constructor parameter handling and validation.

The constructor now accepts an additional parameter _tssAddress and validates it to ensure it is not a zero address. Ensure that _tssAddress is correctly handled and validated.

Verification successful

The constructor parameter handling and validation are correct.

The constructor in ERC20CustodyNew.sol correctly handles the _tssAddress parameter by validating it to ensure it is not a zero address.

ERC20CustodyNew.sol: Lines 28-33
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the constructor parameter handling and validation.

# Test: Search for the constructor in the contract. Expect: Correct handling and validation of the additional parameter.
rg --type solidity -A 5 $'constructor(address _gateway, address _tssAddress)'
Length of output: 111

Script:
#!/bin/bash
# Description: Verify the constructor parameter handling and validation.

# Find all Solidity files and search for the constructor within those files
fd -e sol -x rg 'constructor(address _gateway, address _tssAddress)' -A 5 {}
Length of output: 80

Script:
#!/bin/bash
# Description: Verify the constructor parameter handling and validation in ERC20CustodyNew.sol

# Locate the ERC20CustodyNew.sol file and search for the constructor within it
fd 'ERC20CustodyNew.sol' -x rg 'constructor(address _gateway, address _tssAddress)' -A 5 {}
Length of output: 93

Script:
#!/bin/bash
# Description: Verify the existence of ERC20CustodyNew.sol and list its contents

# Locate the ERC20CustodyNew.sol file and list its contents
fd 'ERC20CustodyNew.sol' -x cat {}
Length of output: 3450
Line range hint 57-63:
Verify the correctness of the onlyTSS modifier.

The withdrawAndRevert function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.

Verification successful

Verify the correctness of the onlyTSS modifier.

The onlyTSS modifier correctly restricts access to the withdrawAndRevert function by ensuring that only the TSS address can call it.

The onlyTSS modifier checks if msg.sender is equal to tssAddress and reverts with InvalidSender if not.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Locate all Solidity files and search for the `onlyTSS` modifier within them.
fd -e sol -x rg 'modifier onlyTSS' {}
Length of output: 354

Script:
#!/bin/bash
# Description: Display the implementation of the `onlyTSS` modifier in Solidity files.

# Locate all Solidity files and display the implementation of the `onlyTSS` modifier.
fd -e sol -x rg 'modifier onlyTSS' -A 5 {}
Length of output: 1654
Line range hint 45-51:
Verify the correctness of the onlyTSS modifier.

The withdrawAndCall function now includes the onlyTSS modifier. Ensure that the modifier correctly restricts access to the function.
Verification successful

The onlyTSS modifier is correctly implemented.

The onlyTSS modifier ensures that only the tssAddress can call functions protected by this modifier by checking if msg.sender equals tssAddress and reverting the transaction if it does not.
contracts/prototypes/evm/ERC20CustodyNew.sol:
modifier onlyTSS() {
    if (msg.sender != tssAddress) {
        revert InvalidSender();
    }
    _;
}
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Test: Search for the `onlyTSS` modifier in the contract. Expect: Correct implementation of the modifier.
rg --type solidity -A 5 $'modifier onlyTSS'
Length of output: 77

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Find all Solidity files and search for the `onlyTSS` modifier.
fd -e sol -x rg 'modifier onlyTSS' {}
Length of output: 354

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyTSS` modifier.

# Search for the full implementation of the `onlyTSS` modifier in Solidity files.
rg 'modifier onlyTSS' -A 10 --type-add 'solidity:*.sol'
Length of output: 5356
Tools

GitHub Check: Slither

[warning] 18-18: State variables that could be declared immutable
ERC20CustodyNew.tssAddress (contracts/prototypes/evm/ERC20CustodyNew.sol#18) should be immutable
testFoundry/GatewayEVMUpgrade.t.sol (2)
49-49: Verify the correctness of the constructor call for ERC20CustodyNew.

The constructor call for ERC20CustodyNew now includes an additional parameter tssAddress. Ensure that the parameter is correctly handled and passed to the constructor.

50-50: Verify the correctness of the constructor call for ZetaConnectorNonNative.

The constructor call for ZetaConnectorNonNative now includes an additional parameter tssAddress. Ensure that the parameter is correctly handled and passed to the constructor.

Verification successful

Verified the correctness of the constructor call for ZetaConnectorNonNative.

The constructor call in testFoundry/GatewayEVMUpgrade.t.sol correctly matches the constructor definition in the ZetaConnectorNonNative contract, including the additional parameter tssAddress.

contracts/prototypes/evm/ZetaConnectorNonNative.sol: Constructor definition matches the call.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the constructor call for `ZetaConnectorNonNative`.

# Test: Search for the constructor call in the test file. Expect: Correct handling and passing of the additional parameter.
rg --type solidity -A 5 $'ZetaConnectorNonNative(address gateway, address zeta, address tssAddress)'
Length of output: 134

Script:
#!/bin/bash
# Description: Verify the constructor call for `ZetaConnectorNonNative`.

# Find all Solidity files and search for the constructor pattern within them.
rg --glob '*.sol' -A 5 'ZetaConnectorNonNative(address gateway, address zeta, address tssAddress)'
Length of output: 100

Script:
#!/bin/bash
# Description: Verify the constructor call for `ZetaConnectorNonNative`.

# Find the class definition for `ZetaConnectorNonNative` and inspect its constructor.
rg --glob '*.sol' -A 10 'contract ZetaConnectorNonNative'
Length of output: 1981
test/prototypes/GatewayEVMUniswap.spec.ts (3)
90-90: Ensure withdrawAndCall is correctly invoked by tssAddress.

The change connects custody to tssAddress for invoking withdrawAndCall. This ensures that the transaction is simulated as initiated by the trusted signer. Verify that this aligns with the intended access control mechanisms.

Verification successful

Ensure withdrawAndCall is correctly invoked by tssAddress.

