Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/audit (Implementing fixes for audit issues) #522

Merged
merged 32 commits into from
Nov 16, 2022
Merged

Fix/audit (Implementing fixes for audit issues) #522

merged 32 commits into from
Nov 16, 2022

Conversation

ctrlc03
Copy link
Collaborator

@ctrlc03 ctrlc03 commented Sep 16, 2022
edited
Loading

Implemented fixes for several audit issues:

  1. Implemented fixes for possible reentrancy attacks.
  2. Amended error messages in Poll and
    PollyProcesorAndTallyer.
  3. Introduced local variable in AccQueue to prevent updating state
    variables in a for loop.
  4. Removed redundant boolean comparisons.
  5. Added SafeERC20 to
    Poll to check the return value of transferFrom.
  6. Directly storing the new root rather than calling getStateAqRoot in Poll.

fix #503
fix #504
fix #505
fix #508
fix #510

Upgraded Contracts to pragma 0.8.10 and refactored the code.

chaosma and others added 8 commits August 26, 2022 18:20
@chaosma
fix(maci.sol): fix "inconsistent restriction on voice credit upper bo…
7a8c5c1 
…und"

Inconsistent restriction on voice credit upper bound: remove the upper bound. We still have implicit
bound that voice credit<sqrt(field_size), which should be large enough for normal ERC20 balance
@chaosma
fix(processmessages.circom): data are not fully verified during state…
6df6a40 
… update

fixing issue "Data are not fully verified during state update"
@chaosma
change some parameters to constant to reduce gas
f6caf66
@chaosma
fix(topupcredit.sol): add onlyOnwer modifier
ee0c8a6 
add onlyOwner modifier to airdrop/airdropTo in TopupCredit.sol
@chaosma
fix(poll.sol,maci.sol): protect messageAq by nothing up my sleeve hash
04f21b3 
add nothing up my sleeve number into the leaf zero in message queue
@ctrlc03
fix(maci): implemented fixes for several audit issues
6f1fa85 
1. Implemented fixes for possible reentrancy attacks.
 2. Ameneded error messages in `Poll` and
`PollyProcesorAndTallyer`.
 3. Introduced local variable in `AccQueue` to prevent updating state
variables in a for loop.
 4. Removed redundant boolean comparisons.
 5. Added `SafeERC20` to
`Poll` to check the return value of `transferFrom`.

fix privacy-scaling-explorations#503 fix privacy-scaling-explorations#504 fix privacy-scaling-explorations#505 fix privacy-scaling-explorations#508 fix privacy-scaling-explorations#510
@ctrlc03
fix(poll): amended mergeMaciStateAq to directly store the new root …
76c991a 
…to state

Removed redundant call `getStateAqRoot` and directly stored the new root to `mergedStateRoot`
@ctrlc03
fix(maci): reverted a fix and fixed test suits
8300cc5 
Reverted the fix related to updating a state variable in a for loop for AccQueue. Also fixed the
tests by adding the `NOTHING_UP_MY_SLEEVE` hash on the local MaciState instance.
Mikerah
Mikerah suggested changes Sep 28, 2022
View reviewed changes
Copy link

@Mikerah Mikerah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that within AccQueue.mergeSubRoots, nextSubRootIndex isn't updated to use the new _nextSubRootIndex temporary variable here.

contracts/contracts/MACI.sol Show resolved Hide resolved
contracts/contracts/MACI.sol Outdated Show resolved Hide resolved
contracts/contracts/MACI.sol Outdated Show resolved Hide resolved
contracts/contracts/MACI.sol Show resolved Hide resolved
contracts/contracts/MACI.sol Show resolved Hide resolved
contracts/contracts/Poll.sol Show resolved Hide resolved
contracts/contracts/trees/AccQueue.sol Show resolved Hide resolved
contracts/contracts/trees/AccQueue.sol Outdated Show resolved Hide resolved
contracts/contracts/trees/AccQueue.sol Show resolved Hide resolved
core/ts/MaciState.ts Outdated Show resolved Hide resolved
This was linked to issues Sep 28, 2022
MACI: un-initialized message queue #501
Closed
MACI: Inconsistent restriction on voice credit upper bound #502
Closed
MACI: Potential for Re-entrancy in MACI #503
Closed
MACI: Potential for Re-entrancy in Poll #504
Closed
MACI: Return values of transferFrom calls are not checked #505
Closed
MACI: isAfterDeadline, topup and publishMessage in Poll rely on the block timestamp #507
Closed
MACI: _decimals in TopUpCredit and stateTreeDepth in MACI are not constant #509
Closed
MACI: ERROR_VK_NOT_SET and ERROR_SB_COMMITMENT_NOT_SET should be moved to PollProcessorAndTallyer #510
Closed
@Mikerah Mikerah mentioned this pull request Sep 29, 2022
Closed
@ctrlc03
fix(maci): amended the signUp function to reflect the checks-effect…
d62c7c7 
…s-interaction pattern

Moved the `_pubKey` check above before increasing the number of signups.

fix privacy-scaling-explorations#503
@ctrlc03
test(accqueue): added a test to check the effect of running merge wit…
a0b07b9 
…hout enqueing new leaves

Added a test that calls the onchain contract to enqueue without adding new data first, to confirm
that the same root is returned.
@ctrlc03
test(accqueue): added a test to check the effect of running merge wit…
7088602 
…hout enqueing new leaves

Added a test that calls the onchain contract to enqueue without adding new data first, to confirm
that the same root is returned.
@ctrlc03 ctrlc03 linked an issue Sep 30, 2022 that may be closed by this pull request
AccQueue Extra test cases #527
Closed
@ctrlc03
test(core): fixed core tests
ab7d86b 
Fixed failing core tests for MaciState.
@Mikerah Mikerah mentioned this pull request Oct 6, 2022
Open
ctrlc03 and others added 4 commits October 17, 2022 21:06
@ctrlc03
Merge branch 'v1' into fix/audit
f15c8f9
@chaosma
test(fix circuits folder tests): add nothing_up_to_my_sleeve for empt…
82b9102 
…y tree

fix circuits folder tests by adding nothing_up_to_my_sleeve for empty tree
@ctrlc03
Merge pull request #1 from chaosma/fix/audit
4b04cc6 
test(fix circuits folder tests)
@ctrlc03
test(circuits): fixed tallyVotes tests. WIP for ProcessMessages tests
2789ae6 
Removed unneeded creation of new message trees, and used the MaciState Poll ones.
@baumstern baumstern mentioned this pull request Nov 1, 2022
Closed
@baumstern

This comment was marked as resolved.

Sign in to view
@baumstern baumstern linked an issue Nov 7, 2022 that may be closed by this pull request
circuits unit test failure #538
Closed
ctrlc03 and others added 11 commits November 8, 2022 18:16
@ctrlc03
test(circuits): amending wrong parameters to circuit tests
5067310 
Refractoring of tests. Still one test erroring out on the circuit side
@chaosma
fix(core/ts/macistate.ts): fix nothing_up_to_my_sleeve bug in MaciSta…
3d2b21f 
…te.ts as well as unit tests

(1) fix nothing_up_to_my_sleeve bug in MaciState.ts (2) fix processMessage unit test in circuits
folder
@ctrlc03
Merge branch 'fix/audit' into audit-fix-1
eacfd1a
@ctrlc03
Merge pull request #2 from chaosma/audit-fix-1
b3eb645 
fix(core/ts/macistate.ts): fix nothing_up_to_my_sleeve bug in MaciSta…
@ctrlc03
test(maci): amended circuit tests as well as MaciState and genMaciState
f11011d 
Fixed test cases for circuits and other packages.
@chaosma
fix(fix insert placeholder leaf bug): fix issue related to first msg …
b4b9da1 
…leaf

(1) fix issue when insert NOTHING_UP_TO_MY_SLEEVE as first msg leaf (2) refactor part of Poll.sol
(3) catch decryption error during genMaciState if the message is incorrectly encrypted
@chaosma
minor fixes
71da7d2
@ctrlc03
Merge pull request #3 from chaosma/audit-fix-2
21340c9 
fix(insert placeholder leaf): insert place holder leaf
@ctrlc03
fix(maci): final fix to the tests
51e84f8 
Merged Chao fixes for correct enqueuing of the NOTHING_UP_MY_SLEEVE hash and amended Contract tests to fix the final issue.
@ctrlc03
refactor(maci): refactor code, upgrade to solidity 0.8.10, more tests
0c7801f 
Upgraded the contracts to solidity 0.8.10, refactored code and added some more tests

fix privacy-scaling-explorations#540
@baumstern
Update circomHelperConfig.json
132c895 
Revert the path to resolve circom binary path from CI side
@baumstern

This comment was marked as resolved.

Sign in to view
@ctrlc03
revert(pollyprocessandtallyer): revert changes
382e435 
Revert changes on PollyProcessorAndTallyer
@ctrlc03 ctrlc03 requested a review from daodesigner November 16, 2022 00:19
@daodesigner
Copy link
Contributor

PptE11 is ERROR_INVALID_SUBSIDY_PROOF. Not sure why the proof would be ok offchain but not verify onchain. Make sure vks /inputs line up. @chaosma could you take a look? Really would like to ship with the subsidy feature.

@ctrlc03
Copy link
Collaborator Author

ctrlc03 commented Nov 16, 2022

PptE11 is ERROR_INVALID_SUBSIDY_PROOF. Not sure why the proof would be ok offchain but not verify onchain. Make sure vks /inputs line up. @chaosma could you take a look? Really would like to ship with the subsidy feature.

@daodesigner I fixed by reverting some changes I made to the PPT contract, these were mostly gas optimizations which must have broken something.

@ctrlc03 ctrlc03 merged commit f2cef96 into privacy-scaling-explorations:v1 Nov 16, 2022
baumstern
baumstern reviewed Nov 17, 2022
View reviewed changes
package.json
"eslint": "^6.8.0",
"lerna": "^4.0.0",
"eslint": "^8.27.0",
"lerna": "^6.0.3",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mikerah Mikerah Mikerah requested changes

@baumstern baumstern baumstern left review comments

@daodesigner daodesigner Awaiting requested review from daodesigner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@ctrlc03 @baumstern @daodesigner @Mikerah @chaosma