-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eth: remove isRedeemable contract method, disable estimateRedeemGas #2111
Conversation
Redeployed Goerli contracts, but dex-test server is still expecting the old ones! |
New contracts are now in use on dex-test. re-test on goerli |
Caution! Still using the bonkers gas limits Limits are revised up in #2013. I'll rebase that PR on this after redeploying on mainnet as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still an isRedeemable
method in the reentry test contract at VulnerableToReentryAttack.sol. Do we care?
client/asset/eth/eth.go
Outdated
/* We could get a gas estimate via RPC, but this will reveal the secret key | ||
before submitting the redeem transaction. This is not OK for maker. This | ||
could be acceptable if any error from estimateRedeemGas is not fatal, and | ||
we redeem regardless (using hard-coded gas). Disable for now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could be acceptable if any error from estimateRedeemGas is not fatal, and we redeem regardless
I question whether even that is appropriate. If the risk is that the provider is in on the scam, then they could just deny our redemption broadcast.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with that. I'll revise the comment so it doesn't suggest it as a possibility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do still want to leave this commented code in case we one day have a privacy-preserving client wallet.🤞
Not really. I see that as a proof of concept. Could really just delete it, let it be in git history for reference. |
This method made more sense when the client was using a private node, however this is a vulnerability with public RPC providers. This removes the isRedeemable public method from the Solidity contracts ETHSwapV0 and ERC20SwapV0. This also updates the solc version to 0.8.18, the current latest. This may or may not be required, but there are two solc bugs prior to 0.8.17: - https://etherscan.io/solcbuginfo?a=StorageWriteRemovalBeforeConditionalTermination - https://etherscan.io/solcbuginfo?a=AbiReencodingHeadOverflowWithStaticArrayCleanup Since we are having to re-deploy the contracts, we are updating the solc version to 0.8.18+commit.87f61d96 (*assetWallet).isRedeemable now performs the redeemable check itself. That is: - the swap() contractor method can retrieve the swap state - the swap state is SSInitiated - the secret hashes to the secretHash
8ddb5b9
to
132aefd
Compare
The
isRedeemable
method made more sense when the client was using a private node, however this is a vulnerability with public RPC providers, which is what we are forced to use since The Merge (boo).This removes the
isRedeemable
public method from the Solidity contractsETHSwapV0
andERC20SwapV0
.This also updates the solc version to 0.8.18 (github download), the current latest. This may or may not be required, but there are two solc bugs prior to 0.8.17:
Since we are having to re-deploy the contracts, we are updating the solc version to 0.8.18+commit.87f61d96. Note that
abigen
v1.10.26 was used to regenerate the contract ABI bindings.(*assetWallet).isRedeemable
now performs the redeemable check itself. That is:swap()
contractor method can retrieve the swap stateSSInitiated
secret
hashes to thesecretHash
Finally this disables the use of
estimateRedeemGas
, which also reveals secret ahead of the redeem transaction. There is a possibly we could use this method if we recognize a private full node as the backend, or if we ensure thatredeem
always occurs even ifestimateRedeemGas
fails or returns nonsense. Further, this would be safe for taker (participant), but not maker (initiator).