certusone
/
wormhole-icco
mirror of https://github.com/certusone/wormhole-icco.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
78 Commits 11 Branches 1 Tag 24 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
David Hyland-Wood a9015f132d
Added legal disclaimers 2024-03-22 06:27:20 +08:00
Karl Kempe 077be2ec0f
Update WHITEPAPER.md 2022-08-29 16:22:01 -05:00
Karl Kempe ce72b3a4df
More certik findings (#69) 
* LIB-01 | Possible to Use Incorrect Mint When Initializing a Sale

* LIB-02 | Denial-of-Service Attack Can Prevent Legitimate Sales From Initializing

* LIB-03 | Missing Owner Validation for `sale_token_mint`

* COT-02 | Uninitialized Token Accounts
 2022-08-26 16:31:08 -05:00
Reptile 77e588e613
EVM Certik Findings (#70) 
ICC-01

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-08-26 16:23:19 -05:00
Karl 89f44e8f75
Refactor SDK (#68) 
Add EVM Testnet and Solana Devnet Integration Tests
 2022-08-16 09:54:02 -05:00
Reptile b4122bf0f0
Halborn findings (#66) 
* HAL-06

* HAL-07

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-08-15 16:49:38 -05:00
Reptile b6475865cb
Update WHITEPAPER.md (#67) 
* Update WHITEPAPER.md

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
Co-authored-by: Karl <karlkempe@users.noreply.github.com>
 2022-08-15 16:44:51 -05:00
Reptile 88a2c064b4
Add Max Sale Token Check (#65) 
* Add max sale token cap

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-08-05 11:52:13 -05:00
Serguei 7553b24d9f
Feature: Certik: Solana sale KYC authority change, VAA from conductor. (#59) 
* Add KYC Authority Change Logic

* Clean up

* Add descriptive constraint errors; add VAA discriminator fix

Co-authored-by: skojenov <sekoje@users.noreply.github.com>
Co-authored-by: Karl Kempe <karlkempe@users.noreply.github.com>
 2022-08-04 11:50:19 -05:00
Serguei fef0dec3c3
Certik: Fix Solana Contributor's ATA Validation (#61) 
* Add Invalid Token Handling

* Clean up

Co-authored-by: skojenov <sekoje@users.noreply.github.com>
Co-authored-by: Karl Kempe <karlkempe@users.noreply.github.com>
 2022-08-03 13:31:34 -05:00
Drew 1b7bddb084
Add error code contract for the conductor (#63) 
Add ErrorCodes.sol

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-29 15:48:06 -05:00
Drew e83c3894bf
Halborn EVM Findings (#62) 
* Bricked sale fix

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-28 12:57:53 -05:00
Drew 48bfe64c5a
Certik Findings - EVM (#58) 
* 1655950359778 | Typos And Incorrect Comments

* 1655953286328 | Lack of Sanity Check

* 1656593105551 | No initialization of Logic contract upon deployment

* 1656945319261 | No Restriction on unlockTimestamp

* 1657145125788 | Maximum Values for Timestamps

* 1657507633611 | Potential bypass  signature check

* 1656485091637 | Lack of Checks for Fees Sent By Callers

* 1656594850101 | No storage gap in Logical contracts

* Codify require strings to reduce Conductor contract size

* 1656945408209 | Unable to modify the authority of the sale

* 1657398259114 | Lack of Validation on Associated Token Account

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-27 12:11:04 -05:00
Serguei 42b1482ad0
Certik Fixes (Solana) (#54) 
* Solana recommended improvements.

Co-authored-by: skojenov <sekoje@users.noreply.github.com>
 2022-07-22 15:39:51 -05:00
Drew d75e7ee3c3
Ownership can be transferred to an invalid address (#53) 
* Add ownership transfer pending state

* Reset pending owner to zero address after ownership transfer

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-19 12:46:13 -05:00
Serguei 6a5c688f53
buyer_token_acct we check it to be an ATA per halborn advice (#56) 
buyer_token_acct ata check for refunds added.

Co-authored-by: skojenov <sekoje@users.noreply.github.com>
 2022-07-19 12:42:23 -05:00
Drew 4d5b4012b9
Accepted tokens can be duplicated (#55) 
* Add check to duplicate tokens in createSale

* Add chainId check for duplicate accepted tokens

* Simplify duplicate token check

* Fix typo

* Gas optimization

* Add gas optimization to duplicate token check

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-19 12:09:48 -05:00
Drew 274d2c1f70
Halborn gas optimizations (#57) 
* Gas optimizations

* made token loops unchecked. Per Csongor

* Add gas optimizations to ICCOStructs.sol

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
Co-authored-by: skojenov <sekoje@users.noreply.github.com>
 2022-07-19 11:03:44 -05:00
Drew 2ec12cb68d
Fix reentrancy vulnerability in the conductor sealSale method (#52) 
* Add patch for reentrancy vulnerability

* Add removed event checks in icco.js

* Add comment about transfers in sealSale

* Fix bricked sale after reentrancy attack

* Add documentation to sealSale in Conductor.sol

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-15 13:04:59 -05:00
Drew c02bb7f74f
Update event testing and reformat icco.js (#50) 
* Update Event testing and reformat icco.js

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-07-08 15:29:53 -05:00
Yasir 2b3a3ae5ea
EVM Events Update for Contributor (#49) 
EVM Events Update

Co-authored-by: Yasir Iqbal <yasiriqbal776@gmail.com>
 2022-07-08 14:44:51 -05:00
Karl ca3e21c2c6
Fix Bridge Sealed Contribution (#47) 
* Fix transfer wrapped

* Add accepted mint check

* Update lib.rs
 2022-07-05 15:52:40 -05:00
Drew 6e112fae69
Zellic findings (#45) 
* 3.4 Precision loss in arithmetic operations

* 4.1 Reachable division-by-zero conditions

* 3.3 Potentially unsafe VM verification

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-06-27 09:36:10 -05:00
Serguei 18954fa765
Fix Custodian ATA Verification (#44) 
Co-authored-by: skojenov <sekoje@users.noreply.github.com>
Co-authored-by: Karl Kempe <karlkempe@users.noreply.github.com>
 2022-06-16 12:52:51 -05:00
Drew c97e36f6e3
Feature/fixed price sale (#43) 
Adding the following features:
* Fixed-price sale configuration
* Lock-drop (cannot claim allocation until after lock period ended)
* KYC per sale
* Claim excess as separate method (due to lock-drop for allocation)
* Events to EVM contracts

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
Co-authored-by: Karl Kempe <karlkempe@users.noreply.github.com>
Co-authored-by: skojenov <sekoje@users.noreply.github.com>
 2022-06-14 17:04:05 -05:00
Karl c54f4d830a
Solana ICCO Contract written using Anchor (#41) 
* Add Solana (Anchor) Program

Co-authored-by: spacemandev <devbharel@gmail.com>
Co-authored-by: Drew <dsterioti@users.noreply.github.com>
Co-authored-by: skojenov <sekoje@users.noreply.github.com>
 2022-06-13 20:13:47 -05:00
Drew 19910c7239
Evm upgrades and tests (#38) 
* Add event testing to icco.js

* Add testnet upgrade script

* Add wormhole fee to tests

* Generate Solana specific VAAs in Conductor.sol

* Add solana contract to testnet.json

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-31 10:00:32 -05:00
Drew 9c492e8d3a
EVM contract documentation and Solana support (#33) 
* Add support for Solana ATA and add EVM documentation

* Move authority check to verifySignature

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-24 10:18:17 -05:00
Jonathan Claudius a5263df65a
Remove Rust Audit (#37) 2022-05-24 10:07:11 -05:00
Jonathan Claudius ffa4de8011
Merge pull request #36 from certusone/try_rust-cargo-audit 
Experiment with Rust Cargo Audit action
 2022-05-20 13:38:38 -04:00
claudijd 39d2cef0f6
Experiment with Rust Cargo Audit action 2022-05-20 13:30:59 -04:00
Karl 0a049aea61
Fix config (#32) 2022-05-16 15:56:23 -05:00
Drew 599727796c
evm: refactor contributor saleSealed (#31) 
Refactor saleSealed in Contributor

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-16 15:52:28 -05:00
Jonathan Claudius c077353d27
Add Typescript to codeql (#29) 2022-05-16 15:37:10 -05:00
Drew 7045ed0a47
Upgrade elliptic to 6.5.4 (#30) 
Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-16 15:25:18 -05:00
Jonathan Claudius a9a6a4f6a2
Add codeql scanning (#28) 2022-05-16 14:44:20 -05:00
Jonathan Claudius b888640c1d
Add SECURITY.md (#27) 2022-05-16 14:43:34 -05:00
Drew 585f3eb2ca
EVM sdk import statement change (#26) 
* Fix sdk import

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-16 09:26:49 -05:00
Drew 4093b501f7
Evm documentation (#25) 
* Update documentation

* Update documentation

* Update WHITEPAPER.md

Co-authored-by: Drew <dsterioti@users.noreply.github.com>
 2022-05-13 17:57:48 -05:00
Karl 7723141077
Merge pull request #24 from certusone/evm 
Add testnet deployments and test application
 2022-05-13 16:00:21 -05:00
Drew 9bed2db5a4
Update README.md 2022-05-13 13:58:42 -05:00
Drew c3c731bebe
Update README.md 2022-05-13 13:55:18 -05:00
Drew b2cbfdcc92 Update README.md 2022-05-13 18:53:31 +00:00
Drew 577e0aa376 Fix truffle-config dependencies 2022-05-13 16:42:06 +00:00
Drew 174b7e4699 Update testnet chain registration script to take network arguments 2022-05-13 15:49:27 +00:00
Drew 8c3688f25a Add tokenDecimals to initSale struct 2022-05-13 15:12:34 +00:00
Drew 3ec8ab665e Merge branch 'evm' of github.com:certusone/wormhole-icco into evm 2022-05-13 14:56:54 +00:00
Karl Kempe 41ffdf6774 Fix Makefile 2022-05-13 14:56:18 +00:00
Karl Kempe d8c04b009c Fix Makefile 2022-05-13 14:50:19 +00:00
Karl Kempe 59d4cac2a5 Fix Makefile 2022-05-13 14:32:45 +00:00