GitBross Home Explore Help
Register Sign In
sol_BMCMMXZh
/
wormhole-foundation_wormhole
mirror of https://github.com/wormhole-foundation/wormhole
1
0
Fork 0
Files Issues 1 Wiki
Browse Source

algo/patch: wormhole security patches for algorand

Josh Siegel 3 years ago
parent
ca43f8629a
commit
d3d68fde26
3 changed files with 19 additions and 8 deletions
Split View Show Diff Stats
  1. 2 2
      algorand/admin.py
  2. 12 2
      algorand/token_bridge.py
  3. 5 4
      algorand/wormhole_core.py

+ 2 - 2
algorand/admin.py
View File 

@@ -366,7 +366,7 @@ class PortalCore:
 
         b += self.encoder("uint16", 8)
 
 
         b += decode_address(approval["hash"]).hex()
 
-        print("core " + decode_address(approval["hash"]).hex())
 
+        print("core hash: " + decode_address(approval["hash"]).hex())
 
 
         ret = [b]
 
 
@@ -389,7 +389,7 @@ class PortalCore:
 
         b += self.encoder("uint8", 2)  # action
 
         b += self.encoder("uint16", 8) # target chain
 
         b += decode_address(approval["hash"]).hex()
 
-        print("token " + decode_address(approval["hash"]).hex())
 
+        print("token hash: " + decode_address(approval["hash"]).hex())
 
 
         ret.append(b)
 
         return ret

+ 12 - 2
algorand/token_bridge.py
View File 

@@ -94,7 +94,8 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
 
         return MagicAssert(And(
 
             e.rekey_to() == Global.zero_address(),
 
             e.close_remainder_to() == Global.zero_address(),
 
-            e.asset_close_to() == Global.zero_address()
 
+            e.asset_close_to() == Global.zero_address(),
 
+            e.on_completion() == OnComplete.NoOp
 
         ))
 
 
     @Subroutine(TealType.none)
 
@@ -240,6 +241,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
 
                 verifyVAA.application_id() == App.globalGet(Bytes("coreid")),
 
                 verifyVAA.application_args[0] == Bytes("verifyVAA"),
 
                 verifyVAA.sender() == Txn.sender(),
 
+                verifyVAA.on_completion() == OnComplete.NoOp,
 
 
                 # Lets see if the vaa we are about to process was actually verified by the core
 
                 verifyVAA.application_args[1] == Txn.application_args[1],
 
@@ -305,12 +307,14 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
 
             checkForDuplicate(),
 
 
             tidx.store(Txn.group_index() - Int(4)),
 
+
 
             MagicAssert(And(
 
                 # Lets see if the vaa we are about to process was actually verified by the core
 
                 Gtxn[tidx.load()].type_enum() == TxnType.ApplicationCall,
 
                 Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
 
                 Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
 
                 Gtxn[tidx.load()].sender() == Txn.sender(),
 
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
 
 
                 # we are all taking about the same vaa?
 
                 Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
 
@@ -466,6 +470,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
 
                 Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
 
                 Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
 
                 Gtxn[tidx.load()].sender() == Txn.sender(),
 
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
 
 
                 # Lets see if the vaa we are about to process was actually verified by the core
 
                 Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
 
@@ -981,7 +986,12 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
 
             algo_seed.amount() == Int(seed_amt),
 
             # Check that its an opt in to us
 
             optin.type_enum() == TxnType.ApplicationCall,
 
-            optin.on_completion() == OnComplete.OptIn
 
+            optin.on_completion() == OnComplete.OptIn,
 
+
 
+            optin.application_id() == Global.current_application_id(),
 
+
 
+            algo_seed.receiver() == optin.sender(),
 
+            optin.rekey_to() == Global.current_application_address()
 
         )
 
 
         return Seq(

+ 5 - 4
algorand/wormhole_core.py
View File 

@@ -132,6 +132,9 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
 
                 optin.on_completion() == OnComplete.OptIn,
 
                 # Not strictly necessary since we wouldn't be seeing this unless it was us, but...
 
                 optin.application_id() == Global.current_application_id(),
 
+
 
+                algo_seed.receiver() == optin.sender(),
 
+                optin.rekey_to() == Global.current_application_address()
 
             )
 
     
             return Seq(
 
@@ -314,10 +317,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
 
             ])
 
 
         def verifySigs():
 
-            return Seq([
 
-                Approve(),
 
-            ])
 
-
 
+            return Return (Txn.sender() == STATELESS_LOGIC_HASH)
 
 
         @Subroutine(TealType.none)
 
         def checkForDuplicate():
 
@@ -513,6 +513,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
 
                     Gtxn[Txn.group_index() - Int(1)].application_args[0] == Bytes("verifyVAA"),
 
                     Gtxn[Txn.group_index() - Int(1)].sender() == Txn.sender(),
 
                     Gtxn[Txn.group_index() - Int(1)].rekey_to() == Global.zero_address(),
 
+                    Gtxn[Txn.group_index() - Int(1)].on_completion() == OnComplete.NoOp,
 
 
                     # Lets see if the vaa we are about to process was actually verified by the core
 
                     Gtxn[Txn.group_index() - Int(1)].application_args[1] == Txn.application_args[1],