ETH connector#59
Merged
Merged
Conversation
* EIP712-Withdraw: fixed encoding rules and order. * EIP712-Withdraw: `verify_withdraw_eip712` returns `true` only if the sender address equals to the address of message signer. * EIP712-Withdraw: update tests. * EIP712-Withdraw: refactoring. * ethabit::encode_token_packed: use right-padded encoding for `Address`. * WithdrawFromEthCallArgs: fixed `amount` type conversion.
…ra-engine into evm-deposit-withdraw
sept-en
reviewed
May 13, 2021
Comment on lines
+540
to
+546
| if fee > 0 { | ||
| let evm_relayer_address: EthAddress = engine | ||
| .get_relayer(&message_data.relayer.as_bytes()) | ||
| .expect("ERR_WRONG_RELAYER_ID") | ||
| .0; | ||
| self.mint_eth(evm_relayer_address, fee); | ||
| } |
Contributor
There was a problem hiding this comment.
This part works incorrectly and actually is critical. Currently, this works like that:
- If the fee is zero, the user receives the full amount, and the transaction is "Succeeded".
- If the fee is greater than thero:
a) Query for the registered relayer, the relayer is registered. Then mint appropriate amount of fee to the relayer. The transaction is "Succeeded".
b) Query for the registered relayer, the relayer is NOT registered. So we panic with "ERR_WRONG_RELAYER_ID", the transaction is "Failed". The user is not receiving his money, the proof was recorded as used on the previous steps so it's not possible to finish the deposit for this transaction any more. So basically, it's easy to burn any produced proof by not registering the relayer.
The suggested solution for that is the following:
- Make sure we never ever panic in the
ft_on_transferexecution (at least for the ETH branch), as the proof was recorded on the previous steps so we won't be able to restore it. - If the
fee > 0, but there's no registered relayer for the predecessor account, mint the fee to the recipient as well. If we don't mint the fee for the recipient, this amount won't be minted and there's no sense in it.
Contributor
There was a problem hiding this comment.
Contributor
There was a problem hiding this comment.
Hugely important on what you said. If there is a proof, we need to be able to use it on the previous steps. They must ALWAYS be restorable, only once, of course.
Contributor
There was a problem hiding this comment.
There's no way to straight-forwardly revert the chain of promises at the moment. So this is correct that the proof is recorded in the previous step and only after that the tokens are minted. This protects from proof reusage and possible reentrancy attempts. We just need to try making all possible checks before storing the proof and don't let it panic at a later stage.
Member
Author
There was a problem hiding this comment.
Good point!
@joshuajbouw FYI it's not related to Proof. We can reproduce it without Deposit call because ft_transfer_call is a public method.
Member
Author
There was a problem hiding this comment.
@sept-en @joshuajbouw I fixed that issue. Also, I placed an early checker for all possible assertions in ft_on_transfer.
Member
Author
sept-en
suggested changes
May 20, 2021
Comment on lines
+364
to
+366
| } else { | ||
| None | ||
| } |
Contributor
There was a problem hiding this comment.
This is wrong as according to the NEP-145 specs: If the account is unknown to the contract then the total account storage balance returned will be zero.
So we need to always return StorageBalance, and zero for unknown accounts.
Contributor
There was a problem hiding this comment.
Please note the appropriate issue in near-sdk-rs.