The withdrawAndCall method in contracts/prototypes/evm/ERC20CustodyNew.sol is correctly defined and the usage of tssAddress in the test file aligns with the intended access control mechanisms. The transaction is accurately simulated as initiated by the trusted signer.

contracts/prototypes/evm/ERC20CustodyNew.sol: Correct implementation of withdrawAndCall method.

test/prototypes/GatewayEVMUniswap.spec.ts: Proper usage of tssAddress to invoke withdrawAndCall.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `withdrawAndCall` method's implementation and usage of `tssAddress`.

# Test: Search for the `withdrawAndCall` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function withdrawAndCall' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 130

Script:
#!/bin/bash
# Description: Verify the `withdrawAndCall` method's implementation and usage of `tssAddress`.

# Test: Search for the `withdrawAndCall` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg 'function withdrawAndCall' -A 5
rg 'tssAddress'
Length of output: 172893
70-70: Ensure correct initialization of ZetaConnector with tssAddress.

The addition of tssAddress as a parameter ensures that the connector contract is aware of the trusted signer. Make sure that this address is correctly utilized within the contract.

Verification successful

Initialization and usage of tssAddress are correctly implemented.

The ZetaConnector contract's constructor correctly initializes tssAddress.

The onlyTSS modifier ensures that functions are restricted to the tssAddress.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `ZetaConnector` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg --type solidity -A 5 $'constructor(address gateway, address zeta, address tssAddress)' contracts/prototypes/evm/ZetaConnectorNonNative.sol
Length of output: 175

Script:
#!/bin/bash
# Description: Verify the `ZetaConnector` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg 'constructor(address gateway, address zeta, address tssAddress)' -A 10 contracts/prototypes/evm/ZetaConnectorNonNative.sol

# Test: Search for the usage of `tssAddress` within the contract. Expect: Correct usage.
rg 'tssAddress' -A 5 contracts/prototypes/evm/ZetaConnectorNonNative.sol
Length of output: 627

Script:
#!/bin/bash
# Description: Verify the usage of `tssAddress` in the `ZetaConnector` contract and its base contract.

# Test: Search for the definition of `onlyTSS` modifier. Expect: Correct implementation using `tssAddress`.
rg 'modifier onlyTSS' -A 5 contracts/prototypes/evm/ZetaConnectorNonNative.sol

# Test: Search for the usage of `_tssAddress` in the base contract `ZetaConnectorNewBase`. Expect: Correct usage.
rg '_tssAddress' -A 5 contracts/prototypes/evm/ZetaConnectorNewBase.sol
Length of output: 699

Script:
#!/bin/bash
# Description: Verify the implementation of `onlyTSS` modifier in the entire codebase.

# Test: Search for the definition of `onlyTSS` modifier. Expect: Correct implementation using `tssAddress`.
rg 'modifier onlyTSS' -A 5
Length of output: 2806
68-68: Ensure correct initialization of ERC20CustodyNew with tssAddress.

The addition of tssAddress as a parameter ensures that the custody contract is aware of the trusted signer. Make sure that this address is correctly utilized within the contract.
Verification successful

Ensure correct initialization of ERC20CustodyNew with tssAddress.

The ERC20CustodyNew contract's constructor correctly initializes the tssAddress parameter, ensuring that the custody contract is aware of the trusted signer.
contracts/prototypes/evm/ERC20CustodyNew.sol:
constructor(address _gateway, address _tssAddress) {
    if (_gateway == address(0) || _tssAddress == address(0)) {
        revert ZeroAddress();
    }
    gateway = IGatewayEVM(_gateway);
    tssAddress = _tssAddress;
}
The constructor checks for zero addresses and assigns the tssAddress parameter correctly.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg --type solidity -A 5 $'constructor(address gateway, address tssAddress)' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 154

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
ast-grep --lang solidity --pattern $'constructor(address gateway, address tssAddress) { $$$ }' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 257

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg 'constructor(address gateway, address tssAddress)' -A 10 contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 106

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for all constructors in Solidity files to ensure correct initialization and usage of `tssAddress`.
rg 'constructor' -A 10 contracts/prototypes/evm/
Length of output: 6475
contracts/prototypes/zevm/GatewayZEVM.sol (5)
122-124: Ensure execute function correctly restricts access and handles execution securely.

The execute function now uses the onlyFungible modifier. Verify that the function correctly restricts access and securely handles execution.

Verification successful

The execute function correctly restricts access and handles execution securely.

The onlyFungible modifier ensures that only the fungible module can call the execute function by checking if msg.sender is equal to FUNGIBLE_MODULE_ADDRESS.

The execute function securely handles the cross-chain call by invoking UniversalContract(target).onCrossChainCall(context, zrc20, amount, message).
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `execute` function's implementation and usage of `onlyFungible`.

# Test: Search for the `execute` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function execute' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 119

Script:
#!/bin/bash
# Description: Verify the `execute` function's implementation and usage of `onlyFungible`.

# Test: Search for the `execute` function definition.
rg -A 5 'function execute' contracts/prototypes/zevm/GatewayZEVM.sol

# Test: Search for the `onlyFungible` modifier definition.
rg -A 5 'modifier onlyFungible' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 636
22-28: Ensure onlyFungible modifier correctly restricts access.

The onlyFungible modifier restricts access to the FUNGIBLE_MODULE_ADDRESS. Ensure that this address is correctly set and that the modifier is securely implemented.

Verification successful

Ensure onlyFungible modifier correctly restricts access.

The onlyFungible modifier is correctly implemented and used to restrict access to functions that should only be accessible by the FUNGIBLE_MODULE_ADDRESS. The implementation and usage are consistent and secure.

contracts/prototypes/zevm/GatewayZEVM.sol

contracts/zevm/ZRC20New.sol

contracts/zevm/ZetaConnectorZEVM.sol
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `onlyFungible` modifier's implementation and usage.

# Test: Search for the `onlyFungible` modifier definition and usage. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'modifier onlyFungible' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 124

Script:
#!/bin/bash
# Description: Verify the `onlyFungible` modifier's implementation and usage.

