ERC-20: forbid using invalid NEP141 AccountID for mapping#179
Conversation
|
The code itself looks good, but I'd like to understand the context here. It was mentioned on the Monday call that this is meant to fix a phishing attack where someone tries to spoof a token using different capitalization. But I thought @mfornet said this attack wouldn't be possible if the front-end interfaces were sufficiently good. It's also unclear to me what this attack would accomplish. Could you spell out in more detail what could happen from a user's perspective? |
|
@birchmd it's not only about the attack itself (which needed to be really complex and I don't expect this to happen in the nearest future), but for the code consistency and right conceptual structure. |
birchmd
left a comment
birchmd
left a comment
There was a problem hiding this comment.
Oh, NEAR account IDs must be lowercase anyways, so it makes sense that we always ensure lowercase is used.
|
@birchmd yes, exactly. I guess this was explicitly made to eliminate even the possibility of such issues. For our case, it's expected that we can receive this as an input because users may specify ERC-20 checksummed address which contains both upper- and lower- case letters. But we need all those versions to point to the same ERC-20 on Aurora. Created #180 for the purpose of checking the validity of all used |
|
Still in draft, do you want that review? |
|
In general, there needs to be better data handling that doesn't involve copying borrowed data first. |
* Engine: Add `GetErc20FromNep141Error`, `RegisterTokenError` error types. * Engine: `register_token()` forbid using invalid NEP-141 AccountId as input. * Engine: `get_erc20_from_nep141()` forbid using invalid NEP-141 AccountId as input. * Engine: `register_token()` add logs. * Other minor improvements.
|
@birchmd @joshuajbouw @mfornet |
birchmd
left a comment
birchmd
left a comment
There was a problem hiding this comment.
LGTM
I wonder if it would be nicer to validate the input closer to the boundary of the system and not have errors bubbling up from core logic. I think the PR is ok as-is, but just something that I thought I'd mention to see what others think.
With the aforementioned model the code would look something like
/// Can only be constructed with `ValidAccountId::from_bytes` which does validation.
/// Therefore if a function takes `ValidAccountId` it does not need to worry about invalid accounts.
struct ValidAccountId<'a>(&'a [u8]);
impl ValidAccountId {
fn from_bytes(bytes: &[u8]) -> Option<Self> {
if is_valid_account(bytes) { Some(Self(bytes)) }
else { None }
}
}
pub fn register_token(&mut self, erc20_token: &[u8], nep141_token: ValidAccountId) { ... }
pub fn get_erc20_from_nep141(nep141_token: ValidAccountId) -> Option<Vec<u8>> { ... }
// lib.rs
fn deploy_erc20_token() {
...
let nep141_token = ValidAccountId::from_bytes(&args.nep141).sdk_expect(ERR_INVALID_NEP141_ACCOUNT_ID);
engine.register_token(address.as_bytes(), nep141_token).sdk_unwrap();
....
}
sept-en
changed the title
|
@sept-en when you get back, please fix the conflicts. Thanks buddy. |
* JSON: fix bugs and add unit tests. (#141) * Add storage layout debug support for `EvmErc20.sol`. (#178) * ERC-20: forbid using invalid NEP-141 AccountID for mapping. (#179) * Add EIP-2930 support. (#181, #182) * Migrate all workflows to self-hosted runners. (#185) * Speed up the workflow using build caching. (#189) * Use the new math API host functions. (#190) * Fix `clippy::enum_variant_names` warning. (#192) * Add different networks to the Makefile. (#193) * Update the network status in the README. (#194) * Remove the toolchain installation step in workflows. (#195) * Run all tests for all networks in CI. (#196) * Optimize for performance instead of code size. (#197) * Parallelize the test suites. (#198) * Add build-caching to the testing workflow. (#201) * Refactor tests to use Signer. (#203) * Add options to the bench profile. (#204) * Remove a duplicate test. (#205) * Add a sanity test for access list handling. (#206) * Update nearcore to the latest branch. * Add feature gates to the SDK's new host functions. Co-authored-by: Ahmed Ali <ahmed@aurora.dev> Co-authored-by: Dmitry Strokov <dmitry@aurora.dev> Co-authored-by: Evgeny Ukhanov <evgeny@aurora.dev> Co-authored-by: Joshua J. Bouw <joshua@aurora.dev> Co-authored-by: Kirill <kirill@aurora.dev> Co-authored-by: Michael Birch <michael@aurora.dev>
* ERC-20: forbid using invalid NEP141 AccountID for mapping (#179) * Timestamp should be in milliseconds for Ethereum compatibility (#208) * feat(engine): Blockhash definition (#213) * Update etc/state-migration-test/Cargo.lock (#211) * Include cost of access list in intrinsic gas (#219) * Bump tar from 4.4.13 to 4.4.15 in /etc/eth-contracts (#217) * Feat(engine): Relayer payment (#215) * Scheduled lint is supposed to run nightly clippy (#214) * Return actual status of a transaction (#218) * Added parser for Integer types (#183) * Update to latest nightly (#221) * Fix(engine): do not panic when user has insufficient balance to cover gas (#223) * Update lock files (#224) * Method to fix balance of aurora account on testnet (#225) * Use math api host functions on mainnet (#228) * NEP-141 compliance correctness (#202) * Adapt workflows to dockerized runners (#231) * Move block height to the end of hashed data. (#233) * Ensure solidity artifacts are always recompiled (#234) * Prevent test binary from deploying (#237) * Add removal of eth-contracts to `make clean` * Remove deploy_code feature gate Co-authored-by: Dmitry Strokov <dmitry@aurora.dev> Co-authored-by: Evgeny Ukhanov <evgeny@aurora.dev> Co-authored-by: Joshua J. Bouw <joshua@aurora.dev> Co-authored-by: Kirill <kirill@aurora.dev> Co-authored-by: Michael Birch <michael@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 participants
Fixes #173.