* Eugene's review 2021-05-08 * Eth connector improvements after review 2021-05-18 (#98) * Adde improvements afterreview - account checking, msg len check, json lib * Added json parser. Changed balance_of * Fixed balance_of test * json for ft_transfer & fix test * Json args for ft_transfer_call & fixed tests * Added json for FT storage methods * Fix ft_resolve transfer promise result check. Removed total_supply_near * Fix to NEP-145: storage_balance_of * Fix storage_balance_of to NEP-145 * Eth connector statistic (#104) * Added get_accounts_counter & tests * Clippy fix * Fixed: check accounts_contains_key & added comments * Lint: cargo fmt * Chanched key for Statistics * Update src/connector.rs Imptove comments Co-authored-by: Michael Birch <michael@near.org> * Changed: - get_accounts_counter - return le_bytes Added: - test_get_accounts_counter_and_transfer - check recalculation accounts Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Evgeny Ukhanov <mrlsd@ya.ru> Co-authored-by: Michael Birch <michael@near.org>
sept-en
reviewed
May 27, 2021
| Contract = 0x0, | ||
| FungibleToken = 0x1, | ||
| UsedEvent = 0x2, | ||
| StatisticsAuroraAccountsCounter = 0x3, |
Contributor
There was a problem hiding this comment.
It makes sense to start statistics Id from something like 0xF or 0x10. So if other fields related to the contract itself are added in the future, they will come in order and not going to be mixed with Ids for Statistics.
I'll create a PR for that.
* Added tests: * test_deposit_near_with_zero_fee * test_deposit_evm_with_zero_fee * Added: * test_deposit_evm_amount_equal_fee_non_zero * check_execution_status_failure * Improved: * test_deposit_with_same_proof Added: * test_deposit_wrong_custodian_address * Added tests: * test_deposit_near_amount_less_fee * test_deposit_evm_amount_less_fee * test_deposit_near_amount_zero_fee_non_zero * test_deposit_evm_amount_zero_fee_non_zero * test_deposit_near_amount_equal_fee_non_zero * Changed: test_deposit_wrong_custodian_address
* EthConnector: make AdminControlled and pausable. * EthConnector: add AdminControlled&pausability tests. * Stylystic fixes. * AdminControlled: add panic message when paused. * AdminControlled: minor refactoring. * AdminControlled: add errors. Naming improvements. * AdminControlled: doc improvements. * Test fixes. * Fix fmt * AdminControlled: make IO in main contract module. * AdminControlled:explicitly check panic msg in tests.
* Rename `check_execution_status_failure()` method to `assert_execution_status_failure()`; * `assert_execution_status_failure()`: accept panic message as an arg. * Explicitly specify the panic message for each `assert_execution_status_failure()` if the promise didn't fail with the provided error message. * Eth-connector tests: improve checks for failure msg. * Usually the converted to string has either of the following two messages formats: "Action #0: Smart contract panicked: ERR_MSG [src/some_file.rs:LINE_NUMBER:COLUMN_NUMBER]" "right: 'MISMATCHED_DATA': ERR_MSG [src/some_file.rs:LINE_NUMBER:COLUMN_NUMBER]" So the ": ERR_MSG [" pattern should catch all invariants of error, even if one of the errors message is a subset of another one (e.g. `ERR_MSG_FAILED` is a subset of `ERR_MSG_FAILED_FOO`).
* Document `aurora encode-address` usage. * Cache cargo artifacts between CI runs. (#92) * Address comments from audit. (#86) * Validate register length in `read_input_arr20()` * Only read register length in `Engine::get_code_size` * Add `read_input_borsh()` * Ensure `method.args.len() == args_decoded.len()` * Ensure register size is 8 in `read_u64` * Use constant to specify the register ID used in `read_input()` * Reduce size of `cargo cache` in CI. (#95) * Define a `Wei` newtype for balances. (#96) * Fix evm-bully builds after recent refactoring. (#100) * Refactor `Engine::get_state` to return a `Result`. (#99) * Ensure that `Cargo.lock` in the repo is valid. (#101) * Remove unneeded nightly feature. (#102) * Dispatch precompiles on the full address. (#107) * Support state migration on upgrade. (#103) * Remove resolved TODOs * Fix state migration test * Conditional compilation minor improvements. Co-authored-by: Arto Bendiken <arto@aurora.dev> Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Aleksey Kladov <aleksey.kladov@gmail.com>
* Add `set_eth_connector_contract_data()` method. * Minor refactoring: `init_contract()` method now accepts `InitCallArgs` instead of making IO operations in it.