# Test: Search for the `onlyFungible` modifier definition and usage. Expect: Correct implementation and usage.
rg 'modifier onlyFungible' -A 5 contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 233

Script:
#!/bin/bash
# Description: Verify the usage of the `onlyFungible` modifier across the codebase.

# Test: Search for the usage of the `onlyFungible` modifier. Expect: Correct usage.
rg 'onlyFungible' -A 3
Length of output: 9131
133-135: Ensure depositAndCall function correctly restricts access and handles deposits and calls securely.

The depositAndCall function now uses the onlyFungible modifier. Verify that the function correctly restricts access and securely handles deposits and calls.

Verification successful

Ensure depositAndCall function correctly restricts access and handles deposits and calls securely.

The depositAndCall functions correctly use the onlyFungible modifier to restrict access. They securely handle deposits and calls by verifying the target, transferring tokens, and invoking the onCrossChainCall method on the target contract.

Lines 133-135 in contracts/prototypes/zevm/GatewayZEVM.sol
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `depositAndCall` function's implementation and usage of `onlyFungible`.

# Test: Search for the `depositAndCall` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function depositAndCall' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 126

Script:
#!/bin/bash
# Description: Verify the `depositAndCall` function's implementation and usage of `onlyFungible`.

# Test: Search for the `depositAndCall` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type-add 'solidity:*.sol' --type solidity -A 5 'function depositAndCall' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 463

Script:
#!/bin/bash
# Description: Verify the complete implementation of the `depositAndCall` function.

# Test: Search for the complete implementation of the `depositAndCall` function to ensure it correctly restricts access and handles deposits and calls securely.
rg --type-add 'solidity:*.sol' --type solidity -A 20 'function depositAndCall' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 1347
160-162: Ensure executeRevert function correctly restricts access and handles reverts securely.

The executeRevert function now uses the onlyFungible modifier. Verify that the function correctly restricts access and securely handles reverts.

Verification successful

Ensure executeRevert function correctly restricts access and handles reverts securely.

The executeRevert function uses the onlyFungible modifier to restrict access. The onlyFungible modifier is correctly implemented to ensure that only the address specified by FUNGIBLE_MODULE_ADDRESS can call the function.

contracts/prototypes/zevm/GatewayZEVM.sol:

executeRevert function

onlyFungible modifier
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `executeRevert` function's implementation and usage of `onlyFungible`.

# Test: Search for the `executeRevert` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function executeRevert' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 125

Script:
#!/bin/bash
# Description: Verify the `executeRevert` function's implementation and usage of `onlyFungible`.

# Test: Search for the `executeRevert` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type sol -A 5 'function executeRevert' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 115

Script:
#!/bin/bash
# Description: Verify the `executeRevert` function's implementation and usage of `onlyFungible`.

# Step 1: Find all Solidity files.
fd -e sol > sol_files.txt

# Step 2: Search for the `executeRevert` function definition and usage of `onlyFungible` in the found files.
while read -r file; do
    echo "Searching in $file"
    rg -A 5 'function executeRevert' "$file"
done < sol_files.txt
Length of output: 84812

Script:
#!/bin/bash
# Description: Verify the implementation of the `onlyFungible` modifier.

# Step 1: Find all Solidity files.
fd -e sol > sol_files.txt

# Step 2: Search for the `onlyFungible` modifier definition in the found files.
while read -r file; do
    echo "Searching in $file"
    rg -A 5 'modifier onlyFungible' "$file"
done < sol_files.txt
Length of output: 77483
109-111: Ensure deposit function correctly restricts access and handles deposits securely.

The deposit function now uses the onlyFungible modifier. Verify that the function correctly restricts access and securely handles deposits.

Verification successful

The deposit function correctly restricts access and handles deposits securely.

The function uses the onlyFungible modifier to ensure only the FUNGIBLE_MODULE_ADDRESS can call it and includes checks to prevent depositing to invalid targets.

contracts/prototypes/zevm/GatewayZEVM.sol:

deposit function implementation is secure and correctly uses the onlyFungible modifier.

The function includes necessary checks for invalid targets.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `deposit` function's implementation and usage of `onlyFungible`.

# Test: Search for the `deposit` function definition and usage of `onlyFungible`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function deposit' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 119

Script:
#!/bin/bash
# Description: Verify the `deposit` function's implementation and usage of `onlyFungible`.

# Find all Solidity files and search for the `deposit` function definition within them.
fd -e sol | xargs rg -A 5 'function deposit'
Length of output: 76439

Script:
#!/bin/bash
# Description: Verify the `onlyFungible` modifier's implementation and review the `deposit` function's logic.

# Find the implementation of the `onlyFungible` modifier.
fd -e sol | xargs rg -A 5 'modifier onlyFungible'

# Review the full implementation of the `deposit` function in `contracts/prototypes/zevm/GatewayZEVM.sol`.
rg --type solidity -A 20 'function deposit' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 2524

Script:
#!/bin/bash
# Description: Review the full implementation of the `deposit` function in `contracts/prototypes/zevm/GatewayZEVM.sol`.

# Search for the `deposit` function definition and display the next 40 lines to capture the full implementation.
rg -A 40 'function deposit' contracts/prototypes/zevm/GatewayZEVM.sol
Length of output: 2504
testFoundry/GatewayEVMZEVM.t.sol (6)
116-116: Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. Verify that this aligns with the intended access control mechanisms.

Verification successful

Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. This aligns with the onlyTSS modifier on the execute method, ensuring correct access control.

contracts/prototypes/evm/GatewayEVM.sol: The execute method is restricted by the onlyTSS modifier.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function execute' contracts/prototypes/evm/GatewayEVM.sol
Length of output: 117

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg -A 5 'function execute' --glob '*.sol'
Length of output: 5291
203-203: Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. Verify that this aligns with the intended access control mechanisms.

Verification successful

Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. This aligns with the access control mechanism enforced by the onlyTSS modifier in the execute function's implementation.

contracts/prototypes/evm/GatewayEVM.sol: function execute(address destination, bytes calldata data) external payable onlyTSS returns (bytes memory)
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function execute' contracts/prototypes/evm/GatewayEVM.sol
Length of output: 117

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Find Solidity files and search for the `execute` method definition and usage of `tssAddress`.
fd -e sol | xargs rg -A 5 'function execute'
Length of output: 33375
65-65: Ensure correct initialization of ERC20CustodyNew with tssAddress.

