Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit-202409 #24

Merged
merged 16 commits into from
Nov 28, 2024
Merged

Audit-202409 #24

merged 16 commits into from
Nov 28, 2024

Conversation

bluele
Copy link
Member

@bluele bluele commented Nov 18, 2024

No description provided.

@bluele
fix out-of-boundary access in LCPUtils::readBytesUntil()
b7c7d33 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
Merge pull request #23 from datachainlab/audit-202409-lcp-4
e073fa3 
LCP-4: Fix out-of-boundary access in `LCPUtils::readBytesUntil()`

Signed-off-by: Jun Kimura <[email protected]>
@bluele bluele added the audit label Nov 18, 2024
bluele added 10 commits November 20, 2024 15:18
@bluele
S2-1: add validations for NotePtr.getPtr()
0f3591d 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
S2-2: clarify meaning of the quote status check
a91d2b5 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
S2-6: fix to early return if the consensus state corresponding to `po…
1cb681c 
…stHeight`

Signed-off-by: Jun Kimura <[email protected]>
@bluele
S3-1: remove unnecessary offset calculation
dec14e8 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
Merge pull request #25 from datachainlab/audit-202409-s2-s3
870f57c 
Fix S2 and S3

Signed-off-by: Jun Kimura <[email protected]>
@bluele
S4: add gap storage
87eed10 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
Merge pull request #26 from datachainlab/audit-202409-s4
e7244ed 
S4: Add gap storage to `LCPClientBase` contract

Signed-off-by: Jun Kimura <[email protected]>
@bluele
fix parallel test execution
5910e55 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
Merge pull request #27 from datachainlab/fix-parallel-test
129a912 
Fix parallel test execution

Signed-off-by: Jun Kimura <[email protected]>
@bluele
tests: fix to check if staticcall is successful
86e5a24 
Signed-off-by: Jun Kimura <[email protected]>
bluele
bluele commented Nov 20, 2024
View reviewed changes
test/LCPClientTest.t.sol
// repeat updateClient to check the state is not changed
message = createUpdateClientMessage(dataList[i].path);
// staticcall is expected to succeed because updateClient does not update the state if the message is already processed
(bool success, bytes memory ret) = address(lc).staticcall(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should check if success is true here.
Fixed at 86e5a24

@bluele
S8: fix to remove unused code
30a68cb 
Signed-off-by: Jun Kimura <[email protected]>
@bluele
Merge pull request #28 from datachainlab/audit-202409-s8
1d9086c 
S8: fix to remove unused code

Signed-off-by: Jun Kimura <[email protected]>
@bluele
S2-3: improve validations for clientState.allowed_quote_statuses an…
bf2266a 
…d `clientState.allowed_advisory_ids`

Signed-off-by: Jun Kimura <[email protected]>
@bluele bluele marked this pull request as ready for review November 27, 2024 03:38
@bluele
Merge pull request #29 from datachainlab/audit-202409-s2-revise
43f92a7 
S2-3: improve validations for `clientState.allowed_quote_statuses` and `clientState.allowed_advisory_ids`

Signed-off-by: Jun Kimura <[email protected]>
@bluele bluele merged commit 0eef8cd into main Nov 28, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
audit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bluele