…gine into eth-connector-merge-develop-after-target-change
mfornet
added a commit
that referenced
this pull request
Jun 4, 2021
* Base precompile code between connectors (#73) * Base precompile code between connectors * Handle errors and validate input * Use proper result * Document `aurora encode-address` usage. * Cache cargo artifacts between CI runs. (#92) * Address comments from audit. (#86) * Validate register length in `read_input_arr20()` * Only read register length in `Engine::get_code_size` * Add `read_input_borsh()` * Ensure `method.args.len() == args_decoded.len()` * Ensure register size is 8 in `read_u64` * Use constant to specify the register ID used in `read_input()` * Reduce size of `cargo cache` in CI. (#95) * Define a `Wei` newtype for balances. (#96) * Fix evm-bully builds after recent refactoring. (#100) * Refactor `Engine::get_state` to return a `Result`. (#99) * Ensure that `Cargo.lock` in the repo is valid. (#101) * Remove unneeded nightly feature. (#102) * Implement BC generational storage. * fix address input * remove note * put key on the end of the storage key * remove pub from methods * Dispatch precompiles on the full address. (#107) * Support state migration on upgrade. (#103) * Implement the ETH connector. (#59) * Move when to call `set_generation` * Fix arg Co-authored-by: Marcelo Fornet <mfornet94@gmail.com> Co-authored-by: Arto Bendiken <arto@aurora.dev> Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Aleksey Kladov <aleksey.kladov@gmail.com> Co-authored-by: Evgeny Ukhanov <mrlsd@ya.ru>
mfornet
added a commit
that referenced
this pull request
Jun 10, 2021
* Add tests for state check after selfdestruct * Aurora runner tracks storage usage to avoid underflow when storage is released in future transactions (#85) * Implement generational storage (#87) * Base precompile code between connectors (#73) * Base precompile code between connectors * Handle errors and validate input * Use proper result * Document `aurora encode-address` usage. * Cache cargo artifacts between CI runs. (#92) * Address comments from audit. (#86) * Validate register length in `read_input_arr20()` * Only read register length in `Engine::get_code_size` * Add `read_input_borsh()` * Ensure `method.args.len() == args_decoded.len()` * Ensure register size is 8 in `read_u64` * Use constant to specify the register ID used in `read_input()` * Reduce size of `cargo cache` in CI. (#95) * Define a `Wei` newtype for balances. (#96) * Fix evm-bully builds after recent refactoring. (#100) * Refactor `Engine::get_state` to return a `Result`. (#99) * Ensure that `Cargo.lock` in the repo is valid. (#101) * Remove unneeded nightly feature. (#102) * Implement BC generational storage. * fix address input * remove note * put key on the end of the storage key * remove pub from methods * Dispatch precompiles on the full address. (#107) * Support state migration on upgrade. (#103) * Implement the ETH connector. (#59) * Move when to call `set_generation` * Fix arg Co-authored-by: Marcelo Fornet <mfornet94@gmail.com> Co-authored-by: Arto Bendiken <arto@aurora.dev> Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Aleksey Kladov <aleksey.kladov@gmail.com> Co-authored-by: Evgeny Ukhanov <mrlsd@ya.ru> * Fix layout of the key * Fix all tests (don't wipe the storage all the time) * Use correct generation in writing storage * Remove unnecessary references Co-authored-by: Michael Birch <michael@near.org> Co-authored-by: Joshua J. Bouw <dev@joshuajbouw.com> Co-authored-by: Arto Bendiken <arto@aurora.dev> Co-authored-by: Aleksey Kladov <aleksey.kladov@gmail.com> Co-authored-by: Evgeny Ukhanov <mrlsd@ya.ru> Co-authored-by: Michael Birch <michael.birch@aurora.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ETH connector contains fugible token logic for specific flow.
To verify logic: