Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: mutable storage ISMs #4577

Merged
merged 19 commits into from
Nov 6, 2024
Merged

feat: mutable storage ISMs #4577

merged 19 commits into from
Nov 6, 2024

Conversation

yorhodes
Copy link
Member

@yorhodes yorhodes commented Sep 26, 2024

Description

Some chains like zkSync do not support eip1167 (minimal/meta) proxies. This PR adds an alternative storage based multisig and aggregation ISM for use on these chains.

Drive-by changes

Simplify CLI multisig interactive config builder. Remove stale multisig config.

Related issues

None

Backward compatibility

Yes, relayer already supports this module type

Testing

Contract unit tests
Manual CLI tests

Screenshot 2024-10-02 at 4 05 08 PM

Copy link

changeset-bot bot commented Sep 26, 2024

🦋 Changeset detected

Latest commit: b7a84cd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@hyperlane-xyz/cli Minor
@hyperlane-xyz/sdk Minor
@hyperlane-xyz/core Minor
@hyperlane-xyz/helloworld Minor
@hyperlane-xyz/infra Minor
@hyperlane-xyz/widgets Minor
@hyperlane-xyz/ccip-server Minor
@hyperlane-xyz/github-proxy Minor
@hyperlane-xyz/utils Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@@ -0,0 +1,63 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.8.0;

Check notice

Code scanning / Olympix Integrated Security

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma

abstract contract AbstractStorageMultisigIsm is AbstractMultisigIsm, Ownable {
address[] public validators;
uint8 public threshold;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables

constructor(
address[] memory _validators,
uint8 _threshold

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
AbstractMessageIdMultisigIsm,
AbstractStorageMultisigIsm
{
uint8 public constant moduleType =

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
uint8(IInterchainSecurityModule.Types.MESSAGE_ID_MULTISIG);

constructor(
address[] memory _validators,

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
Copy link

codecov bot commented Sep 26, 2024

Codecov Report

Attention: Patch coverage is 88.23529% with 4 lines in your changes missing coverage. Please review.

Project coverage is 74.58%. Comparing base (0264f70) to head (b7a84cd).
Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #4577      +/-   ##
==========================================
+ Coverage   74.27%   74.58%   +0.31%     
==========================================
  Files         101      103       +2     
  Lines        1481     1515      +34     
  Branches      192      195       +3     
==========================================
+ Hits         1100     1130      +30     
- Misses        360      364       +4     
  Partials       21       21              
Components Coverage Δ
core 84.61% <ø> (ø)
hooks 77.77% <ø> (ø)
isms 79.02% <87.87%> (+1.24%) ⬆️
token 89.01% <ø> (ø)
middlewares 77.58% <ø> (ø)

@@ -0,0 +1,9 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.8.0;

Check notice

Code scanning / Olympix Integrated Security

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma

constructor(
address[] memory _validators,
uint8 _threshold

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
}

contract StorageMerkleRootMultisigIsmFactory is StorageMultisigIsmFactory {
address internal immutable _implementation;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
}

contract StorageMessageIdMultisigIsmFactory is StorageMultisigIsmFactory {
address internal immutable _implementation;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
@yorhodes yorhodes marked this pull request as ready for review September 26, 2024 20:17
@yorhodes yorhodes changed the title feat: storage multisig ISM feat: mutable storage multisig ISM Sep 26, 2024
Copy link
Contributor

@nambrot nambrot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mostly did a cursory review, so would like @aroralanuk to take a deeper look for the approval

solidity/test/isms/MultisigIsm.t.sol Show resolved Hide resolved
typescript/cli/src/tests/multisig.test.ts Show resolved Hide resolved
@yorhodes yorhodes force-pushed the storage-multisig-ism branch from ce0e9a7 to b51f1d3 Compare October 22, 2024 20:38
@yorhodes yorhodes changed the base branch from main to audit-q3-2024 October 22, 2024 20:38
@yorhodes yorhodes changed the title feat: mutable storage multisig ISM feat: mutable storage ISMs Oct 23, 2024
@@ -0,0 +1,83 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.8.0;

Check notice

Code scanning / Olympix Integrated Security

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low

Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma
import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";

contract StorageAggregationIsm is AbstractAggregationIsm, OwnableUpgradeable {
address[] public modules;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
IThresholdAddressFactory,
PackageVersioned
{
address public immutable implementation;

Check warning

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
Copy link
Contributor

@aroralanuk aroralanuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Contracts look good

@yorhodes
Copy link
Member Author

yorhodes commented Nov 5, 2024

Copying audit feedback over

  1. It is recommended to use Ownable2stepUpgradeable instead of OwnableUpgradeable for StorageAggregationIsm and StorageMultisigIsm, as it can prevent transferring ownership to an incorrect address.
  2. It is recommended to emit an event in setModulesAndThreshold() for the values before the change.
  3. StorageAggregationIsm.setModulesAndThreshold() must check that _threshold is not zero. If threshold is set to zero, AbstractAggregationIsm.verify() will always revert.

address[] public modules;
uint8 public threshold;

event ModulesAndThresholdSet(address[] modules, uint8 threshold);

Check warning

Code scanning / Olympix Integrated Security

Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion Medium

Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion

event ModulesAndThresholdSet(address[] modules, uint8 threshold);

constructor(

Check notice

Code scanning / Olympix Integrated Security

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests
event ModulesAndThresholdSet(address[] modules, uint8 threshold);

constructor(
address[] memory _modules,

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor

constructor(
address[] memory _modules,
uint8 _threshold

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
address[] memory _modules,
uint8 _threshold
) public onlyOwner {
require(

Check warning

Code scanning / Olympix Integrated Security

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests
uint8 public constant moduleType =
uint8(IInterchainSecurityModule.Types.MESSAGE_ID_MULTISIG);

constructor(

Check notice

Code scanning / Olympix Integrated Security

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests
* @notice Emitted when a multisig module is deployed
* @param module The deployed ISM
*/
event ModuleDeployed(address module);

Check warning

Code scanning / Olympix Integrated Security

Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion Medium

Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion
contract StorageMerkleRootMultisigIsmFactory is StorageMultisigIsmFactory {
address internal immutable _implementation;

constructor() {

Check notice

Code scanning / Olympix Integrated Security

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests
contract StorageMessageIdMultisigIsmFactory is StorageMultisigIsmFactory {
address internal immutable _implementation;

constructor() {

Check notice

Code scanning / Olympix Integrated Security

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low

Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests
@@ -32,6 +36,10 @@
address[] calldata _values,
uint8 _threshold
) public returns (address) {
require(

Check warning

Code scanning / Olympix Integrated Security

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium

Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests
@yorhodes yorhodes force-pushed the storage-multisig-ism branch from eca30e7 to 13f0c35 Compare November 6, 2024 20:51
@yorhodes yorhodes changed the base branch from audit-q3-2024 to main November 6, 2024 20:56
@yorhodes yorhodes force-pushed the storage-multisig-ism branch from 13f0c35 to b7a84cd Compare November 6, 2024 21:03
@yorhodes yorhodes enabled auto-merge November 6, 2024 21:03
@yorhodes yorhodes added this pull request to the merge queue Nov 6, 2024
Merged via the queue into main with commit 8360602 Nov 6, 2024
36 checks passed
@yorhodes yorhodes deleted the storage-multisig-ism branch November 6, 2024 21:27
tiendn pushed a commit to tiendn/hyperlane-monorepo that referenced this pull request Jan 11, 2025
### Description

Some chains like zkSync do not support eip1167 (minimal/meta) proxies.
This PR adds an alternative storage based multisig and aggregation ISM
for use on these chains.

### Drive-by changes

Simplify CLI multisig interactive config builder. Remove stale multisig
config.

### Related issues

None

### Backward compatibility

Yes, relayer already supports this module type

### Testing

Contract unit tests
Manual CLI tests

![Screenshot 2024-10-02 at 4 05
08 PM](https://github.com/user-attachments/assets/c7fec896-ea7c-4fd9-a313-463168e66a82)
tiendn pushed a commit to tiendn/hyperlane-monorepo that referenced this pull request Jan 11, 2025
### Description

Some chains like zkSync do not support eip1167 (minimal/meta) proxies.
This PR adds an alternative storage based multisig and aggregation ISM
for use on these chains.

### Drive-by changes

Simplify CLI multisig interactive config builder. Remove stale multisig
config.

### Related issues

None

### Backward compatibility

Yes, relayer already supports this module type

### Testing

Contract unit tests
Manual CLI tests

![Screenshot 2024-10-02 at 4 05
08 PM](https://github.com/user-attachments/assets/c7fec896-ea7c-4fd9-a313-463168e66a82)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

4 participants