Merge branch 'master' into develop

.clang-format

@@ -12,9 +12,9 @@ SortIncludes: false
 SpaceAfterCStyleCast: true
 AllowShortCaseLabelsOnASingleLine: false
 AllowAllArgumentsOnNextLine: false
-AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: Never
 AllowShortFunctionsOnASingleLine: None
 BinPackArguments: false
 BinPackParameters: false
 ---
+

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,14 @@
+FROM ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest AS LITE_BUILDER
+
+# Base image with clang toolchain
+FROM gcr.io/oss-fuzz-base/base-builder:v1
+
+# Copy the project's source code.
+COPY . $SRC/app-plugin-paraswap
+COPY --from=LITE_BUILDER /opt/nanox-secure-sdk $SRC/app-plugin-paraswap/BOLOS_SDK
+
+# Working directory for build.sh
+WORKDIR $SRC/app-plugin-paraswap
+
+# Copy build.sh into $SRC dir.
+COPY ./.clusterfuzzlite/build.sh $SRC/

.clusterfuzzlite/build.sh

@@ -0,0 +1,9 @@
+#!/bin/bash -eu
+
+# build fuzzers
+
+pushd fuzzing
+cmake -DBOLOS_SDK=../BOLOS_SDK -Bbuild -H.
+make -C build
+mv ./build/fuzz "${OUT}"
+popd

.clusterfuzzlite/project.yaml

@@ -0,0 +1 @@
+language: c

.github/workflows/cflite_cron.yml

@@ -0,0 +1,41 @@
+name: ClusterFuzzLite cron tasks
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main  # Use your actual default branch here.
+  schedule:
+    - cron: '0 13 * * 6'  # At 01:00 PM, only on Saturday
+permissions: read-all
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - mode: batch
+            sanitizer: address
+          - mode: batch
+            sanitizer: memory
+          - mode: prune
+            sanitizer: address
+          - mode: coverage
+            sanitizer: coverage
+    steps:
+    - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        language: c # Change this to the language you are fuzzing.
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: ${{ matrix.mode }}
+        sanitizer: ${{ matrix.sanitizer }}
+

.github/workflows/cflite_pr.yml

@@ -0,0 +1,43 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: c # Change this to the language you are fuzzing.
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        output-sarif: true
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

.github/workflows/ci-workflow.yml

@@ -23,6 +23,8 @@ jobs:
             name: "nanosp"
           - sdk: "$STAX_SDK"
             name: "stax"
+          - sdk: "$FLEX_SDK"
+            name: "flex"
 
     runs-on: ubuntu-latest
     container:
@@ -49,6 +51,10 @@ jobs:
             name: "nanox"
           - sdk: "$NANOSP_SDK"
             name: "nanosp"
+          - sdk: "$STAX_SDK"
+            name: "stax"
+          - sdk: "$FLEX_SDK"
+            name: "flex"
 
     runs-on: ubuntu-latest
     container:
@@ -85,6 +91,10 @@ jobs:
             name: "nanox"
           - sdk: "$NANOSP_SDK"
             name: "nanosp"
+          - sdk: "$STAX_SDK"
+            name: "stax"
+          - sdk: "$FLEX_SDK"
+            name: "flex"
 
     runs-on: ubuntu-latest
     container:
@@ -95,6 +105,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           repository: LedgerHQ/app-ethereum
+          submodules: recursive
           ref: ${{ ((github.base_ref || github.ref_name) == 'main' && 'master') || (github.base_ref || github.ref_name) }}
 
       - name: Build
@@ -140,4 +151,4 @@ jobs:
 
       - name: Run Zemu tests
         run: |
-          cd tests && yarn test
+          cd tests && yarn test

.github/workflows/lint-workflow.yml

@@ -11,16 +11,7 @@ on:
 
 jobs:
   job_lint:
-    name: Lint
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone
-        uses: actions/checkout@v3
-
-      - name: Lint
-        uses: DoozyX/[email protected]
-        with:
-          source: "./"
-          extensions: "h,c"
-          clangFormatVersion: 12.0.1
+    name: Check linting using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_lint.yml@v1
+    with:
+      source: "./src"

.gitignore

@@ -5,11 +5,12 @@ bin/
 debug/
 dep/
 obj/
-tests/elfs/plugin_nano*.elf
+tests/elfs/*
 build/
 
 # Editors
 .idea/
+.vscode/
 
 # Python
 *.pyc[cod]
@@ -23,3 +24,6 @@ __pycache__/
 tests/node_modules
 tests/lib
 tests/snapshots-tmp
+
+# MacOS
+.DS_Store

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "ethereum-plugin-sdk"]
 	path = ethereum-plugin-sdk
-	url = git@github.com:LedgerHQ/ethereum-plugin-sdk.git
+	url = https://github.com/LedgerHQ/ethereum-plugin-sdk.git

Makefile

@@ -19,7 +19,7 @@ APPNAME = "Paraswap"
 
