Merge pull request #343 from ava-labs/dev

Audit Fixes (#342)

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=1
 # Minor
 APPVERSION_N=1
 # Patch
-APPVERSION_P=1
+APPVERSION_P=2

app/rust/src/handlers/eth/personal_msg.rs

@@ -295,7 +295,6 @@ impl Viewable for SignUI {
             Ok(k) => k,
         };
 
-        // let (flags, sig_size, mut sig) = match Sign::sign(path, &self.hash[..]) {
         let (flags, sig_size, mut sig) = match Sign::sign(path, self.tx.msg()) {
             Err(e) => return (0, e as _),
             Ok(k) => k,

app/rust/src/parser/chain_id.rs

@@ -49,7 +49,7 @@ impl<'b> FromBytes<'b> for ChainId<'b> {
         //good ptr and no uninit reads
         let out = out.as_mut_ptr();
         unsafe {
-            addr_of_mut!((*out).0).write(&chain_id);
+            addr_of_mut!((*out).0).write(chain_id);
         }
 
         Ok(rem)

app/rust/src/parser/message.rs

@@ -184,7 +184,6 @@ impl<'b> FromBytes<'b> for Message<'b> {
 impl<'b> DisplayableItem for Message<'b> {
     fn num_items(&self) -> Result<u8, ViewError> {
         Ok(self.chunk_count)
-        // Ok(1)
     }
 
     fn render_item(

app/rust/src/parser/object_list.rs

@@ -243,9 +243,7 @@ where
 
         for _ in 0..index {
             // Attempt to parse the next object
-            if this.parse_next(&mut out).is_none() {
-                return None; // Return None if the index is out of bounds
-            }
+            this.parse_next(&mut out)?;
         }
 
         // Return the object at the specified index

app/rust/src/parser/transactions/pvm/banff/convert_subnet_to_l1.rs

@@ -43,6 +43,8 @@ pub struct ConvertSubnetToL1Tx<'b> {
     pub subnet_auth: SubnetAuth<'b>,
 }
 
+pub const BASE_FIELDS_LEN: u8 = 4;
+
 impl<'b> ConvertSubnetToL1Tx<'b> {
     /// Sums the balances of all L1 validators in the list.
     fn sum_validators_balances(&self) -> Result<u64, ParserError> {
@@ -136,7 +138,7 @@ impl<'b> FromBytes<'b> for ConvertSubnetToL1Tx<'b> {
 impl<'b> DisplayableItem for ConvertSubnetToL1Tx<'b> {
     fn num_items(&self) -> Result<u8, ViewError> {
         // tx description, chain_id, address, fee, validators
-        let num_validators = 4u8 + self.num_validators() as u8;
+        let num_validators = BASE_FIELDS_LEN + self.num_validators() as u8;
         Ok(num_validators)
     }
 

app/rust/src/parser/transactions/pvm/banff/register_l1_validator.rs

@@ -215,7 +215,7 @@ impl<'b> DisplayableItem for RegisterL1ValidatorTx<'b> {
                 out[..prefix.len()].copy_from_slice(&prefix[..]);
 
                 sz += hex_encode(
-                    self.disable_owner.addresses[x as usize - 5 - n_remain_addresses as usize],
+                    self.disable_owner.addresses[x as usize - 5 - n_remain_addresses],
                     &mut out[prefix.len()..],
                 )
                 .map_err(|_| ViewError::Unknown)?;

tests_zemu/package.json

@@ -17,43 +17,43 @@
   },
   "dependencies": {
     "@ethersproject/wallet": "^5.7.0",
-    "@types/node": "^22.10.0",
+    "@types/node": "^22.10.6",
     "@zondax/ledger-avalanche-app": "link:../js",
     "@zondax/zemu": "0.53.0",
-    "ethers": "^6.13.4"
+    "ethers": "^6.13.5"
   },
   "devDependencies": {
     "@ethereumjs/common": "^4.4.0",
     "@ethereumjs/rlp": "^5.0.2",
     "@ethereumjs/tx": "^5.4.0",
     "@ethereumjs/util": "^9.1.0",
-    "@ledgerhq/hw-app-eth": "6.41.1",
+    "@ledgerhq/hw-app-eth": "6.42.1",
     "@ledgerhq/hw-transport-node-hid": "^6.29.5",
     "@ledgerhq/logs": "^6.12.0",
     "@matteoh2o1999/github-actions-jest-reporter": "^3.0.0",
     "@types/bs58": "^4.0.4",
     "@types/elliptic": "^6.4.18",
     "@types/jest": "^29.5.14",
     "@types/ledgerhq__hw-transport": "^4.21.8",
-    "@typescript-eslint/eslint-plugin": "^8.16.0",
-    "@typescript-eslint/parser": "^8.16.0",
+    "@typescript-eslint/eslint-plugin": "^8.20.0",
+    "@typescript-eslint/parser": "^8.20.0",
     "bn.js": "^5.2.1",
     "bs58": "^6.0.0",
     "crypto-js": "4.2.0",
     "elliptic": "^6.6.1",
-    "eslint": "^9.15.0",
-    "eslint-config-prettier": "^9.1.0",
+    "eslint": "^9.18.0",
+    "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-jest": "^28.9.0",
+    "eslint-plugin-jest": "^28.10.0",
     "eslint-plugin-prettier": "^5.2.1",
     "jest": "^29.7.0",
     "jest-serial-runner": "^1.2.1",
     "js-sha256": "0.11.0",
     "jssha": "^3.3.1",
-    "prettier": "^3.4.0",
+    "prettier": "^3.4.2",
     "secp256k1": "^5.0.1",
     "ts-jest": "^29.2.5",
     "ts-node": "^10.9.2",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.3"
   }
 }