The addition of tssAddress as a parameter ensures that the custody contract is aware of the trusted signer. Make sure that this address is correctly utilized within the contract.

Verification successful

Ensure correct initialization of ERC20CustodyNew with tssAddress.

The tssAddress parameter is correctly utilized within the ERC20CustodyNew contract. It is checked for validity and assigned to a state variable, ensuring proper initialization.

ERC20CustodyNew constructor correctly initializes tssAddress.

Usage of _tssAddress is verified to be correct.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg --type solidity -A 5 $'constructor(address gateway, address tssAddress)' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 154

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor and usage of `tssAddress`.

# Test: Search for the constructor definition and usage of `tssAddress`. Expect: Correct initialization and usage.
rg -A 5 'constructor(address gateway, address tssAddress)' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 105

Script:
#!/bin/bash
# Description: Verify the `ERC20CustodyNew` contract's constructor definitions.

# Test: Search for any constructor definitions. Expect: Identification of constructors.
rg 'constructor' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 118

Script:
#!/bin/bash
# Description: Verify the usage of `_tssAddress` in the `ERC20CustodyNew` contract.

# Test: Search for the usage of `_tssAddress`. Expect: Correct utilization within the contract.
rg '_tssAddress' contracts/prototypes/evm/ERC20CustodyNew.sol
Length of output: 220
179-179: Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. Verify that this aligns with the intended access control mechanisms.

Verification successful

Ensure execute is correctly invoked by tssAddress.

The execute method in contracts/prototypes/evm/GatewayEVM.sol uses the onlyTSS modifier, ensuring it can only be called by the TSS address. The use of vm.prank(tssAddress) in the test correctly simulates this behavior.

contracts/prototypes/evm/GatewayEVM.sol: execute method definition confirms the use of onlyTSS modifier.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function execute' contracts/prototypes/evm/GatewayEVM.sol
Length of output: 117

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Step 1: Find all Solidity files.
sol_files=$(fd . --extension sol)

# Step 2: Search for the `execute` method definition and usage of `tssAddress` in the found Solidity files.
for file in $sol_files; do
    echo "Searching in $file"
    rg --type-add 'solidity:*.sol' --type solidity -A 5 'function execute' "$file"
done
Length of output: 110002
139-139: Ensure execute is correctly invoked by tssAddress.

The change uses vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer. Verify that this aligns with the intended access control mechanisms.

Verification successful

Ensure execute is correctly invoked by tssAddress.

The use of vm.prank(tssAddress) to simulate the transaction as initiated by the trusted signer (tssAddress) aligns with the intended access control mechanisms. This ensures that only the trusted signer can initiate the execute method, maintaining the integrity of the access control.

The execute method is correctly defined and used in the context of tssAddress.

The tssAddress is properly initialized and utilized within the contract.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition and usage of `tssAddress`. Expect: Correct implementation and usage.
rg --type solidity -A 5 $'function execute' contracts/prototypes/evm/GatewayEVM.sol
Length of output: 117

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Test: Search for the `execute` method definition in Solidity files.
rg -t sol -A 5 'function execute' 

# Test: Search for the usage of `tssAddress` in Solidity files.
rg -t sol 'tssAddress'
Length of output: 114

Script:
#!/bin/bash
# Description: Verify the `execute` method's implementation and usage of `tssAddress`.

# Find all Solidity files and search for the `execute` method definition.
fd -e sol -x rg -A 5 'function execute' {}

# Find all Solidity files and search for the usage of `tssAddress`.
fd -e sol -x rg 'tssAddress' {}
Length of output: 146649
66-66: Ensure correct initialization of ZetaConnector with tssAddress.

The addition of tssAddress as a parameter ensures that the connector contract is aware of the trusted signer. Make sure that this address is correctly utilized within the contract.
contracts/prototypes/evm/GatewayEVM.sol (4)

30-36: LGTM! The onlyTSS modifier enhances security.

The onlyTSS modifier effectively restricts function execution to the TSS address, improving access control.

38-44: LGTM! The onlyCustodyOrConnector modifier enhances security.

The onlyCustodyOrConnector modifier effectively restricts function execution to the custody address or the zeta connector, improving access control.

Line range hint 103-122:
LGTM! The onlyCustodyOrConnector modifier enhances security.

The onlyCustodyOrConnector modifier effectively restricts function execution to the custody address or the zeta connector, improving access control.

Line range hint 130-136:
LGTM! The onlyCustodyOrConnector modifier enhances security.

The onlyCustodyOrConnector modifier effectively restricts function execution to the custody address or the zeta connector, improving access control.

testFoundry/ZetaConnectorNative.t.sol (7)

15-16: LGTM! The Upgrades import is necessary for upgrade functionality.

The import from openzeppelin-foundry-upgrades is appropriate for managing contract upgrades.

19-19: LGTM! The IZetaConnector import is necessary for interface implementation.

The import is appropriate for implementing the IZetaConnector interface.

21-21: LGTM! Implementing multiple interfaces enhances event handling capabilities.

The implementation of IGatewayEVMErrors, IGatewayEVMEvents, IReceiverEVMEvents, and IZetaConnectorEvents interfaces improves the contract's event handling.

46-47: LGTM! Initialization of custody and zetaConnector is necessary for the test setup.

The initialization of custody and zetaConnector with new contract instances is appropriate for the test setup.

56-56: LGTM! The vm.deal function is necessary for testing.

The use of vm.deal to assign 1 Ether to the tssAddress is appropriate for testing purposes.

75-82: LGTM! The testWithdrawFailsIfSenderIsNotTSS function enhances security.

The test function ensures that the withdraw function reverts if called by an address other than the TSS address, improving security.

118-126: LGTM! The testWithdrawAndCallReceiveERC20FailsIfSenderIsNotTSS function enhances security.