 # Application version
 APPVERSION_M = 2
-APPVERSION_N = 1
-APPVERSION_P = 1
+APPVERSION_N = 2
+APPVERSION_P = 0
 
 include ethereum-plugin-sdk/standard_plugin.mk

README.md

@@ -27,13 +27,18 @@ Need more information about the interface, the architecture, or general stuff ab
 Smart contracts covered by this plugin are:
 
 | Network | Version | Smart Contract |
-| ---       | --- | --- |
-| Ethereum  | V4  | `0x1bd435f3c054b6e901b7b108a0ab7617c808677b` |
-| Ethereum  | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
-| BSC       | V4  | `0x55a0e3b6579972055faa983482aceb4b251dcf15`|
-| BSC       | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
-| Polygon   | V4  | `0x90249ed4d69d70e709ffcd8bee2c5a566f65dade`|
-| Polygon   | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| ---            | --- | --- |
+| Arbitrum       | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Base           | V5  | `0x59c7c832e96d2568bea6db468c1aadcbbda08a52`|
+| BSC            | V4  | `0x55a0e3b6579972055faa983482aceb4b251dcf15`|
+| BSC            | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Ethereum       | V4  | `0x1bd435f3c054b6e901b7b108a0ab7617c808677b`|
+| Ethereum       | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Fantom         | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Optimism       | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Polygon        | V4  | `0x90249ed4d69d70e709ffcd8bee2c5a566f65dade`|
+| Polygon        | V5  | `0xdef171fe48cf0115b1d80b88dc8eab59176fee57`|
+| Polygon ZK EVM | V5  | `0xb83b554730d29ce4cb55bb42206c3e2c03e4a40a`|
 
 
 

fuzzing/CMakeLists.txt

@@ -0,0 +1,121 @@
+cmake_minimum_required(VERSION 3.10)
+
+if(${CMAKE_VERSION} VERSION_LESS 3.10)
+    cmake_policy(VERSION ${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION})
+endif()
+
+# project information
+project(Fuzzer
+        VERSION 1.0
+        DESCRIPTION "Contract parser of Paraswap plugin app"
+        LANGUAGES C)
+
+# guard against bad build-type strings
+if (NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE "Release")
+endif()
+
+if (NOT CMAKE_C_COMPILER_ID MATCHES "Clang")
+    message(FATAL_ERROR "Fuzzer needs to be built with Clang")
+endif()
+
+if (NOT DEFINED BOLOS_SDK)
+    message(FATAL_ERROR "BOLOS_SDK environment variable not found.")
+endif()
+
+# guard against in-source builds
+if(${CMAKE_SOURCE_DIR} STREQUAL ${CMAKE_BINARY_DIR})
+    message(FATAL_ERROR "In-source builds not allowed. Please make a new directory (called a build directory) and run CMake from there. You may need to remove CMakeCache.txt. ")
+endif()
+
+# specify C standard
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_C_STANDARD_REQUIRED True)
+
+# compatible with ClusterFuzzLite
+if (NOT DEFINED ENV{LIB_FUZZING_ENGINE})
+    set(COMPILATION_FLAGS_ "-fsanitize=fuzzer,address,undefined,signed-integer-overflow")
+else()
+    set(COMPILATION_FLAGS_ "$ENV{LIB_FUZZING_ENGINE} $ENV{CFLAGS}")
+endif()
+string(REPLACE " " ";" COMPILATION_FLAGS ${COMPILATION_FLAGS_})
+
+add_compile_options(-Wall -Wextra -g -pedantic)
+# Just to limit compilation warnings of the plugin sources
+add_compile_options(-Wno-implicit-function-declaration)
+# Flag depending on the Build Type
+set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -O0")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -ggdb2 -O3")
+
+set(SRC_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../src")
+set(ETH_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../ethereum-plugin-sdk")
+
+add_compile_definitions(
+    APPNAME="Paraswap"
+)
+
+add_compile_definitions(
+    IO_HID_EP_LENGTH=64
+    HAVE_ECC
+    HAVE_ECC_WEIERSTRASS
+    HAVE_SECP_CURVES
+    HAVE_ECC_TWISTED_EDWARDS
+    HAVE_ED_CURVES
+    HAVE_ECDSA
+    HAVE_EDDSA
+    HAVE_HASH
+    HAVE_BLAKE2
+    HAVE_SHA224
+    HAVE_SHA256
+    HAVE_SHA3
+    HAVE_SHA512
+)
+
+include_directories(
+    ${BOLOS_SDK}/include
+    ${BOLOS_SDK}/lib_standard_app
+    ${BOLOS_SDK}/lib_cxng/include
+    ${BOLOS_SDK}/lib_cxng/src
+    ${BOLOS_SDK}/target/nanox/include
+    ${ETH_DIR}/src
+    ${SRC_DIR}
+)
+
+# Take all source files from the application and the sdk
+file(GLOB_RECURSE APPLICATION_SRC
+    # Take all plugin sources
+    ${SRC_DIR}/*.c
+
+    # Take all sdk sources
+    ${ETH_DIR}/src/*.c
+)
+# Filter out main.c from the SDK and the entire dbg folder
+list(FILTER APPLICATION_SRC EXCLUDE REGEX "${ETH_DIR}/src/main|${SRC_DIR}/dbg/")
+
+add_executable(fuzz
+    ${APPLICATION_SRC}
+
+    # fuzzing specific files
+    fuzz_plugin.c
+    mocks.c
+
+    # sdk utils
+    ${BOLOS_SDK}/src/ledger_assert.c
+    ${BOLOS_SDK}/lib_standard_app/format.c
+
+    # cxng
+    ${BOLOS_SDK}/lib_cxng/src/cx_hash.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_sha256.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_sha512.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_sha3.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_blake2b.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_utils.c
+    ${BOLOS_SDK}/lib_cxng/src/cx_ram.c
+)
+
+target_compile_options(fuzz PUBLIC ${COMPILATION_FLAGS})
+target_link_options(fuzz PUBLIC ${COMPILATION_FLAGS})
+
+if (CMAKE_C_COMPILER_ID MATCHES "Clang")
+    add_compile_options(-gdwarf-4)
+endif()