GitBross 首页 发现 帮助
注册 登录
sol_BMCMMXZh
/
wormhole-foundation_wormhole
镜像自地址 https://github.com/wormhole-foundation/wormhole
1
0
派生 0
文件 工单管理 1 Wiki
浏览代码

ethereum: Check that bytes32 fits into 20 bytes before truncating (#1457)

Csongor Kiss 3 年之前
父节点
a8cc328fd0
当前提交
fd540c91b4
共有 2 个文件被更改,包括 29 次插入2 次删除
合并视图 显示文件统计
  1. 13 2
      ethereum/contracts/bridge/Bridge.sol
  2. 16 0
      ethereum/forge-test/Bridge.t.sol

+ 13 - 2
ethereum/contracts/bridge/Bridge.sol
查看文件 

@@ -472,6 +472,17 @@ contract Bridge is BridgeGovernance, ReentrancyGuard {
 
         _completeTransfer(encodedVm, true);
 
         _completeTransfer(encodedVm, true);
 
     }
 
     }
 
 
 
+    /*
 
+     * @dev Truncate a 32 byte array to a 20 byte address.
 
+     *      Reverts if the array contains non-0 bytes in the first 12 bytes.
 
+     *
 
+     * @param bytes32 bytes The 32 byte array to be converted.
 
+     */
 
+    function _truncateAddress(bytes32 b) internal pure returns (address) {
 
+        require(bytes12(b) == 0, "invalid EVM address");
 
+        return address(uint160(uint256(b)));
 
+    }
 
+
 
     // Execute a Transfer message
 
     // Execute a Transfer message
 
     function _completeTransfer(bytes memory encodedVm, bool unwrapWETH) internal returns (bytes memory) {
 
     function _completeTransfer(bytes memory encodedVm, bool unwrapWETH) internal returns (bytes memory) {
 
         (IWormhole.VM memory vm, bool valid, string memory reason) = wormhole().parseAndVerifyVM(encodedVm);
 
         (IWormhole.VM memory vm, bool valid, string memory reason) = wormhole().parseAndVerifyVM(encodedVm);
 
@@ -482,7 +493,7 @@ contract Bridge is BridgeGovernance, ReentrancyGuard {
 
         BridgeStructs.Transfer memory transfer = _parseTransferCommon(vm.payload);
 
         BridgeStructs.Transfer memory transfer = _parseTransferCommon(vm.payload);
 
 
 
         // payload 3 must be redeemed by the designated proxy contract
 
         // payload 3 must be redeemed by the designated proxy contract
 
-        address transferRecipient = address(uint160(uint256(transfer.to)));
 
+        address transferRecipient = _truncateAddress(transfer.to);
 
         if (transfer.payloadID == 3) {
 
         if (transfer.payloadID == 3) {
 
             require(msg.sender == transferRecipient, "invalid sender");
 
             require(msg.sender == transferRecipient, "invalid sender");
 
         }
 
         }
 
@@ -494,7 +505,7 @@ contract Bridge is BridgeGovernance, ReentrancyGuard {
 
 
 
         IERC20 transferToken;
 
         IERC20 transferToken;
 
         if (transfer.tokenChain == chainId()) {
 
         if (transfer.tokenChain == chainId()) {
 
-            transferToken = IERC20(address(uint160(uint256(transfer.tokenAddress))));
 
+            transferToken = IERC20(_truncateAddress(transfer.tokenAddress));
 
 
 
             // track outstanding token amounts
 
             // track outstanding token amounts
 
             bridgedIn(address(transferToken), transfer.amount);
 
             bridgedIn(address(transferToken), transfer.amount);

+ 16 - 0
ethereum/forge-test/Bridge.t.sol
查看文件 

@@ -0,0 +1,16 @@
 
+// SPDX-License-Identifier: Apache 2
 
+
 
+pragma solidity ^0.8.0;
 
+
 
+import "../contracts/bridge/Bridge.sol";
 
+import "forge-std/Test.sol";
 
+
 
+contract TestBridge is Bridge, Test {
 
+    function testTruncate(bytes32 b) public {
 
+        if (bytes12(b) != 0) {
 
+            vm.expectRevert( "invalid EVM address");
 
+        }
 
+        bytes32 converted = bytes32(uint256(uint160(bytes20(_truncateAddress(b)))));
 
+        require(converted == b, "truncate does not roundrip");
 
+    }
 
+}