The test function ensures that the withdrawAndCall function reverts if called by an address other than the TSS address, improving security.

testFoundry/ZetaConnectorNonNative.t.sol (6)

15-16: LGTM! The Upgrades import is necessary for upgrade functionality.

The import from openzeppelin-foundry-upgrades is appropriate for managing contract upgrades.

17-17: LGTM! The Zeta.non-eth import is necessary for non-ETH Zeta token functionality.

The import is appropriate for implementing non-ETH Zeta token functionality.

22-22: LGTM! Implementing multiple interfaces enhances event handling capabilities.

The implementation of IGatewayEVMErrors, IGatewayEVMEvents, IReceiverEVMEvents, and IZetaConnectorEvents interfaces improves the contract's event handling.

47-48: LGTM! Initialization of custody and zetaConnector is necessary for the test setup.

The initialization of custody and zetaConnector with new contract instances is appropriate for the test setup.

58-58: LGTM! The vm.deal function is necessary for testing.

The use of vm.deal to assign 1 Ether to the tssAddress is appropriate for testing purposes.

77-84: LGTM! The testWithdrawFailsIfSenderIsNotTSS function enhances security.

The test function ensures that the withdraw function reverts if called by an address other than the TSS address, improving security.

testFoundry/GatewayEVM.t.sol (8)

Line range hint 21-58:
LGTM!

The visibility change to public is appropriate for a setUp function in testing. The initialization logic appears correct.

79-88: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the execute function fails if the sender is not tssAddress.

124-131: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the executeWithERC20 function fails if the sender is not custody or zetaConnector.

133-140: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the revertWithERC20 function fails if the sender is not custody or zetaConnector.

303-309: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the withdraw function fails if the sender is not tssAddress.

347-353: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the withdrawAndRevert function fails if the sender is not tssAddress.

384-390: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the executeRevert function fails if the sender is not tssAddress.

355-360: LGTM!

The visibility change to public is appropriate for a test function. The test logic correctly verifies that the withdrawAndRevert function fails if the amount is 0.

coderabbitai · 2024-07-23T19:16:21Z

contracts/prototypes/evm/ZetaConnectorNewBase.sol


    IGatewayEVM public immutable gateway;
    address public immutable zetaToken;
+    address public tssAddress;


Consider marking tssAddress as immutable.

The state variable tssAddress can be marked as immutable since it is only set in the constructor and never changed afterward.

- address public tssAddress; + address public immutable tssAddress;

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

address public tssAddress;

address public immutable tssAddress;

Tools

GitHub Check: Slither

[warning] 19-19: State variables that could be declared immutable
ZetaConnectorNewBase.tssAddress (contracts/prototypes/evm/ZetaConnectorNewBase.sol#19) should be immutable

coderabbitai · 2024-07-23T19:16:21Z

contracts/prototypes/evm/GatewayEVM.sol

@@ -56,24 +72,24 @@

    // Called by the TSS
    // Calling onRevert directly
-    function executeRevert(address destination, bytes calldata data) public payable {
+    function executeRevert(address destination, bytes calldata data) public payable onlyTSS {


Add zero address validation for destination.

The destination parameter should be validated to ensure it is not a zero address.

+ if (destination == address(0)) revert ZeroAddress();

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

function executeRevert(address destination, bytes calldata data) public payable onlyTSS {

function executeRevert(address destination, bytes calldata data) public payable onlyTSS {

+ if (destination == address(0)) revert ZeroAddress();

Tools

GitHub Check: Slither

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

[notice] 75-81: Reentrancy vulnerabilities
Reentrancy in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
External calls:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
- Revertable(destination).onRevert(data) (contracts/prototypes/evm/GatewayEVM.sol#78)
External calls sending eth:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
Event emitted after the call(s):
- Reverted(destination,msg.value,data) (contracts/prototypes/evm/GatewayEVM.sol#80)

[warning] 75-81: Low-level calls
Low level call in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

contracts/prototypes/evm/ERC20CustodyNew.sol

skosito · 2024-07-23T21:14:40Z

@lumtis do we also need tssUpdater?

contracts/prototypes/evm/GatewayEVM.sol

        if (custody != address(0)) revert CustodyInitialized();
        if (_custody == address(0)) revert ZeroAddress();

        custody = _custody;
    }

-     function setConnector(address _zetaConnector) external {
+     function setConnector(address _zetaConnector) external onlyTSS {


contracts/prototypes/evm/GatewayEVM.sol

@@ -163,14 +179,14 @@
        emit Call(msg.sender, receiver, payload);
    }

-    function setCustody(address _custody) external {
+    function setCustody(address _custody) external onlyTSS {


coderabbitai

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (4)

contracts/prototypes/evm/GatewayEVM.sol (4)
Line range hint 75-81:
Add zero address validation and address reentrancy vulnerabilities.

The destination parameter should be validated to ensure it is not a zero address. Additionally, consider using the Checks-Effects-Interactions pattern to mitigate reentrancy vulnerabilities.
+  if (destination == address(0)) revert ZeroAddress();
  (bool success, bytes memory result) = destination.call{value: msg.value}("");
  if (!success) revert ExecutionFailed();
  Revertable(destination).onRevert(data);
  
  emit Reverted(destination, msg.value, data);
Tools

GitHub Check: Slither

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

Line range hint 86-92:
Address reentrancy vulnerabilities.

Consider using the Checks-Effects-Interactions pattern to mitigate reentrancy vulnerabilities.
  bytes memory result = _execute(destination, data);

  emit Executed(destination, msg.value, data);

  return result;
Line range hint 103-122:
Address reentrancy vulnerabilities and ensure proper approval handling.

