algo/patch: wormhole security patches for algorand

algorand/admin.py

@@ -366,7 +366,7 @@ class PortalCore:
         b += self.encoder("uint16", 8)
 
         b += decode_address(approval["hash"]).hex()
-        print("core " + decode_address(approval["hash"]).hex())
+        print("core hash: " + decode_address(approval["hash"]).hex())
 
         ret = [b]
 
@@ -389,7 +389,7 @@ class PortalCore:
         b += self.encoder("uint8", 2)  # action
         b += self.encoder("uint16", 8) # target chain
         b += decode_address(approval["hash"]).hex()
-        print("token " + decode_address(approval["hash"]).hex())
+        print("token hash: " + decode_address(approval["hash"]).hex())
 
         ret.append(b)
         return ret

algorand/token_bridge.py

@@ -94,7 +94,8 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
         return MagicAssert(And(
             e.rekey_to() == Global.zero_address(),
             e.close_remainder_to() == Global.zero_address(),
-            e.asset_close_to() == Global.zero_address()
+            e.asset_close_to() == Global.zero_address(),
+            e.on_completion() == OnComplete.NoOp
         ))
 
     @Subroutine(TealType.none)
@@ -240,6 +241,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
                 verifyVAA.application_id() == App.globalGet(Bytes("coreid")),
                 verifyVAA.application_args[0] == Bytes("verifyVAA"),
                 verifyVAA.sender() == Txn.sender(),
+                verifyVAA.on_completion() == OnComplete.NoOp,
 
                 # Lets see if the vaa we are about to process was actually verified by the core
                 verifyVAA.application_args[1] == Txn.application_args[1],
@@ -305,12 +307,14 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
             checkForDuplicate(),
 
             tidx.store(Txn.group_index() - Int(4)),
+
             MagicAssert(And(
                 # Lets see if the vaa we are about to process was actually verified by the core
                 Gtxn[tidx.load()].type_enum() == TxnType.ApplicationCall,
                 Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
                 Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
                 Gtxn[tidx.load()].sender() == Txn.sender(),
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
 
                 # we are all taking about the same vaa?
                 Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
@@ -466,6 +470,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
                 Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
                 Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
                 Gtxn[tidx.load()].sender() == Txn.sender(),
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
 
                 # Lets see if the vaa we are about to process was actually verified by the core
                 Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
@@ -981,7 +986,12 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
             algo_seed.amount() == Int(seed_amt),
             # Check that its an opt in to us
             optin.type_enum() == TxnType.ApplicationCall,
-            optin.on_completion() == OnComplete.OptIn
+            optin.on_completion() == OnComplete.OptIn,
+
+            optin.application_id() == Global.current_application_id(),
+
+            algo_seed.receiver() == optin.sender(),
+            optin.rekey_to() == Global.current_application_address()
         )
 
         return Seq(

algorand/wormhole_core.py

@@ -132,6 +132,9 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
                 optin.on_completion() == OnComplete.OptIn,
                 # Not strictly necessary since we wouldn't be seeing this unless it was us, but...
                 optin.application_id() == Global.current_application_id(),
+
+                algo_seed.receiver() == optin.sender(),
+                optin.rekey_to() == Global.current_application_address()
             )
     
             return Seq(
@@ -314,10 +317,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
             ])
 
         def verifySigs():
-            return Seq([
-                Approve(),
-            ])
-
+            return Return (Txn.sender() == STATELESS_LOGIC_HASH)
 
         @Subroutine(TealType.none)
         def checkForDuplicate():
@@ -513,6 +513,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
                     Gtxn[Txn.group_index() - Int(1)].application_args[0] == Bytes("verifyVAA"),
                     Gtxn[Txn.group_index() - Int(1)].sender() == Txn.sender(),
                     Gtxn[Txn.group_index() - Int(1)].rekey_to() == Global.zero_address(),
+                    Gtxn[Txn.group_index() - Int(1)].on_completion() == OnComplete.NoOp,
 
                     # Lets see if the vaa we are about to process was actually verified by the core
                     Gtxn[Txn.group_index() - Int(1)].application_args[1] == Txn.application_args[1],