Consider using the Checks-Effects-Interactions pattern to mitigate reentrancy vulnerabilities. Additionally, ensure that token approvals are handled securely.
  if (amount == 0) revert InsufficientERC20Amount();
  // Approve the target contract to spend the tokens
  if(!resetApproval(token, to)) revert ApprovalFailed();
  if(!IERC20(token).approve(to, amount)) revert ApprovalFailed();
  // Execute the call on the target contract
  bytes memory result = _execute(to, data);

  // Reset approval
  if(!resetApproval(token, to)) revert ApprovalFailed();

  // Transfer any remaining tokens back to the custody/connector contract
  uint256 remainingBalance = IERC20(token).balanceOf(address(this));
  if (remainingBalance > 0) {
      transferToAssetHandler(token, remainingBalance);
  }

  emit ExecutedWithERC20(token, to, amount, data);
Line range hint 189-193:
Follow naming conventions.

The parameter name should follow Solidity naming conventions.
  function setConnector(address _zetaConnector) external onlyTSS {
      if (zetaConnector != address(0)) revert CustodyInitialized();
      if (_zetaConnector == address(0)) revert ZeroAddress();

      zetaConnector = _zetaConnector;
  }
Tools

GitHub Check: Slither

[notice] 182-187: Missing events access control
GatewayEVM.setCustody(address) (contracts/prototypes/evm/GatewayEVM.sol#182-187) should emit an event for:
- custody = _custody (contracts/prototypes/evm/GatewayEVM.sol#186)

[warning] 189-189: Conformance to Solidity naming conventions
Parameter GatewayEVM.setConnector(address)._zetaConnector (contracts/prototypes/evm/GatewayEVM.sol#189) is not in mixedCase

[warning] 182-182: Conformance to Solidity naming conventions
Parameter GatewayEVM.setCustody(address)._custody (contracts/prototypes/evm/GatewayEVM.sol#182) is not in mixedCase

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 58160e8 and 0f8ab79.

Files selected for processing (7)

contracts/prototypes/evm/GatewayEVM.sol (6 hunks)
test/prototypes/GatewayEVMUniswap.spec.ts (2 hunks)
testFoundry/GatewayEVM.t.sol (17 hunks)
testFoundry/GatewayEVMUpgrade.t.sol (1 hunks)
testFoundry/GatewayEVMZEVM.t.sol (6 hunks)
testFoundry/ZetaConnectorNative.t.sol (9 hunks)
testFoundry/ZetaConnectorNonNative.t.sol (9 hunks)

Files skipped from review as they are similar to previous changes (6)

test/prototypes/GatewayEVMUniswap.spec.ts
testFoundry/GatewayEVM.t.sol
testFoundry/GatewayEVMUpgrade.t.sol
testFoundry/GatewayEVMZEVM.t.sol
testFoundry/ZetaConnectorNative.t.sol
testFoundry/ZetaConnectorNonNative.t.sol

Additional context used

Path-based instructions (1)

contracts/prototypes/evm/GatewayEVM.sol (1)

Pattern contracts/**: Review the Solidity contracts for security vulnerabilities and best practices.

GitHub Check: Slither

contracts/prototypes/evm/GatewayEVM.sol

[notice] 75-75: Missing zero address validation
GatewayEVM.executeRevert(address,bytes).destination (contracts/prototypes/evm/GatewayEVM.sol#75) lacks a zero-check on :
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

[notice] 75-81: Reentrancy vulnerabilities
Reentrancy in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
External calls:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
- Revertable(destination).onRevert(data) (contracts/prototypes/evm/GatewayEVM.sol#78)
External calls sending eth:
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)
Event emitted after the call(s):
- Reverted(destination,msg.value,data) (contracts/prototypes/evm/GatewayEVM.sol#80)

[warning] 75-81: Low-level calls
Low level call in GatewayEVM.executeRevert(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#75-81):
- (success,result) = destination.call{value: msg.value}() (contracts/prototypes/evm/GatewayEVM.sol#76)

[notice] 86-92: Reentrancy vulnerabilities
Reentrancy in GatewayEVM.execute(address,bytes) (contracts/prototypes/evm/GatewayEVM.sol#86-92):
External calls:
- result = _execute(destination,data) (contracts/prototypes/evm/GatewayEVM.sol#87)
- (success,result) = destination.call{value: msg.value}(data) (contracts/prototypes/evm/GatewayEVM.sol#67)
Event emitted after the call(s):
- Executed(destination,msg.value,data) (contracts/prototypes/evm/GatewayEVM.sol#89)

[notice] 182-187: Missing events access control
GatewayEVM.setCustody(address) (contracts/prototypes/evm/GatewayEVM.sol#182-187) should emit an event for:
- custody = _custody (contracts/prototypes/evm/GatewayEVM.sol#186)

[warning] 189-189: Conformance to Solidity naming conventions
Parameter GatewayEVM.setConnector(address)._zetaConnector (contracts/prototypes/evm/GatewayEVM.sol#189) is not in mixedCase

[warning] 182-182: Conformance to Solidity naming conventions
Parameter GatewayEVM.setCustody(address)._custody (contracts/prototypes/evm/GatewayEVM.sol#182) is not in mixedCase

Additional comments not posted (3)

contracts/prototypes/evm/GatewayEVM.sol (3)
30-36: LGTM! The onlyTSS modifier is correctly implemented.

The modifier ensures that only the tssAddress can execute the functions it is applied to.

38-44: LGTM! The onlyCustodyOrConnector modifier is correctly implemented.

The modifier ensures that only the custody or zetaConnector addresses can execute the functions it is applied to.

Line range hint 130-138:
LGTM! But review for reentrancy vulnerabilities.

The function appears to be correctly implemented, but consider reviewing for potential reentrancy vulnerabilities.

Verification successful

LGTM! But review for reentrancy vulnerabilities.

The function revertWithERC20 appears to be correctly implemented with the nonReentrant modifier, which is correctly designed to prevent reentrancy attacks.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify reentrancy vulnerabilities in `revertWithERC20`.

# Test: Search for reentrancy patterns. Expect: No reentrancy vulnerabilities.
rg --type solidity -A 5 $'revertWithERC20'
Length of output: 74

Script:
#!/bin/bash
# Description: Verify reentrancy vulnerabilities in `revertWithERC20`.

# Test: Search for reentrancy patterns. Expect: No reentrancy vulnerabilities.
rg 'function revertWithERC20' -A 10 --glob '*.sol'
Length of output: 2379

Script:
#!/bin/bash
# Description: Verify the implementation of the `nonReentrant` modifier.

# Test: Search for the `nonReentrant` modifier implementation. Expect: Correct implementation.
rg 'modifier nonReentrant' -A 10 --glob '*.sol'
Length of output: 2786

coderabbitai · 2024-07-23T21:19:21Z

contracts/prototypes/evm/GatewayEVM.sol

+    function setCustody(address _custody) external onlyTSS {
        if (custody != address(0)) revert CustodyInitialized();
        if (_custody == address(0)) revert ZeroAddress();

        custody = _custody;
    }


Emit an event and follow naming conventions.

The function should emit an event when the custody address is set. Additionally, the parameter name should follow Solidity naming conventions.

function setCustody(address _custody) external onlyTSS { if (custody != address(0)) revert CustodyInitialized(); if (_custody == address(0)) revert ZeroAddress(); custody = _custody; + emit CustodySet(_custody); }

Committable suggestion was skipped due to low confidence.

Tools

GitHub Check: Slither

[notice] 182-187: Missing events access control
GatewayEVM.setCustody(address) (contracts/prototypes/evm/GatewayEVM.sol#182-187) should emit an event for:
- custody = _custody (contracts/prototypes/evm/GatewayEVM.sol#186)

[warning] 182-182: Conformance to Solidity naming conventions
Parameter GatewayEVM.setCustody(address)._custody (contracts/prototypes/evm/GatewayEVM.sol#182) is not in mixedCase

fbac · 2024-07-23T20:56:42Z

contracts/prototypes/evm/IZetaConnector.sol

+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface IZetaConnectorEvents {


In my opinion the interface shouldn't be specific for events or errors.
When importing an interface, as a developer I'd expect to have full access to the interface: functions, errors and events since the logic is coupled, meaning that the errors and events are related to the functions, etc

My suggestion here and in all the interface files would be grouping events, errors and functions under interface Foo { ... }

agree, one use case for having separate is if we want to import only events and errors in situations like tests, it is nice to be more granular if we are using interfaces

maybe dont have errors and events in interface then?

will follow up on this one, good point

fbac · 2024-07-23T21:05:13Z

contracts/prototypes/evm/ZetaConnectorNewBase.sol


    IGatewayEVM public immutable gateway;
    address public immutable zetaToken;
+    address public tssAddress;


As analyzed by slither:

Suggested change

address public tssAddress;

address public immutable tssAddress;

tssAddress shouldn't change after setting it at deployment time.

lets see if we will need a way to update it with tssUpdater

will follow up here: #255

fbac · 2024-07-23T21:07:27Z

contracts/prototypes/evm/ERC20CustodyNew.sol


    IGatewayEVM public gateway;
+    address public tssAddress;


Suggested change

address public tssAddress;

address public immutable tssAddress;

fbac · 2024-07-23T21:14:04Z

contracts/prototypes/evm/ERC20CustodyNew.sol

 // As the current version, ERC20CustodyNew hold the ERC20s deposited on ZetaChain
 // This version include a functionality allowing to call a contract
 // ERC20Custody doesn't call smart contract directly, it passes through the Gateway contract
-contract ERC20CustodyNew is ReentrancyGuard{
+contract ERC20CustodyNew is IERC20CustodyNewEvents, IERC20CustodyNewErrors, ReentrancyGuard {


As mentioned in other comment, the ideal imho would be:
contract ERC20CustodyNew is IERC20Custody, ReentrancyGuard

fbac · 2024-07-23T21:17:02Z

contracts/prototypes/evm/ZetaConnectorNewBase.sol


    IGatewayEVM public immutable gateway;
    address public immutable zetaToken;
+    address public tssAddress;


Suggested change

address public tssAddress;

address public immutable tssAddress;

fbac · 2024-07-23T21:19:31Z

contracts/prototypes/evm/ZetaConnectorNewBase.sol

-    event WithdrawAndCall(address indexed to, uint256 amount, bytes data);
-    event WithdrawAndRevert(address indexed to, uint256 amount, bytes data);
+    // @dev Only TSS address allowed modifier.
+    modifier onlyTSS() {


nit: onlyTSS() is defined two times, we could consider moving it to an external file which defines modifier onlyAddress(address)

what would be a good solution here, would we need separate contract which defines this modifier and inherit from it?

We can aim for something in the direction of open-zeppelin Ownable (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol)

This way we can abstract the access control logic into a single contract, something like TSSAccessControl.sol that exposes:

defines a tssAddress.

defines the logic to update the tssAddress (more on this later).

exposes an onlyTSS modifier which can be used from different contracts, and those don't have to even know where the TSS address is pointing to.

Regarding the upgrading logic, bear with me as I still lack some context on when and how the TSS address is updated I see a couple options:

how is it performed currently?

we could explore current developed proxy patterns, such as open zeppelin UpgradeableBeacon.

we could have some proxy custom developed pattern implementation, like:
TSSAddress.sol <- TSSAddressAccessControl.sol <- [contracts implementing RBAC]

TSSAddress.sol has a const tssAddress.

TSSAddressAccessControl would have a tssAddress variable which is proxied to TSSAddress.sol

Rest of the contracts would use TSSAddressAccessControl functions and modifiers.

Upgrade procedure: deploy a new TSSAddress.sol, switch the proxy implementation in TSSAddressAccessControl.

i like having TssAccessControl.sol, thanks for suggestion , let's tackle that and remaining questions in #255

lumtis

Can we start write a specs, like a table listing what actors can be calling what contracts?
Similar to: https://www.notion.so/zetachain/Admin-Policy-Groups-4e501dd64dfc460180a361f9b8507310
We can do it here: https://www.notion.so/zetachain/Access-Control-1dd47015d1d8401ca5216f82922bcf87?pvs=4
This can be then shared to security team for review (the docs will be more complete later based on comment below)

I had in mind initially for the issue to port also the admin security mechanism of v1 into it.
Example:

protocol-contracts/contracts/evm/ZetaConnector.base.sol

Line 151 in a2da596

function pause() external onlyPauser {

But I realized, this would be better to address in a further PR

Create issue: #255

contracts/prototypes/evm/GatewayEVM.sol

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0f8ab79 and 9c324a0.

Files selected for processing (4)

contracts/prototypes/evm/GatewayEVM.sol (6 hunks)
v2/lib/forge-std (1 hunks)
v2/lib/openzeppelin-contracts-upgradeable (1 hunks)
v2/lib/openzeppelin-foundry-upgrades (1 hunks)

Files skipped from review due to trivial changes (3)

v2/lib/forge-std
v2/lib/openzeppelin-contracts-upgradeable
v2/lib/openzeppelin-foundry-upgrades

Files skipped from review as they are similar to previous changes (1)

contracts/prototypes/evm/GatewayEVM.sol

skosito · 2024-07-24T23:28:43Z

Can we start write a specs, like a table listing what actors can be calling what contracts? Similar to: https://www.notion.so/zetachain/Admin-Policy-Groups-4e501dd64dfc460180a361f9b8507310 We can do it here: https://www.notion.so/zetachain/Access-Control-1dd47015d1d8401ca5216f82922bcf87?pvs=4 This can be then shared to security team for review (the docs will be more complete later based on comment below)

I had in mind initially for the issue to port also the admin security mechanism of v1 into it. Example:

protocol-contracts/contracts/evm/ZetaConnector.base.sol

Line 151 in a2da596

function pause() external onlyPauser {

But I realized, this would be better to address in a further PR
Create issue: #255

yes, will add after #255 is done

fbac

Great work, LGTM!

skosito added 8 commits July 23, 2024 19:00

access control for erc20 custody new

5b5cc4b

cleanup erc20 custody new events and errors

f1cf789

access control for gateway evm

8b9669e

move connector events to interface

1851b89

add tss address to connector and fix uniswap integration test

ba0f25f

tests for tss sender in connector

3f4990c

remove access control todos from zevm contracts

a686f66

generate

58160e8

skosito requested review from andresaiello, brewmaster012, lumtis, CharlieMc0, fadeev and fbac as code owners July 23, 2024 19:07

github-advanced-security bot found potential problems Jul 23, 2024

View reviewed changes

coderabbitai bot reviewed Jul 23, 2024

View reviewed changes

missing access control

0f8ab79

github-advanced-security bot found potential problems Jul 23, 2024

View reviewed changes

coderabbitai bot reviewed Jul 23, 2024

View reviewed changes

fbac reviewed Jul 23, 2024

View reviewed changes

lumtis reviewed Jul 24, 2024

View reviewed changes

contracts/prototypes/evm/GatewayEVM.sol Outdated Show resolved Hide resolved

contracts/prototypes/evm/GatewayEVM.sol Outdated Show resolved Hide resolved

PR comment

9c324a0

coderabbitai bot reviewed Jul 24, 2024

View reviewed changes

fix submodules

3cc2443

skosito added 2 commits July 25, 2024 02:00

fix generate

57f1c6c

fix test

77f2bf0

lumtis approved these changes Jul 25, 2024

View reviewed changes

skosito requested a review from fbac July 25, 2024 12:40

fbac approved these changes Jul 25, 2024

View reviewed changes

fbac mentioned this pull request Jul 25, 2024

Setup security mechanism: TSS updater, pauser, etc.. #255

Closed

skosito merged commit 9b5ff23 into main Jul 25, 2024
11 checks passed

skosito deleted the access-control branch July 25, 2024 14:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: v2 contracts access control #247

feat: v2 contracts access control #247

skosito commented Jul 23, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Jul 23, 2024 •

edited

Loading

Rate limit exceeded

Chat

CodeRabbit Commands (invoked as PR comments)

CodeRabbit Configuration File (`.coderabbit.yaml`)

Documentation and Community

codecov-commenter commented Jul 23, 2024 •

edited

Loading

coderabbitai bot left a comment

coderabbitai bot Jul 23, 2024

coderabbitai bot Jul 23, 2024

skosito commented Jul 23, 2024

coderabbitai bot left a comment

coderabbitai bot Jul 23, 2024

fbac Jul 23, 2024

skosito Jul 24, 2024

skosito Jul 24, 2024

fbac Jul 23, 2024

skosito Jul 24, 2024

skosito Jul 24, 2024

fbac Jul 23, 2024

fbac Jul 23, 2024

fbac Jul 23, 2024

fbac Jul 23, 2024

skosito Jul 24, 2024

fbac Jul 24, 2024

skosito Jul 24, 2024

lumtis left a comment

coderabbitai bot left a comment

skosito commented Jul 24, 2024

fbac left a comment

	address public tssAddress;
	address public immutable tssAddress;

	function executeRevert(address destination, bytes calldata data) public payable onlyTSS {
	function executeRevert(address destination, bytes calldata data) public payable onlyTSS {
	+ if (destination == address(0)) revert ZeroAddress();

feat: v2 contracts access control #247

feat: v2 contracts access control #247

Conversation

skosito commented Jul 23, 2024 • edited by coderabbitai bot Loading

Summary by CodeRabbit

coderabbitai bot commented Jul 23, 2024 • edited Loading

Rate limit exceeded

Walkthrough

Changes

Sequence Diagram(s)

Assessment against linked issues

Chat

CodeRabbit Commands (invoked as PR comments)

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

codecov-commenter commented Jul 23, 2024 • edited Loading

Codecov Report

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Jul 23, 2024

Choose a reason for hiding this comment

coderabbitai bot Jul 23, 2024

Choose a reason for hiding this comment

skosito commented Jul 23, 2024

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Jul 23, 2024

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

lumtis left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

skosito commented Jul 24, 2024

fbac left a comment

Choose a reason for hiding this comment

skosito commented Jul 23, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Jul 23, 2024 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)

codecov-commenter commented Jul 23, 2024 •

edited

Loading